PDF In-Depth

What you don't know about PDF can hurt you

What can be done?

Advertisement
 

First it must be emphasized that all the same basic rules apply to PDF as apply to any file -- open it only if you trust the source.

Beyond educating users, several concrete strategies are available to dramatically enhance your protection against malicious PDF files and vulnerable PDF viewing applications.

Get the update

The frequency of software updates has increased as the threats have multiplied. Any protective strategy should ensure that regular (and emergency) updates can and will be distributed to affected desktops as expeditiously as possible.

Managed Deployment

Organizations "of a certain size" decided long ago that ad-hoc unmanaged desktops was an IT nightmare that could be defeated with centrally-managed software deployment. In these settings, the simplest way to deal with threats is to turn off functionality in the affected software.

In some cases, for example, the recent authplay.dll vulnerability, can be mitigated by simply renaming an installed file -- a process that's ready and waiting to go in most managed-deployment installations. In other cases, customizing the software as-deployed is often necessary, and for that, Adobe Systems, at least, provides an extremely granular deployment customizer.

Between Patches? Disable Flash, deactivate JavaScript

So, what else might you have to do between patches? Many recent exploits have utilized Flash and the Acrobat JavaScript API, so the most conservative organizations turn off Flash and JavaScript support entirely, denying their users important functionality but also categorically eliminating the threat from this vector.

This approach isn't always available or desirable. From fillable forms to hyperlinked reference documents, active-content PDF files play key roles in the daily business operations for many organizations. For these, less drastic approaches to the JavaScript problem are required. Some organizations use software to detect incoming PDF files containing active content (JavaScript, links, launch actions and the like). This approach allows them to categorize and manage inbound content as they would any other potential threat without taking the more extreme step of simply banning files that include these features. (See our APActiveCheck as one example).

In other cases, PDF certification or digital signatures can provide another option for ensuring active content PDFs are known to be safe.

According to Doug Hanna, who manages 5,000 Adobe Acrobat seats for Hewitt Associates, "Once Microsoft understood that corporate was not going to deploy their tools until their security was tightened down they acted upon it," he says. At this time, Hewitt doesn't permit JavaScript to operate in PDFs, but will make exceptions on a case-by-case basis. Hanna thinks Adobe is reacting faster than Microsoft did, before 'Patch Tuesday' became the norm, ensuring that their Reader and Acrobat platform is as secure as possible.

Conclusion

The most troubling aspect of these new threats is that they arrive on a vector that most users and managers have grown to trust -- PDF.

This trust is entirely out of all proportion to the actual security, authentication and other measures in place to guard against malicious PDFs -- in many cases, zero.

As Microsoft knows only too well, ubiquity makes you a target. The ubiquity of PDF and Flash has brought the attention of the hackers. While the vendors adjust, prudent IT managers should review their options. The 2009 IBM X-Force Report is a great place to start.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Back to the past, 15 years ago! Open Publish 2002

Looking back to 2002, it's amazing how much of the prediction became a reality. Take a read and see what you think!

September 14, 2017
Platinum Sponsor





Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.

Features

Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.