Adobe PDF files were supposed to be a safe alternative to Microsoft Word documents in a time when Microsoft offered no effective protection against macro viruses and had virtually no security model in Office at all. Times change. Microsoft Word documents rarely spread macro viruses and have not for a long time if you are using versions of Word newer than Office XP.
In a dazzling display of arrogant refusal to learn from history, Adobe has configured their products for inferior security by deliberately choosing not to learn security lessons that Microsoft learned years ago.
Security flaws in Adobe reader and Adobe Acrobat are a major problem, but in most cases the technology that allows the exploits to work is JavaScript. Adobe Reader and Acrobat support JavaScript and insanely leave it enabled by default. In practice most PDFs do not require JavaScript and many that do are quite usable without it anyway.
If you want to do something simple to help protect yourself against drive-by malware infections – the kind where you simply go to a webpage and get infected, then disable JavaScript in Acrobat and Reader.
In Adobe Reader version 9, you go to the edit menu, select preferences, then JavaScript, and then uncheck the box that says “Enable Acrobat JavaScript”.
This is how Adobe would set the defaults if they listened to their security experts instead of the marketing department.
While you’re at it, it doesn’t hurt to go to the help menu and check for updates too!
Randy Abrams
Director of Technical Education
