Adobe Confirms PDF Zero-Day, Says Kill JavaScript 211
CWmike writes "Adobe Systems has acknowledged that all versions of its Adobe Reader, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities. 'All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue,' said Adobe's David Lenoe said in a blog entry yesterday. He was referring to a bug in Adobe's implementation of JavaScript that went public early Tuesday. A "Bugtraq ID," or BID number has been assigned to a second JavaScript vulnerability in Adobe's Reader. Proof-of-concept attack code for both bugs has already been published on the Web. Adobe said it will patch Reader and Acrobat, but Lenoe offered no timetable for the fixes. In lieu of a patch, Lenoe recommended that users disable JavaScript in the apps. Andrew Storms, director of security operations at nCircle Network Security, said of the suggestion in lieu of patches, 'Unfortunately, for Adobe, disabling JavaScript is a broken record, [and] similar to what we've seen in the past with Microsoft on ActiveX bugs.'"
Ditch Acrobat... (Score:5, Informative)
Adobe is really slow about security patches on Acrobat. This is just the latest.
Its the reason why Miko Hypponen of F-Secure says you should ditch acrobat and use something else [slashdot.org].
Re: (Score:2, Insightful)
Yeah... like if I'm offered the choices
1. Disable javascript and kill the web
2. Uninstall Adobe_who_evidently_can't_code_their_way_out_of_a_wet_paper_bag crap
Why would I choose the former? Even if I do that I'm sure they'll have another exploit by next Wednesday that wouldn't be defanged by disabling a scripting language, looking at their track record [google.com]..
Color me tired of this much more so than surprised..
Re:Ditch Acrobat... (Score:4, Informative)
It's about disabling JS in Acrobat itself, not in general. For whatever stupid reason, Adobe thought it would be useful to have scripts in PDF files. I've disabled it ages ago, but I still run it elsewhere on web.
Re:Ditch Acrobat... (Score:5, Insightful)
Ok, color me surprised then... Thank you for the clarification.
I think I'll step out and talk a walk to muse about why companies writing mission-specific utilities throw in the kitchen sink-type bloat and wonder why they couldn't see their ship coming in over the Sea of Vulnerabilites...
Re:Ditch Acrobat... (Score:4, Funny)
Bloated? I don't think one should describe what Adobe has done to Acrobat Reader simply as "Bloat". I suggest redefining the term as a verb with a tip of the hat to the new masters, as in "you silly hack, you've adobed your software!"
After getting fed up with Reader in the wake of the Feb. 19th PDF remote exploit notice (http://www.adobe.com/support/security/advisories/apsa09-01.html/ [adobe.com]) I decided to install FoxIt (I know, proprietary, not open source goodness)... But anyway, when I went to uninstall Adobe Reader, Windows claimed it to be taking up 221MB on my hard drive. 221 Megabytes! For a document reader!?
After installing FoxIt, Windows claims that it takes up only 7.15MB, which I corroborated by checking the size of the install directory. For the life of me, I can't figure out what exactly it is that Adobe Reader does that FoxIt doesn't. They're functionality identical so far as I can tell. So what in god's name is Adobe doing with that extra 200 megabytes of disk space?
Re: (Score:2, Insightful)
Precisely that bloat functionality.
Advanced forms handling, embedded content, Adobe javascript, et cetera.
Things most people never need and things that would use Microsoft Word if Adobe had never offered the functionality.
You won't run into them too often outside giant bureaucratic systems where some boss thought using PDFs for forms was a great idea.
Re: (Score:3, Informative)
You won't run into them too often outside giant bureaucratic systems where some boss thought using PDFs for forms was a great idea.
I ran into something similar at work once. I had the guys in QA load up my thumb drive with all of the procedures that go for the product line I had inherited from one of the other leads there that... well, no need to digress... The documentation was just so fucking sloppy that most of it had to be completely rewritten from scratch. I couldn't make heads or tails of anything when I went to do any testing.
I sat down with the technician that I was now in charge of for this stuff. As I was trying to have him t
Re:Ditch Acrobat... (Score:4, Funny)
"So what in god's name is Adobe doing with that extra 200 megabytes of disk space?"
I shouldn't really be telling you this, but there's an easter-egg video involving Carrot Top hidden somewhere in Adobe Reader. Call it a result of the 'more megabytes = more powerful' school of software management :P
Re: (Score:3, Informative)
On my install, which is 9.0 updated to 9.1, there are 60 megabytes of setup files. 20 of it is the installer for 9.0, and 40 of it is the installer for 9.1. Of the remaining 120 megabytes (that's right, the total is 180 megabytes), about 45 megabytes are devoted to dlls and executables, and about 30 are devoted to 'linguistics' resources, which must be language support files.
Clearly they don't care about using my disk (obviously, neither do I).
Obligatory (Score:3, Funny)
Im on ur drive... eatin ur sectorz! om nom nom.
Re:Ditch Acrobat... (Score:5, Interesting)
For most people there is no difference, but if you are working with livecycle forms online (which some public sites use) nothing but Adobe Reader will work with those.
If you use postscript passthrough - I don't know if any apps outside of Adobe that support this.
If you use annotations (3d objects, comments/notes, multimedia, videos etc) - most other readers don't support this - or if they do they only support notes/comments.
If you need to deploy a pdf viewer to a couple thousand machines - I'm not aware of any that have an installer for automating this - Adobe Reader does however.
So its not for everyone, but speaking from experience it is for a lot of people and a lot of big enterprises.
That said - Foxit is probably the most feature complete pdf viewer outside of stuff from Adobe, however It would be generous of me to say that it supports 1/10th of the pdf features Adobe Reader supports.
Comment removed (Score:5, Insightful)
Re: (Score:3, Interesting)
These companies don't see that we often simply want a simple app to do a simple job fast, cleanly, and with minimum bloat. Instead they try piling in the kitchen sink hoping that one of the bazillion functions they pile in there might make it the "must have" for "the next generation" or again whatever buzzword bingo you choose. Just look at all the crap Nero has piled into what was once a clean and easy burning app. That is why for myself, my customers, and my family I routinely install Foxit Reader [wikip
Re: (Score:3, Interesting)
Re:Ditch Acrobat... (Score:5, Interesting)
For whatever stupid reason, Adobe thought it would be useful to have scripts in PDF files. I've disabled it ages ago, but I still run it elsewhere on web.
Which is ironic since PDF was originally designed to be a reduced, non-Turing complete version of Postscript partly for the safety of a restricted interpreter.
Re: (Score:2)
disabling js will not save you (Score:5, Informative)
Check out the stuff Immunity is selling.
http://www.immunityinc.com/ceu-index.shtml [immunityinc.com]
They crafted a totally reliable exploit for the jbig2 vuln without needing javascript. Javascript gives you the option to use things like heap spray, which can be really useful for exploitation, but not necessary.
Also notice that immunity also has exploits for things like foxit reader, so switching your favorite pdf reader every week isn't going to save you either.
The main problem here is that parsing pdf is hard. Even the ones that created the format can't do it right. My suggestion would be to use a web based solution to view pdfs until adobe creates a lighter, more secure version of reader that contains nothing but the necessary plug-ins.
Re: (Score:3, Funny)
Re: (Score:2, Informative)
According to Secunia disabling Javascript does not mitigate the risk. Old news?
http://secunia.com/blog/44/ [secunia.com]
Re:Ditch Acrobat... (Score:5, Funny)
Have you updated the Adobe Updater? Perhaps what we need is an updater to update the Adobe Updater.
Re: (Score:2)
And if you need some further discussion on the subject of The World's Worst Software [slashdot.org]...
Good idea... (Score:2, Funny)
kill Javascript.
And while you're at it, deep-six the rest of that Web 2.0 crap.
Just not on my lawn, you crazy kids!
Y'know... (Score:5, Insightful)
...maybe it's about the same time Adobe did to JavaScript in Reader as Microsoft did to macros in Excel and Word, oh, about a decade ago? Leave them disabled until the user approves them for a specific document.
It's a flawed solution: the user will still be the weakest link, but it's better than having it always on all the time by default.
--- Mr. DOS
Re: (Score:2, Insightful)
The average user immediately presses 'accept' or 'ok' on any prompt that comes up when they open a file without reading the message or thinking about what it means. Adding this requirement is just annoying for users and does absolutely nothing.
What I would like to see is a way to deploy Reader to client PCs with JavaScript disabled through a configuration file or command line flag. It is not realistic to expect users to go to preferences and disable JavaScript on an application that is used to view document
Re: (Score:2)
I'm told we can kill JavaScript because our "IntraNet" (cringes) uses PDFs with JavaScript!
Adobe could also implement Zones or something like it but that idea didn't work too well in IE.
If Adobe can put sound and videos in PDFs, why not security? They can't say it's because it would stops things from working, they already have DRM built-in to PDF.
Can we always kill javascript? (Score:5, Insightful)
Sorry, I know I'm beating a dead horse and risking karma-whore status, but do we really need a scripting language in PDFs at all? I mean, yes, sorry, I know that there are probably people out there who need that, but I'd wager the gross majority don't.
What most of us need (or at least what I need) PDF for is to have a portable format that's open, widely supported, and can give me pixel-perfect output regardless of the platform or what fonts you have installed. I don't need scripting, flash, embedded movies, or anything else of the sort. Can we just have PDF left alone, to be the static display/print format? If Adobe really wants to do all this other crap, can they please invent a new format, and not try to force me to install the viewer for that app? Because I want to view PDFs, but I have no interest in the associated security risks or bloat from throwing the kitchen sink into PDF functionality.
Re: (Score:3, Funny)
Re: (Score:2)
Re:Can we always kill javascript? (Score:5, Interesting)
Programatically clone a page to the end of the document.
Calculate and fill fields based on the value entered into other fields.
Update reference data from the web.
There are good uses.
Re: (Score:2)
All of these things seem pointless with 'always on' internet connectivity. Why not just go back to the provider for a new version?
These architectural considerations for reader are so 1999.
Re:Can we always kill javascript? (Score:5, Insightful)
Re: (Score:3, Interesting)
I'm not familiar with what you're talking about, here -- can you point me to an example? Also, when would you need to do this?
PDF doesn't need to be a spreadsheet.
Seems like HTML/XML/Javascript would be a better solution to that, don't you think?
Re: (Score:2)
"Programatically clone a page to the end of the document."
Autopager
https://addons.mozilla.org/en-US/firefox/addon/4925 [mozilla.org]
"Orgasmic."
Repagination
https://addons.mozilla.org/en-US/firefox/addon/2099 [mozilla.org]
"Genius."
I use both in tandem. Repagination is more manual, Autopager is more automatic, both useful at different times. I assume this is what he's referring to anyway. I know there are some web pages that can do this without requiring a mod, like, oh say Slashdot! If you try the beta homepage and scroll to the bottom
Re: (Score:2)
These are good uses of javascript, but bad uses of pdfs!
Programatically clone a page to the end of the document. print these dynamic fields, so what advantage does using a pdf offer over a webpage (or if you cant get a webpage into a 1 file format then a small java applet seams better suited than a pdf)?
Update reference data from the web. - doesn't it make more sense to update your pdf?
Re: (Score:2)
Can we just have PDF left alone, to be the static display/print format? If Adobe really wants to do all this other crap, can they please invent a new format, and not try to force me to install the viewer for that app?
No, we can't.
Because it's an open format, if Adobe doesn't "innovate" on it and stay king-of-the-hill, they will lose market share to other products that will embed movies and such. Adobe has to continue to innovate or they risk losing their status as the big cheese, and they make lots of money
Re: (Score:2)
Re:Can we always kill javascript? (Score:5, Insightful)
Yep. They want flash, pdf, and AIR [wikipedia.org] to be ubiquitous. This [newsweek.com] article shows their point of view: "What's wonderful for Adobe is, we are pretty much everywhere you look. [...] Just about every Web site uses Flash. Every tax form you download off the IRS is done in PDF. So it's OK if the average consumer does not know who Adobe is. We're almost like air." They want their suite of tools to be a ubiquitous consumer-level software tool like Windows, and they understand that if they're going to make money that way, they have to convince people that their tool is better than the free alternatives, just as MS has to convince people to desire Windows rather than Linux.
Adobe is very clever about making their formats and implementations open enough to get them widely adopted, while maintaining their market position via a combination of (a) the first-move advantage when they release new features, and (b) keeping certain aspects of their formats and implementations just proprietary enough to maintain the perception that the competition isn't as good. You see it with flash, where they've opened up a lot recently, but for most developers there is really no viable alternative to using Adobe's tools. You see it with pdf, where they sell people snake oil, e.g., convincing them that the DRM features are useful, even though they're trivial to circumvent.
One of the big things working in their favor is patents. E.g., flash supports mp3 but not ogg, which makes it difficult to make a legal, OSS toolchain for flash development, because the license for mp3 forbids distribution of encoders in large numbers without paying a royalty. Ditto for patented color management and patented video codecs. Any patented special sauce they can add to their apps makes it easier for them to differentiate themselves from the free competition.
Re: (Score:3, Funny)
Oh, fine. Next you'll be telling me that you don't want moving parts in your books. Well, maybe you can explain to my little boy why Mr. Giraffe won't wake up when we open that page in Happy Fun at the Pop-Up Zoo!, or why Baby Roo won't peek out of Mama Roo's pouch any more.
Besides, we've already learned to skip the page with Mr. Angry Monkey.
Re: (Score:2)
Does Mr Giraffe reach over and grab the phone and call the publisher each time you read the book, reporting your name and address each time it does?
Re: (Score:2)
No, actually, Adobe can't do that. If they want to deploy software to the masses, they need to either make it part of Reader or make it part of Flash. Anything else is bound to fail.
Re:Can we always kill javascript? (Score:4, Interesting)
Re: (Score:2)
Well, it's only following an evolution in documents. Pretty soon, a document reader/creator becomes 'feature complete' in respect to fulfilling those functions, so firms start adding features that enable documents to become, in effect, working applications. End users find them to be terribly effective in what the want as far as functionality goes, but you get with it the standard fair of problems of layering a development environment on the foundations of something that was never intended to be that.
creeping featuritis (Score:4, Insightful)
Why the hell do we need javascript in a document reader in the first place? Acrobat is not a web browser, and I fail to see any situation that justifies a scripting language that has nothing to do with static documents. I suppose it could be useful for some fill-in forms, but that's about it.
Seems like a solution in search of a problem to me.
Re: (Score:2)
Why do PDF readers need Javascript? (Score:5, Funny)
Having never handled PDF documents except to read them, I wasn't even aware they could contain Javascript. I don't understand why they need to. Jeez, are we going to get to the point where it's not safe to go to the bathroom because the toilet can execute Javascript?
Re:Why do PDF readers need Javascript? (Score:5, Funny)
That didn't sound so bad. Until I thought about stack overflow vulnerabilities.
Re: (Score:3, Funny)
Re:Why do PDF readers need Javascript? (Score:4, Funny)
Jeez, are we going to get to the point where it's not safe to go to the bathroom because the toilet can execute Javascript?
Woah now! Don't let the cat out of the bag too early. Considering how far toilets have come over the century, you'll be happy with a little Javascript injection turning your toilet into a Spam Zombie.
Let's review:
Re: (Score:2)
Here at the office, we have auto-flushers.
They usually wait until you adjust a little and then power-flush a gallon of water in a bidet-like fountain, then when you leave spray you again. Inevitably, every toilet will be, shall we say, visibly un-flushed upon entering the rest room, so you have to pre-flush using the manual black button.
Now, despite the obvious bugs, it has to have some sort of logic in there. I was going to reply saying "no, you're an idiot", but in preparing my response I decided that w
Kill Adobe reader, not java script (Score:4, Insightful)
Re: (Score:2)
Sumatra is to Foxit what Foxit is to Adobe Acrobat Reader.
Re:Kill Adobe reader, not java script (Score:5, Informative)
Edit, Preferences, "Enable JavaScript Actions" is checked by Default.
And yes, this is default, because I just installed the software today to verify the many claims about "just install FoxIT" with no other information.
JavaScript? (Score:2)
We don't need JavaScript in a PDF viewer, at least not for normal purposes. The problem is that Adobe keeps putting additional functionality in the reader. Functionality that I don't need 99% of the time. It's hard enough to create a secure document viewer thats able to do font rendering and vector graphics and such. Lets focus on that and use another viewer for forms and such. Heck, create a PDF viewer first where I can normally select and copy text.
BTW, this is how I currently use PDF documents. I use a s
Okular instead (Score:3, Informative)
Okular rocks, and it apparently can run on Windows [kde.org] as well.
My only feature upgrade request would be to have the underlying PDF engine allow for saving of annotations back to the PDF files... I want a digital highlighter pen.
Mac? (Score:3, Insightful)
Re: (Score:2)
I'd guess, the same type who find Adobe Reader on Linux/Gnome useful, i.e., masochists, sadist IT guys, and IT guys who don't know any better. Oh, and those who need to need to fill out forms in PDF's.
--- Mr. DOS
Re: (Score:2)
If you are using the built in reader that comes with gnome, shouldn't you by the same token be judged as masochist?
I mean, I would be really HAPPY! if it worked right, but problem is that it is full of rendering bugs and memory leaks.
I had to reluctantly install Acrobat from medibuntu after running into several PDFs which had serious problems.
Adobe Reader has more holes that swiss cheese (Score:5, Insightful)
Adobe seriously needs to get its act together. Adobe Reader is in the top 5 most exploited applications and we have a new "highly serious" bug getting released every month or so.
It is slow, it is huge, and it is full of bugs... And it is entirely unjustified for an application designed to read a single file format!
Re: (Score:2)
Hey, isn't this a golden, golden opportunity for the open source community? Here you've got the industry leader droppin' it like it's hot, time to pickup the ball. Chop, chop! How hard could it be to code a bare-bones PDF reader (asks the nonprogrammer)?
The only features I have to have are the various view options, the ability to fullscreen it, and the fact that it saves my position in the document between views (and actually, the adobe reader sucks at this because it only saves upon closing, so if your sys
Re: (Score:3, Informative)
The default on Ubuntu is evince, which does all that.
PDF Forms under Linux (Score:2, Interesting)
Re: (Score:2)
Okular allows for you to fill in forms, and even save the form data in the PDF itself, putting it one step ahead of the free Adobe reader.
Re: (Score:3, Informative)
You can fill them in, but you'll have to print them. You can't use it to submit forms.
Disabling Javascript won't mitigate the risk still (Score:3, Insightful)
Incessant Acrobat JavaScript nagging (Score:5, Interesting)
Re: (Score:2)
If you can find a way to disable this - please reply.
Sumatra (Score:5, Informative)
Precisely why I use Preview on OSX (Score:2, Informative)
I never launch Acrobat Reader, and only rarely Acrobat Professional thanks to the simplicity and speed of Preview.app.
I remove the acrobat plug-in (manually from /Library/Internet Plug-Ins/ since Adobe BORKED their installers to a complete nightmare level) -- I'd just as soon download the PDF or view it in window if I'm in a webkit browser.
Finally, all PDFs are associated with Preview and not Acrobat.
Looking at it logically (Score:2)
Ok, how does Acrobat/PDF thing impact the finding, downloading, and viewing of porn? Not all? Then why use it?
I purpose a new term (Score:4, Insightful)
"Negative-One-Day Exploit"
Used to refer to exploits that have existed in the wild for a long time, known to be a easy access point for exploits by consumers, but have only just been announced as a critical threat by the application owners.
As in, "Javascript in a PDF file? That's a negative-one-day exploit just waiting for a press release."
Re:No problem for Macs, really (Score:5, Informative)
What dumbass would install Acrobat reader when Mac OS X itself can read/write PDFs.
I had to install it to e-file my state taxes. The fill-in tax forms had a lot of behind-the-scenes scripting (javascript, I assume) and only worked with the Adobe browser plugin.
Re: (Score:2)
I can second this: I've encountered fill-in forms that just didn't play nicely with Preview.app.
Another issue is that the full-screen presentation mode in Acrobat works much more nicely for, e.g., giving PDF presentations compiled in LaTeX. It works with clickers for advancing slides.
Re: (Score:2)
Re: (Score:2)
In all seriousness, does anyone know if these zero-day exploits affect Preview? 1729's post implies that they wouldn't, but I'm curious.
Re: (Score:2, Interesting)
How about just get rid of PDFs in general? I mean, how many times have you opened up a page and said to yourself "Sweet, it's a PDF, now I can...". I can't even think of a good example of something you can do with a PDF that you can't do with a properly designed web page or an RTF document.
I suppose there must be a place for them, but it seems to me they're mostly used by people too lazy to create a page with the information they want to display, and instead just put a link to the PDF they sent to their p
Re:Inevitable post recommending Foxit Reader (Score:5, Informative)
The printing industry is heavily dependent upon PDF files in their workflow. PDF attachment via email has basically replaced the fax machine in any professional industry. The format offers everyone a standard format that will look exactly the same everywhere. And, I can create a single PDF from multiple source documents (spreadsheets & word processor docs).
Re:Inevitable post recommending Foxit Reader (Score:5, Insightful)
I can't even think of a good example of something you can do with a PDF that you can't do with a properly designed web page or an RTF document.
Set up formatting and layout for your document in a way that should display the same way when you move transfer the file to another computer, and have it also look the same when you print it out. I mean, that's really what PDF is for, and it's very good for that purpose. Neither HTML nor RTF can really even do complex layouts with embedded images in a single file.
PDF is given a bad name by the slow, bloated application that most people view them on (Adobe Reader). It's not really ideal to treat them like web pages, but most of the dread you feel when you have to click on a link to a PDF is really more the fault of the reader than the format. If you have a good PDF viewer, they aren't slow to load and won't crash your browser.
Re: (Score:2)
RTF, No. HTML, yes. Or would you not consider Google App's spreadsheet to be complex? Images can be embedded in cdata tags. Its not easy or really recommended, but possible.
Re:Inevitable post recommending Foxit Reader (Score:4, Insightful)
Images can be embedded in cdata tags. Its not easy or really recommended, but possible.
Yeah, I don't know if this helps, but my original sentence was intended to be read, "Neither HTML nor RTF can really* even (do complex layouts with embedded images) in a single file. [* Disclaimer: by 'really' I mean in any way that is sensible and well-supported.]"
Ok, so I don't know if that's exceptionally clear anyway, but I gave it a shot. The point is, yes, you can do very complex layouts in HTML, but lots of things require extensive HTML/CSS knowledge to do properly and in a cross-platform manner, and maybe even weird and complex hacks. You can't simply take your Word document with a complex layout and do "save as HTML" and get a good HTML file that maintains that layout.
Beyond that, except for dropping the image into the HTML in base64 (which... well... I wouldn't advocate doing that under most circumstances) including images will require separate files which will then have to be passed along with the HTML and kept in the same relative path, or else you'll lose the images. And then there's the issue of fonts, which newer browsers are only beginning to address with web fonts.
So really, if you want to pass along a single file while maintaining complex layout very accurately, and you don't particularly want the file to be easy to edit, then PDF is a good choice for that purpose. I can't think of another format that's anywhere nearly as good for that purpose.
Re: (Score:3, Insightful)
If you have a good PDF viewer, they aren't slow to load and won't crash your browser.
If you don't use a reader with a browser plugin, a PDF is just as likely to crash your browser as a zip file.
Re:Inevitable post recommending Foxit Reader (Score:4, Interesting)
pdf came out in 1993. XML became a W3C standard in 1998 (working draft in 1996).
So, frankly, they hadn't and have an excellent excuse for not having heard of it. Besides which, you have to consider the hardware and software limitations of 1993 and compare the problems that human-readable formatting solves compared to the problems PDF is intended to solve. PostScript, font, and raster graphics embedding are not especially served by this compared to costs that were significant at the time.
Re: (Score:2)
I run along them all the time just in general information gathering.
I'd love for them to be in a freer format, but at the same time, I love that they are in a format I can read on my computer.
Re: (Score:3, Informative)
I read a lot of PDF files, mostly books and the like, and I recently switched back to Adobe Reader from Foxit, after using it for years. I don't see any difference speed-wise on my machine, it behaves slightly better, looks much better, and it's still proprietary, closed software anyway. With Foxit, its browser plugin used to be unstable with Firefox for whatever reason too. Adobe's plugin seems to work better. As far as I'm concerned about security, I've turned off JS support in Adobe Reader. This seems to
Re:Inevitable post recommending Foxit Reader (Score:5, Insightful)
All in all, I think Foxit Reader is nice, but slightly overrated. Adobe deserves their fair share of criticism, but they still deliver a more polished product.
And without additional cost to you, that delivery includes a 60MB runtime footprint and two or three always-running updater applications!
Re: (Score:2, Interesting)
That's what memory is for, though. I have 4 GiB of it, and I don't see the gain from having it go unused over having it occupied by a sloppily made app. In return, I get something I enjoy using more.
Re: (Score:3, Insightful)
That's what memory is for, though. I have 4 GiB of it, and I don't see the gain from having it go unused over having it occupied by a sloppily made app. In return, I get something I enjoy using more.
I'm not usually a subscriber to the "evil big company" theory, but I'm not too fond of trusting Adobe to install and run whatever they want, regardless of whether or not I have asked for it. Actually, I guess I am a subscriber to that theory - since I don't tend to let anyone run their crap on my PC unless I know exactly what it does or can at least be reasonably sure that it's not doing something stupid*. That's a large part of how I've stayed virus free for a couple of decades, in spite of not running a
Re: (Score:3, Insightful)
I dont really mind the startup time, but the idea that a program adds itself to my bootup menus and runs all the time, really puts me off. The tiny overhead of the updater application doesn't bother me so much, its the fact that it exists at all that indicates a serious design flaw!
That is why on windows always choose xmplay^H^H^H foxit over itunes^H^H^H adobe pdf!
Unfortunately people still flock to this software because of its 'features', and the atrocities of its design are hard to get across to non-geeks
Re: (Score:3, Interesting)
These are things that have frustrated me for years, especialyl as more and more applications are presuming to do it. It's like people have never heard of the concept of windows scheduler/cron, or even spawning off an update thread in the background on startup. Processors and hard drives are so fast these days that even bloated and beefy software (I'm looking at YOU openoffice.org and netbeans) provides acceptable startup times without a "launcher" application.
As far as Adobe - the only thing I ever do w
Re: (Score:3, Informative)
I routinely create, view & print really big PDFs. When comparing FoxIt & Adobe the time difference between opening & printing a E-sized PDF on my machine is huge. FoxIt blows Adobe completely out of the water in every manner I can think of.
Most of the time Adobe will never actually print anything out, or if it does, it will be missing elements.
Re:Disabling Javascript is standard (Score:5, Insightful)
And yet another person misses the point. It's not talking about JavaScript in your browser, it's talking about JavaScript in the Reader software. I guess it's a given that somebody with the uid of 317 didn't RTFA ;)
Re:Disabling Javascript is standard (Score:5, Informative)
Quite so... I didn't even realize that PDF's could run Java scripts...
But now I've got a new hoop to jump through when I update a new computer:
Simple as that!
Re: (Score:2)
Acrobat has had buffer-overflow vulnerabilities in even with JS turned off, due to some nonsense about Windows prefetching the meta info or something.
Re: (Score:2)
> and if you breeze by with a "yes"
Not to disagree with you, but ... did you ever see any "standard user" answering "NO" when a popup appears implying that a "YES" is just needed to do the intended work? "What the hell could be that f**k javascript thing? I just want to read the damn document"....
Re: (Score:2)
Here is a link [acrobatusers.com] to an article discussing the registry keys needed to turn off javascript in Reader. Scripting this should help automate your new machine build without any added human intervention.
Re: (Score:2)
Here's a question: when is someone going to fix Javascript?
Why is it that we all have mods to block it on our browser. We have to disable it in our PDF readers. Why is no one complaining to the developers of javascript about this? Have we just given up the problem as intractable?
Re: (Score:2)
I'd have thought most people who post here would be savvy enough to have NoScript installed.
They are talking about disabling JavaScript in Adobe Reader, not in your web browser.
Re: (Score:2, Informative)
This issue is in Acrobat's own javascript implementation. Acrobat itself runs javascript code that's embedded in PDFs, so the browser doesn't have anything to do with it.
Noscript will do nothing to help you here, and your post brings to mind the old adage - a false sense of security can be worse than no security at all.
Re:This is a Zero-Day? (Score:5, Informative)
Re: (Score:2)
Indeed I am (or was).
Re: (Score:3, Interesting)
^^ this. I had no idea recent versions (or even old ones) of adobe reader even had javascript. Why?
Its considered by most people to be a static document format, leave interactivity to HTML or other formats.