Adobe Reader substitute

Jo-Anne wrote:
On 9/21/2015 4:16 PM, Mayayana wrote:
| form-filling, but I gather from the posts here that Sumatra doesn't.
|
No. It's very basic. Acrobat Reader used to be
the same way. Thus the name *Reader*. I've
heard that it now has limited capabilities for
editing. I'm guessing they had to do that to keep
up with the Joneses. Their original strategy was
to offer the only PDF editor for a high price and then
spread around the read-only Reader for free.

Adobe also gave away Acrobat Pro 7 awhile back.
they posted that plus Illustrator and Photoshop CS2
online with serial numbers. Originally there was a note
saying people were only allowed to use those programs
if they received them from Adobe. Later they changed
the note and said they were only for people with
existing licenses. I think the eventually required
people to sign up for the download. I don't know where
it stands now. If you care you might want to look
around and see if there's a legal version to be had.
But other programs, like PDF XV, are good enough if
you only need functionality like adding notes or
filling in tax forms.


Thank you for the details, Mayayana. I do need to fill in tax forms and
sometimes other forms, and I've been able to do that with Adobe
Reader--although it's sometimes clunky. I'm looking forward to trying
Foxit first and then PDF X-Change if I don't like Foxit.


The security issues for Acrobat come from a couple places.

1) Original PS and PDF languages were prefaced around PostScript
printer design. The language was given the capability to write
to the hard drive inside the laser printer.

Adding the ability to write the host file storage was later
considered to be a bad thing. Thus a few command line parameters
were added to programs like GhostScript, to turn off some of those
I/O capabilities, and prevent documents from damaging whatever was
attempting to interpret the document.

2) The second (weak) feature, was adding Javascript to the PDF
standard. So a document could contain both languages. It was
intended to allow developers to add whizzy features to documents,
but from a security point of view, it's a disaster.

The worst part of this, is that it is possible to write PDF
code to generate an in-memory Javascript script. Then execute it.
The PDF code can be obfuscated, so you cannot tell by looking at
it, what the purpose of the code is.

Things you can do:

1) In your browser, turn off "view in browser". At one time, the
Acrobat plugin allowed documents to be interpreted straight off
the Internet. Disable this. Change the MIME type to "prompt me"
or "Save As" and take the PDF out of the browser. This might even
allow your AV to sniff it. Even some of the browsers contain
some level of checking for downloaded PDF files now, so before
the file is officially made available on your disk, the browser
may have carried out some kind of check. I don't know the details
of what it does, but I have noted the delay when it is messing around.

2) Some browsers now have their own PDF interpreter right in the
browser. While I would not expect that to honor Javascript,
I would not take the chance, and would turn that off if I could.
It might take a visit to Configuration Manager to stop it.

3) Now that you have limited your PDF activities to things like
Foxit or Acrobat Reader application, the next stop is the
Preferences in there. There is a preference to disable Javascript.
With that disabled, it should stop the Javascript interpreter from
being given any work to do.

4) Acrobat Reader and Foxit, may already have silently turned off
writing to a local file system. So there may not be a setting
for this.

It doesn't matter which PDF reader you use for your desktop,
as long as there has been some attention to these details.
The few times I've installed Acrobat Reader from scratch,
I don't think it defaulted to the "safe" Javascript setting,
so you really should review the Preferences pane (even if
it has 20 items to check, do it).

I've had a couple of attempts here, to infect the machine with
a Javascript-containing PDF file. How you can tell, is you open
a web page, and immediately a "Save As" box pops up with
"somefile.pdf" to be saved. The author of the web page, was
hoping your in-browser plugin would immediately interpret
the document, run the Javascript, and tip over the computer.
In one case, I saved the file and did find Javascript near
the end of the file. I can't read Javascript well enough, to
tell you what the script proposed to do.

But in terms of general security issues, I don't
think that every situation has been covered all that
well. The ability to write obfuscated PDF, where Javascript
could be generated on the fly, that idea still bothers me.
And I've never seen any discussion of how AV programs propose
to stop things like that.

Adobe should never have put Javascript there in the first place.
Idiots. They should have realized the security implications and
put a stop to it.

Paul

"Jo-Anne" wrote in message
...
On 9/21/2015 9:39 PM, George wrote:
"Jo-Anne" wrote in message
...
I've used Adobe Reader for a long time. Given how insecure it's said
to be, however, I'm wondering what to use for reading and printing
PDFs. Suggestions?

--
Thank you,
Jo-Anne

Take a look at Nuance PDF Reader, what I like about it is that it lets
you save filled-in forms, a feature that is often missing in other PDF
programs. The free version is no longer available from the Nuance
website, but you can get it from Softonic:

http://nuance-pdf-reader.en.softonic.com/download

When installing, watch for unwanted bloatware that you don't want.

George


Thank you, George. I didn't realize that some PDF readers won't let you
save the filled-in forms. I'll check out Nuance, but does anyone know if
Foxit and PDF X-Change let you save the filled-in forms? That's very
important to me.

PDF X-Change allows saving filled-in forms. I've used it numerous times for
insurance forms over the years.

Mayayana brought up a good point in one of his replies- I seem to remember
also that the latest version of Reader does have nags. I'm still running an
older version (2.5.0195.0), and it works fine still, so I see no need to
update it yet. The older versions are here
http://www.tracker-software.com/history/viewer_history.xml.

I also noted on their website that Viewer has been superseded by Editor,
which is now at v5.5.315, but the latest version of Viewer is available
http://www.tracker-software.com/product/pdf-xchange-viewer, and is at
v2.5.315. Phew, gets more confusing all the time, doesn't it :-(
--
SC Tom

"Jo-Anne" wrote in message
...
On 9/21/2015 9:39 PM, George wrote:
"Jo-Anne" wrote in message
...
I've used Adobe Reader for a long time. Given how insecure it's said
to be, however, I'm wondering what to use for reading and printing
PDFs. Suggestions?

--
Thank you,
Jo-Anne

Take a look at Nuance PDF Reader, what I like about it is that it lets
you save filled-in forms, a feature that is often missing in other PDF
programs. The free version is no longer available from the Nuance
website, but you can get it from Softonic:

http://nuance-pdf-reader.en.softonic.com/download

When installing, watch for unwanted bloatware that you don't want.

George


Thank you, George. I didn't realize that some PDF readers won't let you
save the filled-in forms. I'll check out Nuance, but does anyone know if
Foxit and PDF X-Change let you save the filled-in forms? That's very
important to me.



Foxit lets you save fill-in forms. And print, of course.

| It doesn't matter which PDF reader you use for your desktop,
| as long as there has been some attention to these details.

An advantage of Sumatra is that it's very basic.
It renders graphics and text. That's it. It actually
seems to be mostly just a wrapper around the OSS
mupdf. That has optional script and form filling. But
Sumatra has no settings for those things, so I'm
guessing they haven't been implemented.

I'm using v. 2.1.1, which I stick with because I
recompiled it to bypass any PDF restrictions, but
according to their website, while later versions
have more options, there still doesn't seem to be
anything related to script:

http://www.sumatrapdfreader.org/settings.html

Since 99% of PDF access is only to read, there's
really no reason to risk script functionality, or even
the extra size of form filling options. In that sense,
Sumatra performs like Notepad -- no frills but it
does the job most of the time, with a low memory
footprint and low -- or no -- risk.

On Mon, 21 Sep 2015 10:32:53 -0500, Jo-Anne
wrote:

I've used Adobe Reader for a long time. Given how insecure it's said to
be, however, I'm wondering what to use for reading and printing PDFs.
Suggestions?

Note that most of Adobe Reader's problems have to do with its use of
Flash and scripting, so if you disable both in the reader, you get a
good degree of security back with only a minimal loss of features.
Nonetheless, the easier - and safer - method is to uninstall it
entirely.

Personally, I use Sumatra PDF
http://www.sumatrapdfreader.org/free-pdf-reader.html as my go-to PDF
reader, just because it is so lightweight and loads far faster than
any of the alternatives. It manages this by being very feature-light
(it's a very stripped down reader) but for most use-cases that's all
you nee anyway.

Occassionally I need something with a bit more options, in which case
I fire up PDF XChange Viewer
http://www.tracker-software.com/prod...xchange-viewer. Its OCR
capabilities are surprisingly good for a free product (then again, I
remember doing OCR twenty years ago when the software only recognized
one or two fonts and could only handle a page at a time...). I used to
use FoxIt PDF, but the company started getting pushy trying to upsell
its other products and I ditched 'em.

Of course, when I need a full-featured PDF editor I still fire up
Adobe Acrobat Professional... but only while safely ensconced in its
own VM ;-)

| http://nuance-pdf-reader.en.softonic.com/download
|

I went to the website. (Always better to download
from the author rather than software listing sites, which
are mostly fly-by-night operations these days and may
not have the latest version.)

http://www.nuance.com/products/pdf-reader/index.htm

On that page I couldn't find a download link. When I
then viewed the page with no style I saw this:

"Nuance PDF Reader is no longer available.
We now offer a 30-day free trial for Power PDF Advanced (retail value:
$149.99)."

So the Nuance PDF Reader may be like so many
other products: Get it while it's hot.

"Mayayana" wrote in message
...
| http://nuance-pdf-reader.en.softonic.com/download
|

I went to the website. (Always better to download
from the author rather than software listing sites, which
are mostly fly-by-night operations these days and may
not have the latest version.)

http://www.nuance.com/products/pdf-reader/index.htm

On that page I couldn't find a download link. When I
then viewed the page with no style I saw this:

"Nuance PDF Reader is no longer available.
We now offer a 30-day free trial for Power PDF Advanced (retail
value:
$149.99)."

So the Nuance PDF Reader may be like so many
other products: Get it while it's hot.


As I mentioned in my original post:

"The free version is no longer available from the Nuance
website, but you can get it from Softonic:

http://nuance-pdf-reader.en.softonic.com/download "

Mayayana wrote:
| http://nuance-pdf-reader.en.softonic.com/download
|

I went to the website. (Always better to download
from the author rather than software listing sites, which
are mostly fly-by-night operations these days and may
not have the latest version.)

http://www.nuance.com/products/pdf-reader/index.htm

On that page I couldn't find a download link. When I
then viewed the page with no style I saw this:

"Nuance PDF Reader is no longer available.
We now offer a 30-day free trial for Power PDF Advanced (retail value:
$149.99)."

So the Nuance PDF Reader may be like so many
other products: Get it while it's hot.

Or try here.

https://nct.digitalriver.com/fulfill/0246.003

It sends an email to your inbox, with details
on how to get it. It's a way for them to snag
an email address.

That leads here. 42.4MB.

http://imagingcontent.nuance.com/PDF...er_English.exe

The installer file version says "8.10.1302". I
don't plan on installing it.

44,488,040 bytes

MD5SUM 1c7cb476b4900423408fb4c80c68f349
SHA1SUM 91ee0557ec736a7c3bb081aa21f152c0241b31dd

HTH,
Paul

On 09/21/2015 08:32 AM, Jo-Anne wrote:
I've used Adobe Reader for a long time. Given how insecure it's said to
be, however, I'm wondering what to use for reading and printing PDFs.
Suggestions?


Hi Jo-Anne,

I know this is not the question you asked, but I use
the dickens out of Qoppa PDF Studio Pro:

http://www.qoppa.com/pdfstudio/

It is pay software, but it is very well done and their
tech support is extraordinary.

For Tax forms, it allows mark up (comments), creation of
fill in forms, and you can save fill in forms.

My wife just went through a 48 page pension plan
that I scanned in. I OCR'ed it making it searchable.
The yellow highlighted and tore through the thing to
find all the relevant information. (It has an excellent
search tool.)

If you decide to try the demo, it is unlimited. It just
writes "demo" across every other page. Before I bought
the think, I used it to search multi-hundred page
technical manuals on industrial controllers. (I
highlighted and marked the dickens out of them too.)

Its only downfall I can find it that is does not handle
dynamic XFA forms.

-T

| As I mentioned in my original post:
|
| "The free version is no longer available from the Nuance
| website, but you can get it from Softonic:
|

Woops. Sorry. I missed that.

On 9/22/2015 6:34 AM, Paul wrote:
Jo-Anne wrote:
On 9/21/2015 4:16 PM, Mayayana wrote:
| form-filling, but I gather from the posts here that Sumatra doesn't.
|
No. It's very basic. Acrobat Reader used to be
the same way. Thus the name *Reader*. I've
heard that it now has limited capabilities for
editing. I'm guessing they had to do that to keep
up with the Joneses. Their original strategy was
to offer the only PDF editor for a high price and then
spread around the read-only Reader for free.

Adobe also gave away Acrobat Pro 7 awhile back.
they posted that plus Illustrator and Photoshop CS2
online with serial numbers. Originally there was a note
saying people were only allowed to use those programs
if they received them from Adobe. Later they changed
the note and said they were only for people with
existing licenses. I think the eventually required
people to sign up for the download. I don't know where
it stands now. If you care you might want to look
around and see if there's a legal version to be had.
But other programs, like PDF XV, are good enough if
you only need functionality like adding notes or
filling in tax forms.


Thank you for the details, Mayayana. I do need to fill in tax forms
and sometimes other forms, and I've been able to do that with Adobe
Reader--although it's sometimes clunky. I'm looking forward to trying
Foxit first and then PDF X-Change if I don't like Foxit.


The security issues for Acrobat come from a couple places.

1) Original PS and PDF languages were prefaced around PostScript
printer design. The language was given the capability to write
to the hard drive inside the laser printer.

Adding the ability to write the host file storage was later
considered to be a bad thing. Thus a few command line parameters
were added to programs like GhostScript, to turn off some of those
I/O capabilities, and prevent documents from damaging whatever was
attempting to interpret the document.

2) The second (weak) feature, was adding Javascript to the PDF
standard. So a document could contain both languages. It was
intended to allow developers to add whizzy features to documents,
but from a security point of view, it's a disaster.

The worst part of this, is that it is possible to write PDF
code to generate an in-memory Javascript script. Then execute it.
The PDF code can be obfuscated, so you cannot tell by looking at
it, what the purpose of the code is.

Things you can do:

1) In your browser, turn off "view in browser". At one time, the
Acrobat plugin allowed documents to be interpreted straight off
the Internet. Disable this. Change the MIME type to "prompt me"
or "Save As" and take the PDF out of the browser. This might even
allow your AV to sniff it. Even some of the browsers contain
some level of checking for downloaded PDF files now, so before
the file is officially made available on your disk, the browser
may have carried out some kind of check. I don't know the details
of what it does, but I have noted the delay when it is messing around.

2) Some browsers now have their own PDF interpreter right in the
browser. While I would not expect that to honor Javascript,
I would not take the chance, and would turn that off if I could.
It might take a visit to Configuration Manager to stop it.

3) Now that you have limited your PDF activities to things like
Foxit or Acrobat Reader application, the next stop is the
Preferences in there. There is a preference to disable Javascript.
With that disabled, it should stop the Javascript interpreter from
being given any work to do.

4) Acrobat Reader and Foxit, may already have silently turned off
writing to a local file system. So there may not be a setting
for this.

It doesn't matter which PDF reader you use for your desktop,
as long as there has been some attention to these details.
The few times I've installed Acrobat Reader from scratch,
I don't think it defaulted to the "safe" Javascript setting,
so you really should review the Preferences pane (even if
it has 20 items to check, do it).

I've had a couple of attempts here, to infect the machine with
a Javascript-containing PDF file. How you can tell, is you open
a web page, and immediately a "Save As" box pops up with
"somefile.pdf" to be saved. The author of the web page, was
hoping your in-browser plugin would immediately interpret
the document, run the Javascript, and tip over the computer.
In one case, I saved the file and did find Javascript near
the end of the file. I can't read Javascript well enough, to
tell you what the script proposed to do.

But in terms of general security issues, I don't
think that every situation has been covered all that
well. The ability to write obfuscated PDF, where Javascript
could be generated on the fly, that idea still bothers me.
And I've never seen any discussion of how AV programs propose
to stop things like that.

Adobe should never have put Javascript there in the first place.
Idiots. They should have realized the security implications and
put a stop to it.

Paul

Thank you very much for all the detail, Paul. Since I haven't yet
installed Foxit, I eventually found Acrobat on my computer (it doesn’t
show up in “Search Programs and Files,” although I suppose I could just
have opened a PDF file with it), located Preferences under “Edit,” and
unchecked Javascript. I hope that'll help with security until I choose
another program.

I checked my browser, Firefox, and found four PDF applications under
Tools | Options | Applications. Should I use "Save File" for all of
them? They are

Adobe Acrobat Forms Document (application/vnd.ad...)
Adobe Acrobat Forms Document (application/vnd.fdf)
Adobe Acrobat XML Data Package File
Portable Document Format (PDF)

Thank you again,

--
Jo-Anne

Jo-Anne wrote:
On 9/22/2015 6:34 AM, Paul wrote:
Jo-Anne wrote:
On 9/21/2015 4:16 PM, Mayayana wrote:
| form-filling, but I gather from the posts here that Sumatra doesn't.
|
No. It's very basic. Acrobat Reader used to be
the same way. Thus the name *Reader*. I've
heard that it now has limited capabilities for
editing. I'm guessing they had to do that to keep
up with the Joneses. Their original strategy was
to offer the only PDF editor for a high price and then
spread around the read-only Reader for free.

Adobe also gave away Acrobat Pro 7 awhile back.
they posted that plus Illustrator and Photoshop CS2
online with serial numbers. Originally there was a note
saying people were only allowed to use those programs
if they received them from Adobe. Later they changed
the note and said they were only for people with
existing licenses. I think the eventually required
people to sign up for the download. I don't know where
it stands now. If you care you might want to look
around and see if there's a legal version to be had.
But other programs, like PDF XV, are good enough if
you only need functionality like adding notes or
filling in tax forms.


Thank you for the details, Mayayana. I do need to fill in tax forms
and sometimes other forms, and I've been able to do that with Adobe
Reader--although it's sometimes clunky. I'm looking forward to trying
Foxit first and then PDF X-Change if I don't like Foxit.


The security issues for Acrobat come from a couple places.

1) Original PS and PDF languages were prefaced around PostScript
printer design. The language was given the capability to write
to the hard drive inside the laser printer.

Adding the ability to write the host file storage was later
considered to be a bad thing. Thus a few command line parameters
were added to programs like GhostScript, to turn off some of those
I/O capabilities, and prevent documents from damaging whatever was
attempting to interpret the document.

2) The second (weak) feature, was adding Javascript to the PDF
standard. So a document could contain both languages. It was
intended to allow developers to add whizzy features to documents,
but from a security point of view, it's a disaster.

The worst part of this, is that it is possible to write PDF
code to generate an in-memory Javascript script. Then execute it.
The PDF code can be obfuscated, so you cannot tell by looking at
it, what the purpose of the code is.

Things you can do:

1) In your browser, turn off "view in browser". At one time, the
Acrobat plugin allowed documents to be interpreted straight off
the Internet. Disable this. Change the MIME type to "prompt me"
or "Save As" and take the PDF out of the browser. This might even
allow your AV to sniff it. Even some of the browsers contain
some level of checking for downloaded PDF files now, so before
the file is officially made available on your disk, the browser
may have carried out some kind of check. I don't know the details
of what it does, but I have noted the delay when it is messing
around.

2) Some browsers now have their own PDF interpreter right in the
browser. While I would not expect that to honor Javascript,
I would not take the chance, and would turn that off if I could.
It might take a visit to Configuration Manager to stop it.

3) Now that you have limited your PDF activities to things like
Foxit or Acrobat Reader application, the next stop is the
Preferences in there. There is a preference to disable Javascript.
With that disabled, it should stop the Javascript interpreter from
being given any work to do.

4) Acrobat Reader and Foxit, may already have silently turned off
writing to a local file system. So there may not be a setting
for this.

It doesn't matter which PDF reader you use for your desktop,
as long as there has been some attention to these details.
The few times I've installed Acrobat Reader from scratch,
I don't think it defaulted to the "safe" Javascript setting,
so you really should review the Preferences pane (even if
it has 20 items to check, do it).

I've had a couple of attempts here, to infect the machine with
a Javascript-containing PDF file. How you can tell, is you open
a web page, and immediately a "Save As" box pops up with
"somefile.pdf" to be saved. The author of the web page, was
hoping your in-browser plugin would immediately interpret
the document, run the Javascript, and tip over the computer.
In one case, I saved the file and did find Javascript near
the end of the file. I can't read Javascript well enough, to
tell you what the script proposed to do.

But in terms of general security issues, I don't
think that every situation has been covered all that
well. The ability to write obfuscated PDF, where Javascript
could be generated on the fly, that idea still bothers me.
And I've never seen any discussion of how AV programs propose
to stop things like that.

Adobe should never have put Javascript there in the first place.
Idiots. They should have realized the security implications and
put a stop to it.

Paul

Thank you very much for all the detail, Paul. Since I haven't yet
installed Foxit, I eventually found Acrobat on my computer (it doesn’t
show up in “Search Programs and Files,” although I suppose I could just
have opened a PDF file with it), located Preferences under “Edit,” and
unchecked Javascript. I hope that'll help with security until I choose
another program.

I checked my browser, Firefox, and found four PDF applications under
Tools | Options | Applications. Should I use "Save File" for all of
them? They are

Adobe Acrobat Forms Document (application/vnd.ad...)
Adobe Acrobat Forms Document (application/vnd.fdf)
Adobe Acrobat XML Data Package File
Portable Document Format (PDF)

Thank you again,


That's my objective, yes. Set them all to Save.

At least avoid the temptation to open stuff
directly in the browser.

And if you say "I love to read PDF files directly
in my browser", then that's your call. I don't know enough
about AV design, to know whether every delivery scenario
includes a chance to scan them. For example, with an
in-browser design, they could download a page of PDF to
memory and run it directly.

And one reason for the Save method, is to note how
"aggressive" the web site it. It's one thing to locate
a PDF in a search engine, click the link and the PDF
starts downloading right away. That's because the
search engine linked directly to the file. I've had a
couple sites, where you go to the home page, and like
four PDF files try to download immediately. That sort of
aggressive behavior, is evidence the PDF files need further
examination before you read them.

I don't even know of any useful examples of why a PDF
must have Javsscript in it. So I could run into a case
where a legit doc is prepared that way. At the moment,
I have to classify a document with that in it, as a
pest, because I haven't seen any examples of "good" usage.

Paul

On 9/23/2015 12:54 AM, Paul wrote:
Jo-Anne wrote:
On 9/22/2015 6:34 AM, Paul wrote:
Jo-Anne wrote:
On 9/21/2015 4:16 PM, Mayayana wrote:
| form-filling, but I gather from the posts here that Sumatra doesn't.
|
No. It's very basic. Acrobat Reader used to be
the same way. Thus the name *Reader*. I've
heard that it now has limited capabilities for
editing. I'm guessing they had to do that to keep
up with the Joneses. Their original strategy was
to offer the only PDF editor for a high price and then
spread around the read-only Reader for free.

Adobe also gave away Acrobat Pro 7 awhile back.
they posted that plus Illustrator and Photoshop CS2
online with serial numbers. Originally there was a note
saying people were only allowed to use those programs
if they received them from Adobe. Later they changed
the note and said they were only for people with
existing licenses. I think the eventually required
people to sign up for the download. I don't know where
it stands now. If you care you might want to look
around and see if there's a legal version to be had.
But other programs, like PDF XV, are good enough if
you only need functionality like adding notes or
filling in tax forms.


Thank you for the details, Mayayana. I do need to fill in tax forms
and sometimes other forms, and I've been able to do that with Adobe
Reader--although it's sometimes clunky. I'm looking forward to trying
Foxit first and then PDF X-Change if I don't like Foxit.


The security issues for Acrobat come from a couple places.

1) Original PS and PDF languages were prefaced around PostScript
printer design. The language was given the capability to write
to the hard drive inside the laser printer.

Adding the ability to write the host file storage was later
considered to be a bad thing. Thus a few command line parameters
were added to programs like GhostScript, to turn off some of those
I/O capabilities, and prevent documents from damaging whatever was
attempting to interpret the document.

2) The second (weak) feature, was adding Javascript to the PDF
standard. So a document could contain both languages. It was
intended to allow developers to add whizzy features to documents,
but from a security point of view, it's a disaster.

The worst part of this, is that it is possible to write PDF
code to generate an in-memory Javascript script. Then execute it.
The PDF code can be obfuscated, so you cannot tell by looking at
it, what the purpose of the code is.

Things you can do:

1) In your browser, turn off "view in browser". At one time, the
Acrobat plugin allowed documents to be interpreted straight off
the Internet. Disable this. Change the MIME type to "prompt me"
or "Save As" and take the PDF out of the browser. This might even
allow your AV to sniff it. Even some of the browsers contain
some level of checking for downloaded PDF files now, so before
the file is officially made available on your disk, the browser
may have carried out some kind of check. I don't know the details
of what it does, but I have noted the delay when it is messing
around.

2) Some browsers now have their own PDF interpreter right in the
browser. While I would not expect that to honor Javascript,
I would not take the chance, and would turn that off if I could.
It might take a visit to Configuration Manager to stop it.

3) Now that you have limited your PDF activities to things like
Foxit or Acrobat Reader application, the next stop is the
Preferences in there. There is a preference to disable Javascript.
With that disabled, it should stop the Javascript interpreter from
being given any work to do.

4) Acrobat Reader and Foxit, may already have silently turned off
writing to a local file system. So there may not be a setting
for this.

It doesn't matter which PDF reader you use for your desktop,
as long as there has been some attention to these details.
The few times I've installed Acrobat Reader from scratch,
I don't think it defaulted to the "safe" Javascript setting,
so you really should review the Preferences pane (even if
it has 20 items to check, do it).

I've had a couple of attempts here, to infect the machine with
a Javascript-containing PDF file. How you can tell, is you open
a web page, and immediately a "Save As" box pops up with
"somefile.pdf" to be saved. The author of the web page, was
hoping your in-browser plugin would immediately interpret
the document, run the Javascript, and tip over the computer.
In one case, I saved the file and did find Javascript near
the end of the file. I can't read Javascript well enough, to
tell you what the script proposed to do.

But in terms of general security issues, I don't
think that every situation has been covered all that
well. The ability to write obfuscated PDF, where Javascript
could be generated on the fly, that idea still bothers me.
And I've never seen any discussion of how AV programs propose
to stop things like that.

Adobe should never have put Javascript there in the first place.
Idiots. They should have realized the security implications and
put a stop to it.

Paul

Thank you very much for all the detail, Paul. Since I haven't yet
installed Foxit, I eventually found Acrobat on my computer (it doesn’t
show up in “Search Programs and Files,” although I suppose I could
just have opened a PDF file with it), located Preferences under
“Edit,” and unchecked Javascript. I hope that'll help with security
until I choose another program.

I checked my browser, Firefox, and found four PDF applications under
Tools | Options | Applications. Should I use "Save File" for all of
them? They are

Adobe Acrobat Forms Document (application/vnd.ad...)
Adobe Acrobat Forms Document (application/vnd.fdf)
Adobe Acrobat XML Data Package File
Portable Document Format (PDF)

Thank you again,


That's my objective, yes. Set them all to Save.

At least avoid the temptation to open stuff
directly in the browser.

And if you say "I love to read PDF files directly
in my browser", then that's your call. I don't know enough
about AV design, to know whether every delivery scenario
includes a chance to scan them. For example, with an
in-browser design, they could download a page of PDF to
memory and run it directly.

And one reason for the Save method, is to note how
"aggressive" the web site it. It's one thing to locate
a PDF in a search engine, click the link and the PDF
starts downloading right away. That's because the
search engine linked directly to the file. I've had a
couple sites, where you go to the home page, and like
four PDF files try to download immediately. That sort of
aggressive behavior, is evidence the PDF files need further
examination before you read them.

I don't even know of any useful examples of why a PDF
must have Javsscript in it. So I could run into a case
where a legit doc is prepared that way. At the moment,
I have to classify a document with that in it, as a
pest, because I haven't seen any examples of "good" usage.

Paul


Done--and it works well. I always save PDFs anyway, since they often
don't look right in the browser. I clicked on an online PDF page to see
what would happen, and it immediately was downloaded to my computer's
Downloads folder. Very slick.

One other question: Once a PDF is downloaded, I can scan it with Avira.
Is that worth doing before opening it?

--
Thank you again,
Jo-Anne

On 9/22/2015 7:16 AM, SC Tom wrote:


"Jo-Anne" wrote in message
...
On 9/21/2015 9:39 PM, George wrote:
"Jo-Anne" wrote in message
...
I've used Adobe Reader for a long time. Given how insecure it's said
to be, however, I'm wondering what to use for reading and printing
PDFs. Suggestions?

--
Thank you,
Jo-Anne

Take a look at Nuance PDF Reader, what I like about it is that it lets
you save filled-in forms, a feature that is often missing in other PDF
programs. The free version is no longer available from the Nuance
website, but you can get it from Softonic:

http://nuance-pdf-reader.en.softonic.com/download

When installing, watch for unwanted bloatware that you don't want.

George


Thank you, George. I didn't realize that some PDF readers won't let
you save the filled-in forms. I'll check out Nuance, but does anyone
know if Foxit and PDF X-Change let you save the filled-in forms?
That's very important to me.

PDF X-Change allows saving filled-in forms. I've used it numerous times
for insurance forms over the years.

Mayayana brought up a good point in one of his replies- I seem to
remember also that the latest version of Reader does have nags. I'm
still running an older version (2.5.0195.0), and it works fine still, so
I see no need to update it yet. The older versions are here
http://www.tracker-software.com/history/viewer_history.xml.

I also noted on their website that Viewer has been superseded by Editor,
which is now at v5.5.315, but the latest version of Viewer is available
http://www.tracker-software.com/product/pdf-xchange-viewer, and is at
v2.5.315. Phew, gets more confusing all the time, doesn't it :-(

Seems like it. In the past, I've just downloaded whatever Adobe says
to--although I always retain "notify me" rather than letting it
automatically update. I'm hoping I'll be able to comfortably use either
Foxit or PDF X-Change and get rid of Adobe Reader.

--
Jo-Anne

On 9/22/2015 8:20 AM, Bruce Hagen wrote:
"Jo-Anne" wrote in message
...
On 9/21/2015 9:39 PM, George wrote:
"Jo-Anne" wrote in message
...
I've used Adobe Reader for a long time. Given how insecure it's said
to be, however, I'm wondering what to use for reading and printing
PDFs. Suggestions?

--
Thank you,
Jo-Anne

Take a look at Nuance PDF Reader, what I like about it is that it lets
you save filled-in forms, a feature that is often missing in other PDF
programs. The free version is no longer available from the Nuance
website, but you can get it from Softonic:

http://nuance-pdf-reader.en.softonic.com/download

When installing, watch for unwanted bloatware that you don't want.

George


Thank you, George. I didn't realize that some PDF readers won't let
you save the filled-in forms. I'll check out Nuance, but does anyone
know if Foxit and PDF X-Change let you save the filled-in forms?
That's very important to me.



Foxit lets you save fill-in forms. And print, of course.

Thank you, Bruce! I'll try installing it tomorrow (I've already
downloaded it).

--
Jo-Anne