sábado, 12 de junio de 2010

Adobe Reader and Malware


I was reading that some Windows users, perhaps too upset by what they consider "cultic Microsoft bashing" by different Linux communities, started claiming that the reaction against Adobe Reader was another attempt to praise Penguin software over programs that run natively on Windows.

Nothing can be further from truth. Adobe Reader was nominated the most dangerous software in 2009...but few people are aware of the reasons why. Well, I am talking about inexperienced computer users, the ones that might even own netbooks, but for whom the word "extension" triggers an image of hair artificially made longer instead of something related to computers.

So, let us just say that most computers use Adobe Reader to handle pdf files. Pdf means "portable document file", an open format used to store documents in a rather stable way, so that you can open them in different computers and the files remain unaltered.

Adobe Reader is provided in most driver CDs and DVDs, which explains its preeminent place in many computers. This seems very convenient, except for the fact that malicious code can be introduced into a pdf and then your computer can become a zombie or it can be infected by viruses via pdf reading...under the patient eyes of your antivirus, which, instead of preventing the malware from going rampant, gives it its blessing. Did you know that more computers got infected this way than by USB viruses in 2009?

The response of the company disappointed everyone: Adobe has been extremely slow in releasing heavy-to-download patches and these have been circumvented by hackers easily. To make matters worse for Adobe, its reader is slow to launch and consumes computer resources with the gluttony of a loccust!

Here is where Linux users started mentioning that they do not have those issues because they normally do not use the widespread software (which can also run under Penguin-powered computers) and suggested alternatives, such as Foxit (in Windows) or Okular (in Linux) that, apparently, do not execute dangerous code embedded in the pdf.





I remember I used Foxit in Windows. It is fast and stable and, as most users only require to READ the pdf, not to annotate it, the little program is excellent for the task. In Mandriva, I am more than satisfied with Okular, a program with beautiful pdf navigating features.

Again, dropping Adobe turns into a question of knowledge over comfort. Do you want to protect your computer? If so, ARE YOU WILLING TO LEARN?

Too much of a hassle, you say? Watch this video, then. It is really inspirational. And remember that the more you know about the computer, the more usable it becomes... Your computer can work with you, not against you.



Being a computer user, I grew sick of an OS that tells me I'm stupid (do YOU really want to see this folder? Important files are in here and you will mess them up!) and became fed up with software that claims to take care of threats but doesn't. My journey of learning with Linux has made me see all the possibilities I never dreamed my computer has. Wouldn't you like to exploit all the HIDDEN resources in your system as the people in the video have learned to use their instruments, bodies, and abilities? Linux can help you unleash the potential of your computer, but this power becomes useless if you do not trust yourself and fear from training holds you back. You can learn and free the magic!

6 comentarios:

  1. Pdf viruses are more dangerous than their USB counterparts...and still users refuse to learn about their computers and how to protect them.

    ResponderEliminar
  2. That's because these poor people entrust the computer to companies that see the user as part of a figure in their sales report. Those who think that a metal welder is interested in unbreakable swords are truly ill-equipped against a dragon with the blade they gave him for repair! They should find a good blacksmith with training in magic instead...

    ResponderEliminar
  3. Right. By the way, the videos are great! I had never heard of computers breaking down like that before! :P

    ResponderEliminar
  4. Jiménez, M.
    I have been using Foxfit for almost a week. I like the fact that it is safer, and it has some valuable characteristics that Adobe Reader lacks. I am still in the "learning process". I have to admit I was one of those conformists. However, after doing research, the true gave me a not-so-gentle slap and awoke me. In a security bulletin I read, Adobe mentioned that Adobe Reader was vulnerable and my computer could become a zombie. I do not want a criminal running malicious code in my computer! Most users are Trojans who welcome the horse everytime they use Adobe, but they still do not realize it. Users do have options. Security is really important and other options beyond Adobe truly pay attention to this aspect.

    ResponderEliminar
  5. For many computer users and me, Adobe Reader is one of the most complete programs since it has more effective and advanced tools. In addition, its effectiveness is so evident when you need to use the function of locating texts because Foxit, most of the times, is not able to locate the words that the computer user is looking for. However, Foxit is lighter than Adobe; thus, it can be used by systems with a limited hardware.
    In addition, it is important to clarify that saying that Foxit do not allowed the admission of malicious codes is a fallacy. Actually, Didier Stevens, who is a security researcher and an expert in PDF format, discovered a significant mistake in Foxit. Although at the beginning PDF readers did not permit to execute a binary or a script in a document, Didier Stevens could evade this protection with a new technique that permit to execute a malicious code. An advantage of using Adobe Reader, the computer user obtains a warning asking for approval to initiate the action, but the user can control the message displayed by the dialog. In contrast, Foxit Reader displays no warning at all, and the action is executed without the user interaction.
    http://www.hispasec.com/unaaldia/41
    Consequently, I prefer to be called “inexperienced computer user” rather than use a product that offers almost the same advantages of Adobe. Also, it is clear that in terms of security Foxit has flaws; so, my computer can become a zombie with any of the programs. The Adobe computer users should update their PDF reader as well as Foxit users in order to avoid any type of attack. Hence, it is better to use a well known product, than learn about a new one that does not provide anything incredible.

    ResponderEliminar
  6. M.J Bolaños,
    Obviously, you are not reading my post. I'm suggesting Foxit for Windows users who ONLY NEED TO READ PDFs, not annotate them. Under those conditions, Foxit Reader beats Adobe Reader single-handedly as the latter makes your computer a real electronic turtle. Next, please check the urls you post as evidence: That one directs to a very old article about Windows 98!
    Third, I already addressed the Adobe security patches (please read)... but, about them, Didier Stevens himself says they are of no avail and that the EXECUTABLE DOESN'T RUN IN FOXIT:
    http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
    By any chance, did you read comment #6 under Stevens' post? In case you haven't, here it comes:
    "In the case of foxit, I also did notice it executes without warning, however it doesn’t seem posible to pass parameters to whatever command you launch. If that is the case it sorts of renders the vulnerability useless" In other words, Foxit prevents action to take place with that exploit...to sum up, you have an exploit that DOES NOTHING in Foxit.

    Stevens' achievement is to hack a pdf file in March 29, 2010, right? Did you read comment 136 under the entry? Here it goes:
    "FoxIT has released an update (Friday 2 April 2010 @ 9:27), that will now give you a warning before running the application from inside of a PDF!" That takes care of the warning display...in four days time.

    Finally, read this feature: http://www.zdnet.com/blog/security/foxit-reader-intros-new-safe-reading-feature/6376
    There, we have yet another security feature released for Foxit v3.3(May 7, 2010). That's one each month. Adobe Reader has none so far, which confirms my entry.

    That being the case, I wish you good luck with your well-known product, but I hold that LEARNING is one's best defense in the computer world.

    Interesting...Stevens did not mention which version of Foxit he was using...Suspicious omission, don't you think?

    ResponderEliminar