Story image

How to secure Adobe Reader

01 Oct 10

Lloyd Borrett, Security Evangelist for AVG (AU/NZ) says,
"Being aware of what products are being targeted by the bad guys may help you
as well, so it may be useful to know that at the moment Adobe products are
virtually the number one target across the world with millions of PCs being hit
by infected Adobe PDFs. Others are being introduced via Adobe Flash ads via Facebook
and other social media web sites.”

Attackers send a file that has malicious code embedded in
it. Once the file is opened, the computer is infected, typically with some form
of identity theft malware that then steals data.

The Adobe PDF and Adobe Flash browser plug-ins are also used
in ‘drive-by download’ attacks where malware is downloaded onto the PC while
the user is surfing the web.

"Adobe products, just like Microsoft Windows and Microsoft
Office, have near universal use on home and business computers making these
applications prime targets for the bad guys,” Borrett continues.
"Unfortunately, since the bad guys realised this and turned their attention to
finding security holes in them, they have been very successful.”

Of course, the easiest way to avoid the risk of being
compromised via these Adobe products is not to install them!  However, this is virtually impossible for
most home and business Internet users.

So if you must use Adobe Reader, then please take the time
to secure it.

How to secure Adobe Reader

1.       Open the
Adobe Reader application and choose ‘Edit’ and then ‘Preferences’.

2.       On the left
you will see several different categories of options to modify.

3.       Under the
‘JavaScript’ category there is a checkbox ‘Enable Acrobat JavaScript’. Make
sure this checkbox is not ticked/selected so that you disable Adobe Reader’s
ability to run dangerous JavaScript from a PDF.

4.       Under the
‘Security’ category, to specify that digital signatures are handled securely
make sure the ‘Verify signatures when the document is opened’ checkbox is

5.       Under the
‘Security (Enhanced)’ category, make sure the ‘Enable Enhanced Security’
checkbox is selected to help with data protection and privacy.

6.       Under the
‘Trust Manager’ category we’d recommend you disable Acrobat’s ability to call
external applications to handle non-PDF file attachments. So, after the ‘PDF
File Attachments’ heading, make sure the ‘Allow opening of non-PDF file
attachments with external applications’ checkbox is not ticked/selected.

7.       Then click on
‘OK’ to exit changing the preferences. 

Adobe is working to
address the security vulnerabilities in its products, so it’s vital to make
sure you regularly check for updates to Adobe Reader, Adobe Flash and other
Adobe applications. Turn on the automatic updates so that your Adobe software
stays up-to-date, or go to

Human assets the key to a successful digital transformation
Y Soft's Martin de Martini says it's vital that organisations continue to train and motivate their employees.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Office workers frustrated by poor information management systems
82% of workers believe poor information management is damaging their productivity in the workplace.
Jobs 'aplenty' for freelance writers, devs & ecommerce specialists?
Jobs tagged with the keyword ‘writing’ took the top spot as the fastest moving job in 2018.
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.