Document Actions
Why PDF files are bad...
Up to Support
Posted by
PDF docs accounted for 80% of security exploits in 2009.
Of course, the data is *never* the problem, it's always the code that interprets the data. So in this case the crooked finger of blame lies squarely with Adobe's ubiquitous Reader plugin, which follows in Adobe's long and inglorious tradition of bug-riddled security-inept crapware obsessed with market control and user lock-in.
Look for Adobe to get increasingly desperate as HTML5 kicks Flash to the dumpster where it belongs.
Here at work, 90% of my customers issue purchase orders electronically using the .PDF format. It's the only format they can use that has an almost 100% guarantee of readability by the recipient, regardless of system or OS.
That said, I stopped using Adobe's reader years ago. I found it entirely too bloated, and on my older work system, entirely too slow. It took a little over 1 minute on average to open a newly received .PDF file. Since I'm dealing with 100+ .PDF files every day on average, that's almost 2 hours wasted waiting for the damn things to open. So I switched to an alternative .PDF reader a long time ago. Foxit reader. It's faster than Acrobat, less bloated (doesn't hog as many resources). The Foxit folks have an entire suite of .PDF authoring apps as well, for considerably less than Adobe's similar suite of tools - the reader itself is free.
If, like me, you're forced to deal with .PDFs, then I highly recommend you take a look at the Foxit family of tools.
So what options are better, and does another pdf reader (Foxit) have fewer exploitable issues or is it the pdf format itself?
Like Dennis I open, create, markup, and send pdf files every day. Our system vendors transfer .pdf engineering documents to us for review by the hundreds. I cna't say I like acrobat 9, but it is what my company uses.
The whole "execute the binary blob inside my browser" is something that has bothered me for a LONG time. (in reference to Hoss's comment about Flash)
It's too bad that PDF destroyed the idea of saved postscript files and EPS. Maybe that might have been better?
Previously David Hostetler wrote:
http://www.computerworld.com/s/article/9157438/Rogue_PDFs_account_for_80_of_all_exploits_says_researcher
PDF docs accounted for 80% of security exploits in 2009.
Of course, the data is *never* the problem, it's always the code that interprets the data. So in this case the crooked finger of blame lies squarely with Adobe's ubiquitous Reader plugin, which follows in Adobe's long and inglorious tradition of bug-riddled security-inept crapware obsessed with market control and user lock-in.
Look for Adobe to get increasingly desperate as HTML5 kicks Flash to the dumpster where it belongs.
I believe the security holes are in the reader software, not the file format itself...other than the exploit has to be in a .pdf file to take advantage of the security hole in the reader software of course.
The security threat is unlikely to come from a file a customer sends you. The likely culprit will be an evil .pdf file on a web site that's opened up automatically by your browser, or a .PDF that comes through email from an unrecognized source (think of those phishing attempts you see all the time, or those emails from some rich/deposed/dying Nigerian prince/diplomat/businessman/politician, only it comes with an attached .pdf)
For authoring .PDF files, if you're already using Adobe's suite of tools, then there's no real reason to switch. For reading the documents, you might want to consider using Foxit. Or if you have to use Acrobat Reader for some reason for your client's docs, at least switch to Foxit as the handler your web browser uses for .pdf files