If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#31
|
|||
|
|||
Adobe Reader substitute
Jo-Anne wrote:
On 9/21/2015 4:16 PM, Mayayana wrote: | form-filling, but I gather from the posts here that Sumatra doesn't. | No. It's very basic. Acrobat Reader used to be the same way. Thus the name *Reader*. I've heard that it now has limited capabilities for editing. I'm guessing they had to do that to keep up with the Joneses. Their original strategy was to offer the only PDF editor for a high price and then spread around the read-only Reader for free. Adobe also gave away Acrobat Pro 7 awhile back. they posted that plus Illustrator and Photoshop CS2 online with serial numbers. Originally there was a note saying people were only allowed to use those programs if they received them from Adobe. Later they changed the note and said they were only for people with existing licenses. I think the eventually required people to sign up for the download. I don't know where it stands now. If you care you might want to look around and see if there's a legal version to be had. But other programs, like PDF XV, are good enough if you only need functionality like adding notes or filling in tax forms. Thank you for the details, Mayayana. I do need to fill in tax forms and sometimes other forms, and I've been able to do that with Adobe Reader--although it's sometimes clunky. I'm looking forward to trying Foxit first and then PDF X-Change if I don't like Foxit. The security issues for Acrobat come from a couple places. 1) Original PS and PDF languages were prefaced around PostScript printer design. The language was given the capability to write to the hard drive inside the laser printer. Adding the ability to write the host file storage was later considered to be a bad thing. Thus a few command line parameters were added to programs like GhostScript, to turn off some of those I/O capabilities, and prevent documents from damaging whatever was attempting to interpret the document. 2) The second (weak) feature, was adding Javascript to the PDF standard. So a document could contain both languages. It was intended to allow developers to add whizzy features to documents, but from a security point of view, it's a disaster. The worst part of this, is that it is possible to write PDF code to generate an in-memory Javascript script. Then execute it. The PDF code can be obfuscated, so you cannot tell by looking at it, what the purpose of the code is. Things you can do: 1) In your browser, turn off "view in browser". At one time, the Acrobat plugin allowed documents to be interpreted straight off the Internet. Disable this. Change the MIME type to "prompt me" or "Save As" and take the PDF out of the browser. This might even allow your AV to sniff it. Even some of the browsers contain some level of checking for downloaded PDF files now, so before the file is officially made available on your disk, the browser may have carried out some kind of check. I don't know the details of what it does, but I have noted the delay when it is messing around. 2) Some browsers now have their own PDF interpreter right in the browser. While I would not expect that to honor Javascript, I would not take the chance, and would turn that off if I could. It might take a visit to Configuration Manager to stop it. 3) Now that you have limited your PDF activities to things like Foxit or Acrobat Reader application, the next stop is the Preferences in there. There is a preference to disable Javascript. With that disabled, it should stop the Javascript interpreter from being given any work to do. 4) Acrobat Reader and Foxit, may already have silently turned off writing to a local file system. So there may not be a setting for this. It doesn't matter which PDF reader you use for your desktop, as long as there has been some attention to these details. The few times I've installed Acrobat Reader from scratch, I don't think it defaulted to the "safe" Javascript setting, so you really should review the Preferences pane (even if it has 20 items to check, do it). I've had a couple of attempts here, to infect the machine with a Javascript-containing PDF file. How you can tell, is you open a web page, and immediately a "Save As" box pops up with "somefile.pdf" to be saved. The author of the web page, was hoping your in-browser plugin would immediately interpret the document, run the Javascript, and tip over the computer. In one case, I saved the file and did find Javascript near the end of the file. I can't read Javascript well enough, to tell you what the script proposed to do. But in terms of general security issues, I don't think that every situation has been covered all that well. The ability to write obfuscated PDF, where Javascript could be generated on the fly, that idea still bothers me. And I've never seen any discussion of how AV programs propose to stop things like that. Adobe should never have put Javascript there in the first place. Idiots. They should have realized the security implications and put a stop to it. Paul |
Ads |
#32
|
|||
|
|||
Adobe Reader substitute
"Jo-Anne" wrote in message ... On 9/21/2015 9:39 PM, George wrote: "Jo-Anne" wrote in message ... I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? -- Thank you, Jo-Anne Take a look at Nuance PDF Reader, what I like about it is that it lets you save filled-in forms, a feature that is often missing in other PDF programs. The free version is no longer available from the Nuance website, but you can get it from Softonic: http://nuance-pdf-reader.en.softonic.com/download When installing, watch for unwanted bloatware that you don't want. George Thank you, George. I didn't realize that some PDF readers won't let you save the filled-in forms. I'll check out Nuance, but does anyone know if Foxit and PDF X-Change let you save the filled-in forms? That's very important to me. PDF X-Change allows saving filled-in forms. I've used it numerous times for insurance forms over the years. Mayayana brought up a good point in one of his replies- I seem to remember also that the latest version of Reader does have nags. I'm still running an older version (2.5.0195.0), and it works fine still, so I see no need to update it yet. The older versions are here http://www.tracker-software.com/history/viewer_history.xml. I also noted on their website that Viewer has been superseded by Editor, which is now at v5.5.315, but the latest version of Viewer is available http://www.tracker-software.com/product/pdf-xchange-viewer, and is at v2.5.315. Phew, gets more confusing all the time, doesn't it :-( -- SC Tom |
#33
|
|||
|
|||
Adobe Reader substitute
"Jo-Anne" wrote in message
... On 9/21/2015 9:39 PM, George wrote: "Jo-Anne" wrote in message ... I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? -- Thank you, Jo-Anne Take a look at Nuance PDF Reader, what I like about it is that it lets you save filled-in forms, a feature that is often missing in other PDF programs. The free version is no longer available from the Nuance website, but you can get it from Softonic: http://nuance-pdf-reader.en.softonic.com/download When installing, watch for unwanted bloatware that you don't want. George Thank you, George. I didn't realize that some PDF readers won't let you save the filled-in forms. I'll check out Nuance, but does anyone know if Foxit and PDF X-Change let you save the filled-in forms? That's very important to me. Foxit lets you save fill-in forms. And print, of course. |
#34
|
|||
|
|||
Adobe Reader substitute
| It doesn't matter which PDF reader you use for your desktop, | as long as there has been some attention to these details. An advantage of Sumatra is that it's very basic. It renders graphics and text. That's it. It actually seems to be mostly just a wrapper around the OSS mupdf. That has optional script and form filling. But Sumatra has no settings for those things, so I'm guessing they haven't been implemented. I'm using v. 2.1.1, which I stick with because I recompiled it to bypass any PDF restrictions, but according to their website, while later versions have more options, there still doesn't seem to be anything related to script: http://www.sumatrapdfreader.org/settings.html Since 99% of PDF access is only to read, there's really no reason to risk script functionality, or even the extra size of form filling options. In that sense, Sumatra performs like Notepad -- no frills but it does the job most of the time, with a low memory footprint and low -- or no -- risk. |
#35
|
|||
|
|||
Adobe Reader substitute
On Mon, 21 Sep 2015 10:32:53 -0500, Jo-Anne
wrote: I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? Note that most of Adobe Reader's problems have to do with its use of Flash and scripting, so if you disable both in the reader, you get a good degree of security back with only a minimal loss of features. Nonetheless, the easier - and safer - method is to uninstall it entirely. Personally, I use Sumatra PDF http://www.sumatrapdfreader.org/free-pdf-reader.html as my go-to PDF reader, just because it is so lightweight and loads far faster than any of the alternatives. It manages this by being very feature-light (it's a very stripped down reader) but for most use-cases that's all you nee anyway. Occassionally I need something with a bit more options, in which case I fire up PDF XChange Viewer http://www.tracker-software.com/prod...xchange-viewer. Its OCR capabilities are surprisingly good for a free product (then again, I remember doing OCR twenty years ago when the software only recognized one or two fonts and could only handle a page at a time...). I used to use FoxIt PDF, but the company started getting pushy trying to upsell its other products and I ditched 'em. Of course, when I need a full-featured PDF editor I still fire up Adobe Acrobat Professional... but only while safely ensconced in its own VM ;-) |
#36
|
|||
|
|||
Adobe Reader substitute
| http://nuance-pdf-reader.en.softonic.com/download
| I went to the website. (Always better to download from the author rather than software listing sites, which are mostly fly-by-night operations these days and may not have the latest version.) http://www.nuance.com/products/pdf-reader/index.htm On that page I couldn't find a download link. When I then viewed the page with no style I saw this: "Nuance PDF Reader is no longer available. We now offer a 30-day free trial for Power PDF Advanced (retail value: $149.99)." So the Nuance PDF Reader may be like so many other products: Get it while it's hot. |
#37
|
|||
|
|||
Adobe Reader substitute
"Mayayana" wrote in message ... | http://nuance-pdf-reader.en.softonic.com/download | I went to the website. (Always better to download from the author rather than software listing sites, which are mostly fly-by-night operations these days and may not have the latest version.) http://www.nuance.com/products/pdf-reader/index.htm On that page I couldn't find a download link. When I then viewed the page with no style I saw this: "Nuance PDF Reader is no longer available. We now offer a 30-day free trial for Power PDF Advanced (retail value: $149.99)." So the Nuance PDF Reader may be like so many other products: Get it while it's hot. As I mentioned in my original post: "The free version is no longer available from the Nuance website, but you can get it from Softonic: http://nuance-pdf-reader.en.softonic.com/download " |
#38
|
|||
|
|||
Adobe Reader substitute
Mayayana wrote:
| http://nuance-pdf-reader.en.softonic.com/download | I went to the website. (Always better to download from the author rather than software listing sites, which are mostly fly-by-night operations these days and may not have the latest version.) http://www.nuance.com/products/pdf-reader/index.htm On that page I couldn't find a download link. When I then viewed the page with no style I saw this: "Nuance PDF Reader is no longer available. We now offer a 30-day free trial for Power PDF Advanced (retail value: $149.99)." So the Nuance PDF Reader may be like so many other products: Get it while it's hot. Or try here. https://nct.digitalriver.com/fulfill/0246.003 It sends an email to your inbox, with details on how to get it. It's a way for them to snag an email address. That leads here. 42.4MB. http://imagingcontent.nuance.com/PDF...er_English.exe The installer file version says "8.10.1302". I don't plan on installing it. 44,488,040 bytes MD5SUM 1c7cb476b4900423408fb4c80c68f349 SHA1SUM 91ee0557ec736a7c3bb081aa21f152c0241b31dd HTH, Paul |
#39
|
|||
|
|||
Adobe Reader substitute
On 09/21/2015 08:32 AM, Jo-Anne wrote:
I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? Hi Jo-Anne, I know this is not the question you asked, but I use the dickens out of Qoppa PDF Studio Pro: http://www.qoppa.com/pdfstudio/ It is pay software, but it is very well done and their tech support is extraordinary. For Tax forms, it allows mark up (comments), creation of fill in forms, and you can save fill in forms. My wife just went through a 48 page pension plan that I scanned in. I OCR'ed it making it searchable. The yellow highlighted and tore through the thing to find all the relevant information. (It has an excellent search tool.) If you decide to try the demo, it is unlimited. It just writes "demo" across every other page. Before I bought the think, I used it to search multi-hundred page technical manuals on industrial controllers. (I highlighted and marked the dickens out of them too.) Its only downfall I can find it that is does not handle dynamic XFA forms. -T |
#40
|
|||
|
|||
Adobe Reader substitute
| As I mentioned in my original post:
| | "The free version is no longer available from the Nuance | website, but you can get it from Softonic: | Woops. Sorry. I missed that. |
#41
|
|||
|
|||
Adobe Reader substitute
On 9/22/2015 6:34 AM, Paul wrote:
Jo-Anne wrote: On 9/21/2015 4:16 PM, Mayayana wrote: | form-filling, but I gather from the posts here that Sumatra doesn't. | No. It's very basic. Acrobat Reader used to be the same way. Thus the name *Reader*. I've heard that it now has limited capabilities for editing. I'm guessing they had to do that to keep up with the Joneses. Their original strategy was to offer the only PDF editor for a high price and then spread around the read-only Reader for free. Adobe also gave away Acrobat Pro 7 awhile back. they posted that plus Illustrator and Photoshop CS2 online with serial numbers. Originally there was a note saying people were only allowed to use those programs if they received them from Adobe. Later they changed the note and said they were only for people with existing licenses. I think the eventually required people to sign up for the download. I don't know where it stands now. If you care you might want to look around and see if there's a legal version to be had. But other programs, like PDF XV, are good enough if you only need functionality like adding notes or filling in tax forms. Thank you for the details, Mayayana. I do need to fill in tax forms and sometimes other forms, and I've been able to do that with Adobe Reader--although it's sometimes clunky. I'm looking forward to trying Foxit first and then PDF X-Change if I don't like Foxit. The security issues for Acrobat come from a couple places. 1) Original PS and PDF languages were prefaced around PostScript printer design. The language was given the capability to write to the hard drive inside the laser printer. Adding the ability to write the host file storage was later considered to be a bad thing. Thus a few command line parameters were added to programs like GhostScript, to turn off some of those I/O capabilities, and prevent documents from damaging whatever was attempting to interpret the document. 2) The second (weak) feature, was adding Javascript to the PDF standard. So a document could contain both languages. It was intended to allow developers to add whizzy features to documents, but from a security point of view, it's a disaster. The worst part of this, is that it is possible to write PDF code to generate an in-memory Javascript script. Then execute it. The PDF code can be obfuscated, so you cannot tell by looking at it, what the purpose of the code is. Things you can do: 1) In your browser, turn off "view in browser". At one time, the Acrobat plugin allowed documents to be interpreted straight off the Internet. Disable this. Change the MIME type to "prompt me" or "Save As" and take the PDF out of the browser. This might even allow your AV to sniff it. Even some of the browsers contain some level of checking for downloaded PDF files now, so before the file is officially made available on your disk, the browser may have carried out some kind of check. I don't know the details of what it does, but I have noted the delay when it is messing around. 2) Some browsers now have their own PDF interpreter right in the browser. While I would not expect that to honor Javascript, I would not take the chance, and would turn that off if I could. It might take a visit to Configuration Manager to stop it. 3) Now that you have limited your PDF activities to things like Foxit or Acrobat Reader application, the next stop is the Preferences in there. There is a preference to disable Javascript. With that disabled, it should stop the Javascript interpreter from being given any work to do. 4) Acrobat Reader and Foxit, may already have silently turned off writing to a local file system. So there may not be a setting for this. It doesn't matter which PDF reader you use for your desktop, as long as there has been some attention to these details. The few times I've installed Acrobat Reader from scratch, I don't think it defaulted to the "safe" Javascript setting, so you really should review the Preferences pane (even if it has 20 items to check, do it). I've had a couple of attempts here, to infect the machine with a Javascript-containing PDF file. How you can tell, is you open a web page, and immediately a "Save As" box pops up with "somefile.pdf" to be saved. The author of the web page, was hoping your in-browser plugin would immediately interpret the document, run the Javascript, and tip over the computer. In one case, I saved the file and did find Javascript near the end of the file. I can't read Javascript well enough, to tell you what the script proposed to do. But in terms of general security issues, I don't think that every situation has been covered all that well. The ability to write obfuscated PDF, where Javascript could be generated on the fly, that idea still bothers me. And I've never seen any discussion of how AV programs propose to stop things like that. Adobe should never have put Javascript there in the first place. Idiots. They should have realized the security implications and put a stop to it. Paul Thank you very much for all the detail, Paul. Since I haven't yet installed Foxit, I eventually found Acrobat on my computer (it doesn’t show up in “Search Programs and Files,” although I suppose I could just have opened a PDF file with it), located Preferences under “Edit,” and unchecked Javascript. I hope that'll help with security until I choose another program. I checked my browser, Firefox, and found four PDF applications under Tools | Options | Applications. Should I use "Save File" for all of them? They are Adobe Acrobat Forms Document (application/vnd.ad...) Adobe Acrobat Forms Document (application/vnd.fdf) Adobe Acrobat XML Data Package File Portable Document Format (PDF) Thank you again, -- Jo-Anne |
#42
|
|||
|
|||
Adobe Reader substitute
Jo-Anne wrote:
On 9/22/2015 6:34 AM, Paul wrote: Jo-Anne wrote: On 9/21/2015 4:16 PM, Mayayana wrote: | form-filling, but I gather from the posts here that Sumatra doesn't. | No. It's very basic. Acrobat Reader used to be the same way. Thus the name *Reader*. I've heard that it now has limited capabilities for editing. I'm guessing they had to do that to keep up with the Joneses. Their original strategy was to offer the only PDF editor for a high price and then spread around the read-only Reader for free. Adobe also gave away Acrobat Pro 7 awhile back. they posted that plus Illustrator and Photoshop CS2 online with serial numbers. Originally there was a note saying people were only allowed to use those programs if they received them from Adobe. Later they changed the note and said they were only for people with existing licenses. I think the eventually required people to sign up for the download. I don't know where it stands now. If you care you might want to look around and see if there's a legal version to be had. But other programs, like PDF XV, are good enough if you only need functionality like adding notes or filling in tax forms. Thank you for the details, Mayayana. I do need to fill in tax forms and sometimes other forms, and I've been able to do that with Adobe Reader--although it's sometimes clunky. I'm looking forward to trying Foxit first and then PDF X-Change if I don't like Foxit. The security issues for Acrobat come from a couple places. 1) Original PS and PDF languages were prefaced around PostScript printer design. The language was given the capability to write to the hard drive inside the laser printer. Adding the ability to write the host file storage was later considered to be a bad thing. Thus a few command line parameters were added to programs like GhostScript, to turn off some of those I/O capabilities, and prevent documents from damaging whatever was attempting to interpret the document. 2) The second (weak) feature, was adding Javascript to the PDF standard. So a document could contain both languages. It was intended to allow developers to add whizzy features to documents, but from a security point of view, it's a disaster. The worst part of this, is that it is possible to write PDF code to generate an in-memory Javascript script. Then execute it. The PDF code can be obfuscated, so you cannot tell by looking at it, what the purpose of the code is. Things you can do: 1) In your browser, turn off "view in browser". At one time, the Acrobat plugin allowed documents to be interpreted straight off the Internet. Disable this. Change the MIME type to "prompt me" or "Save As" and take the PDF out of the browser. This might even allow your AV to sniff it. Even some of the browsers contain some level of checking for downloaded PDF files now, so before the file is officially made available on your disk, the browser may have carried out some kind of check. I don't know the details of what it does, but I have noted the delay when it is messing around. 2) Some browsers now have their own PDF interpreter right in the browser. While I would not expect that to honor Javascript, I would not take the chance, and would turn that off if I could. It might take a visit to Configuration Manager to stop it. 3) Now that you have limited your PDF activities to things like Foxit or Acrobat Reader application, the next stop is the Preferences in there. There is a preference to disable Javascript. With that disabled, it should stop the Javascript interpreter from being given any work to do. 4) Acrobat Reader and Foxit, may already have silently turned off writing to a local file system. So there may not be a setting for this. It doesn't matter which PDF reader you use for your desktop, as long as there has been some attention to these details. The few times I've installed Acrobat Reader from scratch, I don't think it defaulted to the "safe" Javascript setting, so you really should review the Preferences pane (even if it has 20 items to check, do it). I've had a couple of attempts here, to infect the machine with a Javascript-containing PDF file. How you can tell, is you open a web page, and immediately a "Save As" box pops up with "somefile.pdf" to be saved. The author of the web page, was hoping your in-browser plugin would immediately interpret the document, run the Javascript, and tip over the computer. In one case, I saved the file and did find Javascript near the end of the file. I can't read Javascript well enough, to tell you what the script proposed to do. But in terms of general security issues, I don't think that every situation has been covered all that well. The ability to write obfuscated PDF, where Javascript could be generated on the fly, that idea still bothers me. And I've never seen any discussion of how AV programs propose to stop things like that. Adobe should never have put Javascript there in the first place. Idiots. They should have realized the security implications and put a stop to it. Paul Thank you very much for all the detail, Paul. Since I haven't yet installed Foxit, I eventually found Acrobat on my computer (it doesn’t show up in “Search Programs and Files,” although I suppose I could just have opened a PDF file with it), located Preferences under “Edit,” and unchecked Javascript. I hope that'll help with security until I choose another program. I checked my browser, Firefox, and found four PDF applications under Tools | Options | Applications. Should I use "Save File" for all of them? They are Adobe Acrobat Forms Document (application/vnd.ad...) Adobe Acrobat Forms Document (application/vnd.fdf) Adobe Acrobat XML Data Package File Portable Document Format (PDF) Thank you again, That's my objective, yes. Set them all to Save. At least avoid the temptation to open stuff directly in the browser. And if you say "I love to read PDF files directly in my browser", then that's your call. I don't know enough about AV design, to know whether every delivery scenario includes a chance to scan them. For example, with an in-browser design, they could download a page of PDF to memory and run it directly. And one reason for the Save method, is to note how "aggressive" the web site it. It's one thing to locate a PDF in a search engine, click the link and the PDF starts downloading right away. That's because the search engine linked directly to the file. I've had a couple sites, where you go to the home page, and like four PDF files try to download immediately. That sort of aggressive behavior, is evidence the PDF files need further examination before you read them. I don't even know of any useful examples of why a PDF must have Javsscript in it. So I could run into a case where a legit doc is prepared that way. At the moment, I have to classify a document with that in it, as a pest, because I haven't seen any examples of "good" usage. Paul |
#43
|
|||
|
|||
Adobe Reader substitute
On 9/23/2015 12:54 AM, Paul wrote:
Jo-Anne wrote: On 9/22/2015 6:34 AM, Paul wrote: Jo-Anne wrote: On 9/21/2015 4:16 PM, Mayayana wrote: | form-filling, but I gather from the posts here that Sumatra doesn't. | No. It's very basic. Acrobat Reader used to be the same way. Thus the name *Reader*. I've heard that it now has limited capabilities for editing. I'm guessing they had to do that to keep up with the Joneses. Their original strategy was to offer the only PDF editor for a high price and then spread around the read-only Reader for free. Adobe also gave away Acrobat Pro 7 awhile back. they posted that plus Illustrator and Photoshop CS2 online with serial numbers. Originally there was a note saying people were only allowed to use those programs if they received them from Adobe. Later they changed the note and said they were only for people with existing licenses. I think the eventually required people to sign up for the download. I don't know where it stands now. If you care you might want to look around and see if there's a legal version to be had. But other programs, like PDF XV, are good enough if you only need functionality like adding notes or filling in tax forms. Thank you for the details, Mayayana. I do need to fill in tax forms and sometimes other forms, and I've been able to do that with Adobe Reader--although it's sometimes clunky. I'm looking forward to trying Foxit first and then PDF X-Change if I don't like Foxit. The security issues for Acrobat come from a couple places. 1) Original PS and PDF languages were prefaced around PostScript printer design. The language was given the capability to write to the hard drive inside the laser printer. Adding the ability to write the host file storage was later considered to be a bad thing. Thus a few command line parameters were added to programs like GhostScript, to turn off some of those I/O capabilities, and prevent documents from damaging whatever was attempting to interpret the document. 2) The second (weak) feature, was adding Javascript to the PDF standard. So a document could contain both languages. It was intended to allow developers to add whizzy features to documents, but from a security point of view, it's a disaster. The worst part of this, is that it is possible to write PDF code to generate an in-memory Javascript script. Then execute it. The PDF code can be obfuscated, so you cannot tell by looking at it, what the purpose of the code is. Things you can do: 1) In your browser, turn off "view in browser". At one time, the Acrobat plugin allowed documents to be interpreted straight off the Internet. Disable this. Change the MIME type to "prompt me" or "Save As" and take the PDF out of the browser. This might even allow your AV to sniff it. Even some of the browsers contain some level of checking for downloaded PDF files now, so before the file is officially made available on your disk, the browser may have carried out some kind of check. I don't know the details of what it does, but I have noted the delay when it is messing around. 2) Some browsers now have their own PDF interpreter right in the browser. While I would not expect that to honor Javascript, I would not take the chance, and would turn that off if I could. It might take a visit to Configuration Manager to stop it. 3) Now that you have limited your PDF activities to things like Foxit or Acrobat Reader application, the next stop is the Preferences in there. There is a preference to disable Javascript. With that disabled, it should stop the Javascript interpreter from being given any work to do. 4) Acrobat Reader and Foxit, may already have silently turned off writing to a local file system. So there may not be a setting for this. It doesn't matter which PDF reader you use for your desktop, as long as there has been some attention to these details. The few times I've installed Acrobat Reader from scratch, I don't think it defaulted to the "safe" Javascript setting, so you really should review the Preferences pane (even if it has 20 items to check, do it). I've had a couple of attempts here, to infect the machine with a Javascript-containing PDF file. How you can tell, is you open a web page, and immediately a "Save As" box pops up with "somefile.pdf" to be saved. The author of the web page, was hoping your in-browser plugin would immediately interpret the document, run the Javascript, and tip over the computer. In one case, I saved the file and did find Javascript near the end of the file. I can't read Javascript well enough, to tell you what the script proposed to do. But in terms of general security issues, I don't think that every situation has been covered all that well. The ability to write obfuscated PDF, where Javascript could be generated on the fly, that idea still bothers me. And I've never seen any discussion of how AV programs propose to stop things like that. Adobe should never have put Javascript there in the first place. Idiots. They should have realized the security implications and put a stop to it. Paul Thank you very much for all the detail, Paul. Since I haven't yet installed Foxit, I eventually found Acrobat on my computer (it doesn’t show up in “Search Programs and Files,” although I suppose I could just have opened a PDF file with it), located Preferences under “Edit,” and unchecked Javascript. I hope that'll help with security until I choose another program. I checked my browser, Firefox, and found four PDF applications under Tools | Options | Applications. Should I use "Save File" for all of them? They are Adobe Acrobat Forms Document (application/vnd.ad...) Adobe Acrobat Forms Document (application/vnd.fdf) Adobe Acrobat XML Data Package File Portable Document Format (PDF) Thank you again, That's my objective, yes. Set them all to Save. At least avoid the temptation to open stuff directly in the browser. And if you say "I love to read PDF files directly in my browser", then that's your call. I don't know enough about AV design, to know whether every delivery scenario includes a chance to scan them. For example, with an in-browser design, they could download a page of PDF to memory and run it directly. And one reason for the Save method, is to note how "aggressive" the web site it. It's one thing to locate a PDF in a search engine, click the link and the PDF starts downloading right away. That's because the search engine linked directly to the file. I've had a couple sites, where you go to the home page, and like four PDF files try to download immediately. That sort of aggressive behavior, is evidence the PDF files need further examination before you read them. I don't even know of any useful examples of why a PDF must have Javsscript in it. So I could run into a case where a legit doc is prepared that way. At the moment, I have to classify a document with that in it, as a pest, because I haven't seen any examples of "good" usage. Paul Done--and it works well. I always save PDFs anyway, since they often don't look right in the browser. I clicked on an online PDF page to see what would happen, and it immediately was downloaded to my computer's Downloads folder. Very slick. One other question: Once a PDF is downloaded, I can scan it with Avira. Is that worth doing before opening it? -- Thank you again, Jo-Anne |
#44
|
|||
|
|||
Adobe Reader substitute
On 9/22/2015 7:16 AM, SC Tom wrote:
"Jo-Anne" wrote in message ... On 9/21/2015 9:39 PM, George wrote: "Jo-Anne" wrote in message ... I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? -- Thank you, Jo-Anne Take a look at Nuance PDF Reader, what I like about it is that it lets you save filled-in forms, a feature that is often missing in other PDF programs. The free version is no longer available from the Nuance website, but you can get it from Softonic: http://nuance-pdf-reader.en.softonic.com/download When installing, watch for unwanted bloatware that you don't want. George Thank you, George. I didn't realize that some PDF readers won't let you save the filled-in forms. I'll check out Nuance, but does anyone know if Foxit and PDF X-Change let you save the filled-in forms? That's very important to me. PDF X-Change allows saving filled-in forms. I've used it numerous times for insurance forms over the years. Mayayana brought up a good point in one of his replies- I seem to remember also that the latest version of Reader does have nags. I'm still running an older version (2.5.0195.0), and it works fine still, so I see no need to update it yet. The older versions are here http://www.tracker-software.com/history/viewer_history.xml. I also noted on their website that Viewer has been superseded by Editor, which is now at v5.5.315, but the latest version of Viewer is available http://www.tracker-software.com/product/pdf-xchange-viewer, and is at v2.5.315. Phew, gets more confusing all the time, doesn't it :-( Seems like it. In the past, I've just downloaded whatever Adobe says to--although I always retain "notify me" rather than letting it automatically update. I'm hoping I'll be able to comfortably use either Foxit or PDF X-Change and get rid of Adobe Reader. -- Jo-Anne |
#45
|
|||
|
|||
Adobe Reader substitute
On 9/22/2015 8:20 AM, Bruce Hagen wrote:
"Jo-Anne" wrote in message ... On 9/21/2015 9:39 PM, George wrote: "Jo-Anne" wrote in message ... I've used Adobe Reader for a long time. Given how insecure it's said to be, however, I'm wondering what to use for reading and printing PDFs. Suggestions? -- Thank you, Jo-Anne Take a look at Nuance PDF Reader, what I like about it is that it lets you save filled-in forms, a feature that is often missing in other PDF programs. The free version is no longer available from the Nuance website, but you can get it from Softonic: http://nuance-pdf-reader.en.softonic.com/download When installing, watch for unwanted bloatware that you don't want. George Thank you, George. I didn't realize that some PDF readers won't let you save the filled-in forms. I'll check out Nuance, but does anyone know if Foxit and PDF X-Change let you save the filled-in forms? That's very important to me. Foxit lets you save fill-in forms. And print, of course. Thank you, Bruce! I'll try installing it tomorrow (I've already downloaded it). -- Jo-Anne |
Thread Tools | |
Display Modes | Rate This Thread |
|
|