Lloyd Borrett, Security Evangelist for AVG (AU/NZ) says,
"Being aware of what products are being targeted by the bad guys may help you
as well, so it may be useful to know that at the moment Adobe products are
virtually the number one target across the world with millions of PCs being hit
by infected Adobe PDFs. Others are being introduced via Adobe Flash ads via Facebook
and other social media web sites.”
Attackers send a file that has malicious code embedded in
it. Once the file is opened, the computer is infected, typically with some form
of identity theft malware that then steals data.
The Adobe PDF and Adobe Flash browser plug-ins are also used
in ‘drive-by download’ attacks where malware is downloaded onto the PC while
the user is surfing the web.
"Adobe products, just like Microsoft Windows and Microsoft
Office, have near universal use on home and business computers making these
applications prime targets for the bad guys,” Borrett continues.
"Unfortunately, since the bad guys realised this and turned their attention to
finding security holes in them, they have been very successful.”
Of course, the easiest way to avoid the risk of being
compromised via these Adobe products is not to install them! However, this is virtually impossible for
most home and business Internet users.
So if you must use Adobe Reader, then please take the time
to secure it.
How to secure Adobe Reader
1. Open the
Adobe Reader application and choose ‘Edit’ and then ‘Preferences’.
2. On the left
you will see several different categories of options to modify.
3. Under the
sure this checkbox is not ticked/selected so that you disable Adobe Reader’s
4. Under the
‘Security’ category, to specify that digital signatures are handled securely
make sure the ‘Verify signatures when the document is opened’ checkbox is
5. Under the
‘Security (Enhanced)’ category, make sure the ‘Enable Enhanced Security’
checkbox is selected to help with data protection and privacy.
6. Under the
‘Trust Manager’ category we’d recommend you disable Acrobat’s ability to call
external applications to handle non-PDF file attachments. So, after the ‘PDF
File Attachments’ heading, make sure the ‘Allow opening of non-PDF file
attachments with external applications’ checkbox is not ticked/selected.
7. Then click on
‘OK’ to exit changing the preferences.
Adobe is working to
address the security vulnerabilities in its products, so it’s vital to make
sure you regularly check for updates to Adobe Reader, Adobe Flash and other
Adobe applications. Turn on the automatic updates so that your Adobe software
stays up-to-date, or go to http://www.adobe.com/downloads/updates.