eCommerceNews New Zealand - Technology news for digital commerce decision-makers
Story image
Fri, 1st Oct 2010
FYI, this story is more than a year old

Lloyd Borrett, Security Evangelist for AVG (AU/NZ) says,"Being aware of what products are being targeted by the bad guys may help youas well, so it may be useful to know that at the moment Adobe products arevirtually the number one target across the world with millions of PCs being hitby infected Adobe PDFs. Others are being introduced via Adobe Flash ads via Facebookand other social media web sites.”

Attackers send a file that has malicious code embedded init. Once the file is opened, the computer is infected, typically with some formof identity theft malware that then steals data.

The Adobe PDF and Adobe Flash browser plug-ins are also usedin ‘drive-by download’ attacks where malware is downloaded onto the PC whilethe user is surfing the web.

"Adobe products, just like Microsoft Windows and MicrosoftOffice, have near universal use on home and business computers making theseapplications prime targets for the bad guys,” Borrett continues."Unfortunately, since the bad guys realised this and turned their attention tofinding security holes in them, they have been very successful.”

Of course, the easiest way to avoid the risk of beingcompromised via these Adobe products is not to install them!  However, this is virtually impossible formost home and business Internet users.

So if you must use Adobe Reader, then please take the timeto secure it.

How to secure Adobe Reader

1.       Open theAdobe Reader application and choose ‘Edit’ and then ‘Preferences’.

2.       On the leftyou will see several different categories of options to modify.

3.       Under the‘JavaScript’ category there is a checkbox ‘Enable Acrobat JavaScript’. Makesure this checkbox is not ticked/selected so that you disable Adobe Reader’sability to run dangerous JavaScript from a PDF.

4.       Under the‘Security’ category, to specify that digital signatures are handled securelymake sure the ‘Verify signatures when the document is opened’ checkbox isticked/selected.

5.       Under the‘Security (Enhanced)’ category, make sure the ‘Enable Enhanced Security’checkbox is selected to help with data protection and privacy.

6.       Under the‘Trust Manager’ category we’d recommend you disable Acrobat’s ability to callexternal applications to handle non-PDF file attachments. So, after the ‘PDFFile Attachments’ heading, make sure the ‘Allow opening of non-PDF fileattachments with external applications’ checkbox is not ticked/selected.

7.       Then click on‘OK’ to exit changing the preferences.

Adobe is working toaddress the security vulnerabilities in its products, so it’s vital to makesure you regularly check for updates to Adobe Reader, Adobe Flash and otherAdobe applications. Turn on the automatic updates so that your Adobe softwarestays up-to-date, or go to http://www.adobe.com/downloads/updates.