Name of file utility?

R.Wieser wrote:
Ken,

If I remember correctly, it defaults to that. The first
thing you should do with it, or any other programs,
is to go to its settings and change defaults you don't
want to what you do want.

That sounds good, but is a bit problematic: You have to start the program to
change its settings, and guess what the first thing the program attempts to
do (before you have a chance to change anything) ? Yep, you got it.

Yes, I understand that you didn't set it to do that, but
by not checking the defaults and changing them to what
you want, in effect you did.

I'm sorry, but with that "logic" you're presenting yourself as
untrustworthy. As an MVP you should have been aware of the above mentioned,
rather obvious, race condition.

End of communication I'm afraid. Goodbye.

Regards,
Rudy Wieser

But as a Rocket Scientist, you of course know
you can unplug the network cable, any time
an untrustworthy piece of software is being played
with. It certainly stops Windows Update in its
tracks :-) Then you can configure it, tease it,
torture it, and so on. Disable any update services.

Paul

Vanguard,

Thanks for your response.

Though I think we are talking from quite different starting points: You
accept all the cruft thats delivered with a program and try to limit its
reach, I myself try to simply keep it out (not have it) to begin with.

For example, there have been a couple occasions where
I did want to enable scripting because I knew the author
of the PDF and he was validating the input fields to eliminate
wasting time with boobs that enter the wrong data

The above is one of the reasons why I stressed "document viewer". I do not
want a PDF to behave like a browser (with all of its inherent security
issues).

Eliminates getting incorrectly filled-in forms

Nope. Believe me, it doesn't. If you can make a form which stops fools
from entering incorrect data they will simple come up with better fools. :-)

It also creates a *new* problem, where the filter can actually stop you from
entering true data, because it refuses to "believe" it is (like putting a
lower limit of 3 chars to a sirname. Not funny when your name is Hu, of
chineese decendancy).

The PDF feature that I hate most is the ability to
launch an action when loading a PDF.

In my viewer I tried to disable it (by erasing the command string in the
executable). Alas, the (string!) command seems to be used internally too,
so nothing worked anymore ...

Lastly, PDFs can have attachments of any filetype. I
configure my PDF viewer to not allow any attachments
other than PDFs

I assume that you are talking about in-webpage viewing of PDFs. I have
disabled that behaviour. I save first, and view (as far as the PDF viewer
is concerned) off-line.

Sounds like you have a problem with configuring the
settings of a program so it behaves how you want and
not the defaults which may conflict with your preferences.

Not really. And if I cannot figure settings out myself google is close by.
:-)

The "problem" I have is that I do not think its logical to have certain
functionality present in a program, only to have to put effort into it to
figure out to block it (permanently).

Also, as the complexity of a program goes up (even if the functionality
isn't used), the chance that some of it can be used in ways not ment/allowed
goes up too.

Sorry but I have not used uber-dumb PDF viewers of
which you request.

Still, thanks for the suggestions. I can't remember if I did check
SumatraPDF...

Since you didn't address using Google Chrome with its
built-in PDF viewer to eliminate further overhead of
installing a PDF viewer app,

I rather have several seperate programs. That way when one malfunctions I
can easily disable, or even uninstall it without having to disable
everything.

It also makes it possible to pick and combine the solutions *I* like best,
instead of having one big program where one part works great, but has
another part which doesn't -- for which I than have to install another app
anyway. :-\

With either web browser, there is no bloat to install
another PDF viewer. It's already in the web browser.

:-) Thereby bloating the webbrowser. I think I mentioned "feature creep"
before.

Regards,
Rudy Wieser


-- Origional message:
VanguardLH schreef in berichtnieuws
...
R.Wieser wrote:

Vanguard,

Scripting, attachments, and launch actions are part of the PDF
specification.

Of the *current* spec ? That might be true.

I don't know when scripting, attachments, or launch actions were added
to the PDF specification. Not really that interested in something that
showed up 6 years, or more, ago. If the author saves their .pdf in an
old PDF format then those features won't be available.

While 3rd party PDF viewer authors allow you to disable scripting, Adobe
added a sandbox to their Reader app which further restricts what
privileges their ECMAscript has and what changes it can make. I haven't
yet seen any of the 3rd party PDF viewers add a sandbox.


http://blogs.adobe.com/security/2010...er-protected-m
ode.html
(yep, dated back to 2009, so it's been there for awhile but needed
improvement in their first implementation)


http://www.adobe.com/devnet-docs/acr...ectedmode.html
and its links to:

https://helpx.adobe.com/acrobat/kb/p...ing-reader.htm
l

http://www.adobe.com/devnet-docs/acr...ctedmode.html#
read-policy-changes-for-11-0

I switched away from Adobe Reader a long time ago (so I don't remember
what version I was using back then) and went to PDF-Xchange Viewer which
was more secure because I could configure it that way: disable
Javascript (but prompt), disable launch action, and allow only .pdf
attachments in .pdf files. Note: I don't know if PDF-Xchange got around
to adding these same security settings in their Editor product that was
supposed to supercede their Viewer product. I asked about their absence
a long time ago, they said the options would show up, but I didn't
bother to wait and went back to their Viewer app. Eventually after
researching the sandbox (Protected Mode) and further throttling
(Enhanced Security), I decided Adobe Reader was more secure than
PDF-Xchange Viewer.

While you can read up on security vulnerabilities for Adobe Reader, you
can't find any published for PDF-Xchange Viewer. That doesn't mean
PDF-Xchange Viewer doesn't have any, only that you can't get info from
them about defects in their software. Because vulnerabilities have been
found in Adobe's sandbox implementation in the past, I configure Adobe
Reader to also use Enhanced Security (it's off, by default, when
installed because it interferes with the user's experience of using
Reader and reading the PDF.

Be aware, however, that using multiple levels of sandboxing can cause
problems. If, for example, you load Adobe Reader in another sandbox
(e.g., Avast's sandbox) that Adobe Reader won't work. I don't remember
the symptom but once I realized that Avast was sandboxing Adobe Reader
then my choice was to : (1) configure Avast not to sandbox Adobe
Reader's sandbox; or, (2) let Avast sandbox Adobe Reader and disable
Protected Mode in Adobe Reader. A sandbox in a sandbox will have
problems.

For Adobe Reader, I also enable Enhanced Security. You can read about
it at:


http://www.adobe.com/devnet-docs/acr...at_Enhanced_Se
curity_FAQ.pdf

That means PDFs are even more throttled. A yellow infobar shows up
telling me about the throttling so I can decide whether to decrease
security to gain more features of viewing the PDF.

Next to that I regard at least two of the above "features" as
security holes.

While I disable scripting, I understand where and why it is helpful.
The only places that I have found scripting used in PDFs is when the
author wants to valid the user's input in forms, like making sure they
enter a number in a numerical field and that its value is within the
range allowed. Eliminates getting incorrectly filled-in forms. The
only places I remember hitting such scripted PDFs were internal docs in
a company and gov't forms. Scripting makes for a smart PDF form instead
of hoping the user inputs the correct data.

The PDF feature that I hate most is the ability to launch an action when
loading a PDF. That is, when you load the PDF, it can have an action
(command) specified to launch. I disable that as I want to be informed
BEFORE any launch action is committed.

Lastly, PDFs can have attachments of any filetype. I configure my PDF
viewer to not allow any attachments other than PDFs. So a PDF can only
have a PDF attachment (which will load under the same security
restraints as configured in the viewer app).

If you use the defaults of ANY program then you have elected to have
someone else decide what setup of the program is best for you. If they
go to the trouble of providing you with options then go review them to
know how YOU want to use the program. For example, there have been a
couple occasions where I did want to enable scripting because I knew the
author of the PDF and he was validating the input fields to eliminate
wasting time with boobs that enter the wrong data. Afterward I disabled
scripting again. The PDF viewer is configured to prompt me if a PDF
wants to run a script so I can decide Yes or No. This is just like
configuring Windows Update to prompt when there are new updates but *I*
decide when to download and apply them.

Do you also use the defaults of 3rd party anti-virus or firewall
software you install on your computer? Sure, if you want their default
level of protection but not if you want to take advantage of more
advanced features which typically means more interference since security
and ease-of-use are the anti-thesis of each other.

Expect responses to duplicate your efforts in finding a PDF viewer
that you like since you didn't mention which ones you have already
reviewed.

Irrelevant. Suggesting *any* reader which includes either of those
features would be counterproductive, regardless of if I had already
seen it or not.

Sounds like you have a problem with configuring the settings of a
program so it behaves how you want and not the defaults which may
conflict with your preferences. Reviewing preferences or settings is
how you learn what the program can do. Have you ever reviewed the
settings available in your word processor?

Sorry but I have not used uber-dumb PDF viewers of which you request. I
Simply configure them the way that I want regarding security. I
mentioned SlimPDF because supposedly its focus is only to view and
printer PDFs, not to do anything else. With a file size of only 1.43
MB, I doubt it has the space to include code to perform Javascript
parsing and execution.

I only vaguely recall GsView (http://www.gsview.com/). I think it was
available as a download from the Ghostscript site when I trialed it. It
was a very basic PDF viewer; however, it is a 26MB download so it
doesn't seem a small viewer. They might include a copy of Ghostscript
(14 MB) instead of the installer optionlly downloading it and starting
its install. You can search Google Images to see what its GUI looks
like. It is nagwa nags when you load it. It can display only one
PDF page at a time. You have to hit the back and forward buttons to
move through the pages instead of using a scroll bar. After all, it's
just a GUI front-end to Ghostscript so buffering and scrolling are
features added in smarter viewers.

SumatraPDF, also already mentioned, is only a 4.3 MB download, so it may
be too small to include a Javascript interpreter. It's GUI is less
archaic than GSview's. http://www.sumatrapdfreader.org/manual.html says
it has an advanced mode to reduces the app's privileges or actions. It
also says "Editing interactive forms and adding comments is not
implemented" so my guess is that it does not support scripting (which is
required for "interactive" forms). You have to edit a settings.ini file
instead of using GUI menus with dialogs to select settings.

Since you didn't address using Google Chrome with its built-in PDF
viewer to eliminate further overhead of installing a PDF viewer app,
I'll assume you don't use Google Chrome. Firefox might be your choice
and that also comes with a built-in PDF viewer (pdf.js). PDF.js is an
Apache Javascript library to convert PDFs into HTML5 formatted docs.
With either web browser, there is no bloat to install another PDF
viewer. It's already in the web browser.

Paul,

But as a Rocket Scientist, ...

What would you rather do: Keep a thief out of your house, or invite/keep
inviting him in and having have to think about all the ways he could use to
do his "hobby", and how you can keep making sure that it doesn't happen
(locking the silverware up, together with wallets and all kinds of
car/house/etc. keys) ? One moment of distraction, one small mistake and
you loose (it) you know ...

I don't know about you, but I'm definitily choosing for the first option.
:-)

But yes, I had disconnected the cable for just that reason.

Disable any update services.

:-)

Regards,
Rudy Wieser


-- Origional message:
Paul schreef in berichtnieuws
...
R.Wieser wrote:
Ken,

If I remember correctly, it defaults to that. The first
thing you should do with it, or any other programs,
is to go to its settings and change defaults you don't
want to what you do want.

That sounds good, but is a bit problematic: You have to start the
program to
change its settings, and guess what the first thing the program attempts
to
do (before you have a chance to change anything) ? Yep, you got it.

Yes, I understand that you didn't set it to do that, but
by not checking the defaults and changing them to what
you want, in effect you did.

I'm sorry, but with that "logic" you're presenting yourself as
untrustworthy. As an MVP you should have been aware of the above
mentioned,
rather obvious, race condition.

End of communication I'm afraid. Goodbye.

Regards,
Rudy Wieser

But as a Rocket Scientist, you of course know
you can unplug the network cable, any time
an untrustworthy piece of software is being played
with. It certainly stops Windows Update in its
tracks :-) Then you can configure it, tease it,
torture it, and so on. Disable any update services.

Paul

R.Wieser wrote:

Vanguard,

Eliminates getting incorrectly filled-in forms

Nope. Believe me, it doesn't. If you can make a form which stops
fools from entering incorrect data they will simple come up with
better fools. :-)

Yes, it DOES reduce the number of invalid inputs. I didn't say the
error checking could not be surmounted since it depends on the
programmer who writes the checking code. It's easy to require a
specific data type in a field (e.g., numeric) and to ensure it is not a
negative value and that it is within a range of valid values. Beyond
that, just how is a user going to put in a text string or numeric values
not within range?

You know as well as do I that no one is going to bother adding script to
a PDF unless its intent is to do something the author wants, like
validating input. If you don't like what's put into a PDF, the real
culprit to complain at is the author of the PDF.

It also creates a *new* problem, where the filter can actually stop
you from entering true data, because it refuses to "believe" it is
(like putting a lower limit of 3 chars to a sirname. Not funny when
your name is Hu, of chineese decendancy).

Maybe that's why the form was coded not to accept 2-character names. ;-
I haven't seen a programmed (scripted) PDF that required more than 1
character for a name field. I've run across some of those and I could
just put in a single character for first and last name. The script did
check my name did not begin with a numeric or special character, like
007Bond or !Roger.

Lastly, PDFs can have attachments of any filetype. I configure my
PDF viewer to not allow any attachments other than PDFs

I assume that you are talking about in-webpage viewing of PDFs. I
have disabled that behaviour. I save first, and view (as far as the
PDF viewer is concerned) off-line.

Nope, I'm talking about the .pdf file itself can have a block of binary
strings which constitute an attachment WITHIN that .pdf file. Nothing
to do with the web. A .pdf file sitting on your hard disk can contain
an attachment (just like an e-mail can have an attachment which is just
a MIME part within the body of the e-mail containing a long encoded
string). So the .pdf file could carry along an .exe attachment that
someone could be fooled into running. I have yet to get a .pdf file
with an embedded attachment.

http://blogs.adobe.com/insidepdf/201...tachments.html

While .doc files have structure to track changes to a document (so you
can tell who changed what or, at least, what got changed from the prior
revision of the document), I don't recall ever hearing file versioning
was a feature of a PDF. So, as I've read, one purpose of attaching a
..pdf within a .pdf is to provide the altered .pdf but include a copy of
the original .pdf. More info below:

http://blogs.adobe.com/insidepdf/201...tachments.html

The "problem" I have is that I do not think its logical to have
certain functionality present in a program, only to have to put
effort into it to figure out to block it (permanently).

There are users that want the simplest or most basic functionality of a
viewer. While I use TrueCrypt, some users prefer the more simplistic
BestCrypt Portable (which is free, the full version is not) for securing
content inside a container.

Rarely have I seen programs that are built as a "cottage industry"
component model where you get to pick and chose what features it will
have. Usually for custom installs, you are omitting ancilliary
software, not eradicating a chunk of code in the executables for the
program itself. That's why settings are provided. To get the least
features (without involving settings) typically requires you find the
least featured program. That's why I figure the tiny PDF viewers would
have the fewest features.

Since you didn't address using Google Chrome with its built-in PDF
viewer to eliminate further overhead of installing a PDF viewer app,

I rather have several seperate programs. That way when one
malfunctions I can easily disable, or even uninstall it without
having to disable everything.

I also disable the in-browser (plug-in) option of any PDF viewer that I
use. I'd rather see the document in a separate viewer than buried in
the tabs of a web browser. To many documents getting melded together
under one app (web browser).

In fact, I got into that habit because PDF-Xchange Viewer has *2*
settings groups: one for the PDF viewer itself and a separate one for
the plug-in PDF viewer used in the web browser. I would change some
settings in the full program but they were not reflected in the plug-in
viewer. I had to make the same setting change in 2 places.

With either web browser, there is no bloat to install another PDF
viewer. It's already in the web browser.

As you've noted, feature creep has been a property of web browsers ever
since users moved away from Lynx or similar text-only web browsers.
Hell, web browsers are claiming HTML5 compatibility despite that not all
of HTML5 has been ratified and isn't expected to get ratified until
around 2020 to 2022.

I figure the tiny PDF viewers are those that won't have all the bell and
whistles to support all the features available in PDFs. If they are
tiny, they don't have room to include a Javascript interpreter. They
are too tiny to allow annotation in a PDF. And they're probably too
tiny to provide code to execute launch actions or extract the encoded
string within a PDF to get at an attachment internal to that PDF.

R.Wieser wrote:

Ken,

If I remember correctly, it defaults to that. The first thing you
should do with it, or any other programs, is to go to its settings
and change defaults you don't want to what you do want.

That sounds good, but is a bit problematic: You have to start the
program to change its settings, and guess what the first thing the
program attempts to do (before you have a chance to change anything)
? Yep, you got it.

If you install unknown software and are concerned that it performs an
update check or phones home for some other reason, tis easy to disable
the NIC in your computer. Most users have a tray icon showing activity
on the NIC, or eventually they enable the option to show the networking
tray icon. You can disable the Ethernet connection using the tray icon
(re-enabling takes a bit more effort). Powering off the router works,
too. Just because you are physically connected to a network doesn't
mean your host must send traffic there.

If you use 3rd party firewall software, most good ones can be configure
or by default will prompt you when a previous unauthorized process
attempts to make an outbound connection. While the Windows firewall is
primarily configured to guard against unsolicited inbound connections,
it can be configure to restrict outbound connection; however, it is a
pain to figure out why a program isn't working without a prompt about
the network block. http://www.sphinx-soft.com/Vista/order.html and
http://wokhan.online.fr/progs.php?sec=WFN give you prompts and more
control over how the Windows Firewall can be made more hospital in
controlling outbound connects; however, while it does not install any
software (that continues to run in the background, only to use the
events in Windows and change the configuration of the Windows Firewall),
I'd probably go with a 3rd party firewall. Usually those provide a tray
icon you can simply right-click on to disable it thereby block all
network traffic in or out.

Vanguard,

Eliminates getting incorrectly filled-in forms

Nope. Believe me, it doesn't

Yes, it DOES reduce the number of invalid inputs.

My apologies, but AFAIK "Eliminates" and "reduce" are not at all the same.
Not by a long shot. Although I could agree with the latter, I certainly do
not with the former.

Beyond that, just how is a user going to put in a text
string or numeric values not within range?

Thats exactly the problem: Although the person who created/mandated the
filter just *knows* the answer can only exist in a certain form, somewhere
there might very well be an exception, which than cannot be entered (see my
sirname example).

You know as well as do I that no one is going to bother
adding script to a PDF unless its intent is to do something
the author wants

Uhhmm... Duh ?

The question is, is that "author" someone just wanting to validate some
input, or some script-kiddie wanting to spread malware ? And how do I
recognise them, looking at the PDF, from each other ?

If you don't like what's put into a PDF, the real culprit to
complain at is the author of the PDF.

So you do not mind at all when your bank looses your banking data, as its
only the one abusing that information is to blame ? Really ?

But no. Athough the author of an malicious PDF would certainly be "the bad
guy(tm)" in the story, I myself would also be to blame for knowingly
allowing such a hackable program to exist on my 'puter. So I don't (if I
can help it). :-)

The script did check my name did not begin with a numeric
or special character, like 007Bond or !Roger.

Than that filter did certainly fail its purpose. Assuming that *noone* can
have a name which starts with a "special" character is ... ignorant.

Nope, I'm talking about the .pdf file itself can have a
block of binary strings which constitute an attachment
WITHIN that .pdf file.

Ah, thataway.

So the .pdf file could carry along an .exe attachment
that someone could be fooled into running

Well, thats a good reason not to have a PDF reader which will hand-off the
"execution" of (unknown) extensions to the OS (but only resolve and display
them within its own program), don't you think ?

I seem to remember that exactly that was the problem with a certain
webbrowser, where the an executable was given the (internal) type of a bit
of music. After handing of the "music" to the OS the OS looked at the
extension and executed it accordingly. Whoopsie!

And they're probably too tiny to provide code to execute
launch actions or extract the encoded string within a PDF
to get at an attachment internal to that PDF

Don't bet on that. A CreateProcess call needs only just a few bytes.
Converting a certain string into a binary form is part of what a PDF reader
already does ("flatdecode" and all that).

Regards,
Rudy Wieser


-- Origional message:
VanguardLH schreef in berichtnieuws
...
R.Wieser wrote:

Vanguard,

Eliminates getting incorrectly filled-in forms

Nope. Believe me, it doesn't. If you can make a form which stops
fools from entering incorrect data they will simple come up with
better fools. :-)

Yes, it DOES reduce the number of invalid inputs. I didn't say the
error checking could not be surmounted since it depends on the
programmer who writes the checking code. It's easy to require a
specific data type in a field (e.g., numeric) and to ensure it is not a
negative value and that it is within a range of valid values. Beyond
that, just how is a user going to put in a text string or numeric values
not within range?

You know as well as do I that no one is going to bother adding script to
a PDF unless its intent is to do something the author wants, like
validating input. If you don't like what's put into a PDF, the real
culprit to complain at is the author of the PDF.

It also creates a *new* problem, where the filter can actually stop
you from entering true data, because it refuses to "believe" it is
(like putting a lower limit of 3 chars to a sirname. Not funny when
your name is Hu, of chineese decendancy).

Maybe that's why the form was coded not to accept 2-character names. ;-
I haven't seen a programmed (scripted) PDF that required more than 1
character for a name field. I've run across some of those and I could
just put in a single character for first and last name. The script did
check my name did not begin with a numeric or special character, like
007Bond or !Roger.

Lastly, PDFs can have attachments of any filetype. I configure my
PDF viewer to not allow any attachments other than PDFs

I assume that you are talking about in-webpage viewing of PDFs. I
have disabled that behaviour. I save first, and view (as far as the
PDF viewer is concerned) off-line.

Nope, I'm talking about the .pdf file itself can have a block of binary
strings which constitute an attachment WITHIN that .pdf file. Nothing
to do with the web. A .pdf file sitting on your hard disk can contain
an attachment (just like an e-mail can have an attachment which is just
a MIME part within the body of the e-mail containing a long encoded
string). So the .pdf file could carry along an .exe attachment that
someone could be fooled into running. I have yet to get a .pdf file
with an embedded attachment.

http://blogs.adobe.com/insidepdf/201...tachments.html

While .doc files have structure to track changes to a document (so you
can tell who changed what or, at least, what got changed from the prior
revision of the document), I don't recall ever hearing file versioning
was a feature of a PDF. So, as I've read, one purpose of attaching a
.pdf within a .pdf is to provide the altered .pdf but include a copy of
the original .pdf. More info below:

http://blogs.adobe.com/insidepdf/201...tachments.html

The "problem" I have is that I do not think its logical to have
certain functionality present in a program, only to have to put
effort into it to figure out to block it (permanently).

There are users that want the simplest or most basic functionality of a
viewer. While I use TrueCrypt, some users prefer the more simplistic
BestCrypt Portable (which is free, the full version is not) for securing
content inside a container.

Rarely have I seen programs that are built as a "cottage industry"
component model where you get to pick and chose what features it will
have. Usually for custom installs, you are omitting ancilliary
software, not eradicating a chunk of code in the executables for the
program itself. That's why settings are provided. To get the least
features (without involving settings) typically requires you find the
least featured program. That's why I figure the tiny PDF viewers would
have the fewest features.

Since you didn't address using Google Chrome with its built-in PDF
viewer to eliminate further overhead of installing a PDF viewer app,

I rather have several seperate programs. That way when one
malfunctions I can easily disable, or even uninstall it without
having to disable everything.

I also disable the in-browser (plug-in) option of any PDF viewer that I
use. I'd rather see the document in a separate viewer than buried in
the tabs of a web browser. To many documents getting melded together
under one app (web browser).

In fact, I got into that habit because PDF-Xchange Viewer has *2*
settings groups: one for the PDF viewer itself and a separate one for
the plug-in PDF viewer used in the web browser. I would change some
settings in the full program but they were not reflected in the plug-in
viewer. I had to make the same setting change in 2 places.

With either web browser, there is no bloat to install another PDF
viewer. It's already in the web browser.

As you've noted, feature creep has been a property of web browsers ever
since users moved away from Lynx or similar text-only web browsers.
Hell, web browsers are claiming HTML5 compatibility despite that not all
of HTML5 has been ratified and isn't expected to get ratified until
around 2020 to 2022.

I figure the tiny PDF viewers are those that won't have all the bell and
whistles to support all the features available in PDFs. If they are
tiny, they don't have room to include a Javascript interpreter. They
are too tiny to allow annotation in a PDF. And they're probably too
tiny to provide code to execute launch actions or extract the encoded
string within a PDF to get at an attachment internal to that PDF.