skip navigation

PDF Document Management Software, Services & Support
Server Desktop Services Support Why Us? About Us

The Latest

SecurSign 5 Now Available! Includes Signature Validation to Detect Tampering.
Lansdowne, PA (July 13, 2011)
Encrypt, digitally sign and verify digital signatures on PDF documents.

Redax 5: Advanced Redaction for PDF Documents
Tuesday, March 22, 2011
The latest Redax adds new patterns, regular expressions and more!

Staying Safe with PDF

Back to Talking PDF

Monday, January 11, 2010

Recent news accounts have highlighted some security vulnerabilities in current releases of Adobe Acrobat and Adobe Reader, with the latest such vulnerability to be addressed (Adobe says) in an update due out January 12.

Very little public information out there offers readers a useful sense of the risks and how to mitigate them.  The common refrain is to "deactivate JavaScript", but that's lousy general advice (because it only applies in some cases), and doesn't really put the issue in context, or help you deal with the real problem.  Deactivating JavaScript is like refusing to drive your car because one of the tail-lights is out.

Bottom Line:  All the "nasty" PDF stuff you've been reading about requires that a user (ie, you) opens a so-called "malicious" document, whereupon all sorts of horrible things could theoretically start to happen.

The thing to remember here is simple.  In order for a PDF to be nasty, it must have originated from someone nasty, which is to say, someone unknown to you with no plausible reason for sending you some random PDF.

As such, the most basic - and important - precaution you can take is simply not open files from sources you don't already trust (ie, you don't worry about them deliberately sending you a virus).

Now - this isn't exactly news. Elementary computer security that everyone should know before they open their first email account goes something like: "Never open attachments to emails when the source is unknown to you."

As for PDF files found on legitimate websites - don't worry about it.  Sure, there's a possibility that some clever evildoer has managed to post their own nasty PDFs on someone else's website - but (and this is the point) - PDF is no worse than any other format in this regard, and in fact, it's a lot BETTER than many other common formats.

If you MUST open a PDF from someone you've never heard of who has no other reason to be sending it to you, ask yourself "Why would I do that?"  A corollary: If a website tries to make you open a PDF file that you didn't explicitly request - don't open it!

Here's an extended discussion on the issue with the head of Adobe Security.

Postscript:  The folks in the Shameless Commerce division wanted me to remind you that Appligent Document Solutions produces server software called APActiveCheck, which allows enterprises to detect active content in PDF files using a server-based tool.
Server Desktop Services Support Why Us? About Us
AppendPDF
AppendPDF Pro
FDFMerge
FDFMerge Lite
pdfHarmony
Redax Enterprise Server
SecurSign
StampPDF Batch
APCrypt
APJavaScript
APSplit
APGetInfo
pdfAPilot Server 2
 Redax
StampPDF plugin
StampPDF DE
AppendPDF DE
APSplit DE
 PDF Forms
Designer/XFA Forms
PDF JavaScript
PDF Accessibility
Section 508
Publication Scanning
CD/DVD-ROMs
Custom Development		 Software Support Policy
Technical Support
Product Documentation
FAQs
Sample Scripts
PDF Glossary
Contact Support

Talking PDF
Appligent Labs		 Customers
Testimonials
Case Studies
Cost Effectiveness
Innovation
PDF Standards
Experience
 Mission
History
People
Partners
Contact Us
News & Events
Site Accessibility
Site Index
 
Site Accessibility | Email the WebAdmin
Valid HTML 4.01! Section 508 Compliance logo