PDFs account for 80% of all exploits in 2009

ThraxThrax 🐌Austin, TX Icrontian
edited February 2010 in Science & Tech

Comments

  • AnnesAnnes Tripped Up by Libidos and Hubris Alexandria, VA Icrontian
    edited February 2010
    I wish I could say I was surprised, but I'm not. I really wish I could get everyone in my company to use Foxit instead, but some of the silly vendors we use require it (I can't find a way around it, either.)

    But if PDFs are the exploited, does the reader really matter?
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited February 2010
    The PDFs exploit flaws in the reader, so I can presume that it does matter.
  • GHoosdumGHoosdum Icrontian
    edited February 2010
    I think it does matter, most of the web exploits are browser-specific... these PDF exploits are probably reader-specific. But that's just a guess.
  • KometeKomete Member
    edited February 2010
    Hrmmm... So should I get rid of adobe reader and go with Foxit?
  • GHoosdumGHoosdum Icrontian
    edited February 2010
    I recommend it for the performance-robbing potential of Adobe alone. I honestly had no idea about the exploits until this post.
  • edited February 2010
    Unfortunately Foxit does not work well with text selection tool and PDF forms for me. I recently went back to Adobe reader. I have disabled Java scripts and file attachments in the PDF files for security. Also disabled the two startup programs (AdobeARM and Speed Launcher). Version 9.3 is working fine for now and I do not see any speed difference compared to Foxit.
  • DrLiamDrLiam British Columbia
    edited February 2010
    I too have had a lot of problems with Foxit. There would be some pdfs that would refuse to open or foxit's editing tools would refuse to work. Yet the biggest problem for me was the embedded version for firefox, terrible. Six times out of ten the embedded foxit would either crash or the tools would not work. (Meaning I could not print!)
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited February 2010
    FoxIt has been a dreamy dreamboat of a PDF reader for me. :) I've been using it for years, and I'll never go back.
  • edited February 2010
    DrLiam wrote:
    I too have had a lot of problems with Foxit. There would be some pdfs that would refuse to open or foxit's editing tools would refuse to work. Yet the biggest problem for me was the embedded version for firefox, terrible. Six times out of ten the embedded foxit would either crash or the tools would not work. (Meaning I could not print!)

    With both readers, I disable the Firefox plugins as well. If there is a link to a PDF file, it should open in the PDF viewer's window. I hate it, really hate bloated software. Just a PDF viewer, and it marks every spot of my OS like a dog.
  • edited February 2010
    I wonder how well Sumatra performs against these exploits. I love it. Windows 7 & Firefox open source (FREE) software that works with a simple UI, yes it does exist.
  • AnnesAnnes Tripped Up by Libidos and Hubris Alexandria, VA Icrontian
    edited February 2010
    Foxit is quickly falling from my good graces with its increasing size and resource use. The attempts to install toolbars and add an ebay link to my desktop don't help, either.

    Does anyone here use Sumatra?
  • LincLinc Owner Detroit Icrontian
    edited February 2010
    This is accounting for number of exploits, not percentage of actual exploitation, right? So 80% of documented exploit methods may have targetted PDF, but that doesn't mean 80% of people who got pwnt had it happen through PDF. I'd be interested to see what those numbers are before I got all uptight about what reader I'm using.
  • LincLinc Owner Detroit Icrontian
    edited February 2010
    How awesome is it that the linked report is a PDF?

    I AM SCARED.
  • GHoosdumGHoosdum Icrontian
    edited February 2010
    Annes wrote:
    Foxit is quickly falling from my good graces with its increasing size and resource use. The attempts to install toolbars and add an ebay link to my desktop don't help, either.

    Does anyone here use Sumatra?

    I used Sumatra for a while before switching to Foxit, and I found it to be too lightweight. Since it didn't install anything to the registry, there was no file association, so opening any PDF with Sumatra was a matter of saving the PDF, loading Sumatra, then opening the PDF from inside the program.

    It may have improved since then. It certainly didn't have a problem displaying the PDFs.

    I agree with you that Foxit has too many associated stuff trying to install now.
Sign In or Register to comment.