Foxit One-Ups Adobe In Blocking PDF Attack Tactics 112
CWmike writes "Foxit Software, the developer of a rival PDF viewer to Adobe's vulnerability-plagued Reader, released an update on Tuesday that blocks some attacks with a 'safe mode' that's switched on by default. Foxit Reader 3.3 for Windows' 'Trust Manager' blocks all external commands that may be tucked into a PDF document. 'The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachment PDF actions, and JavaScript functions,' the update's accompanying text explains. Last week, several security companies warned of a major malware campaign that tried to dupe users into opening rigged PDFs that exploited an unpatched design flaw in the PDF format, one attackers could use to infect users of Adobe's and Foxit's software. That flaw in the PDF specification's '/Launch' function was disclosed in late March by Belgium security researcher Didier Stevens, who demonstrated how he could abuse the feature to run malware embedded in a PDF document. He also reported he had figured out how to change Adobe Reader's warning to enhance the scam."
Re:If Foxit Can Do It ... (Score:4, Interesting)
Foxit has something to gain from this. For a long time, Adobe only had money to lose by spending anything on their dominant reader that you *had* to use. It appears they haven't lost that mindset.
Re:Hey! This thing has code! Were you expecting th (Score:1, Interesting)
It...won't work. Users are stupid. Not the programmers. The users.
Do you trust the source of this? "Sure, I trust Chuck not to forward me a virus" Of course, they never think that chuck is forwarding Anna K nekkid pics from Bob, who got it from Albert, who got it from Zed, who got it from Debby...
And of course, they'd never contemplate it might not actually be Chuck that sent it, but a virus Chuck opened up and scanned his inbox or address books. And that's just using issues that hit the streets over a decade ago.
No, nobody would *ever* innovate with malware, and actually do something like reply all to current emails to make them context sensitive in a current thread chain.
"Great point $SENDER, but there's a minor flaw. It's a bit hard to explain--but I've got it in this attachment... $CARBONCOPYLIST, can you confirm?"
Or run a multi-stage attack... or spoof an administrator saying to apply something... or host an e-card as shadyporn.cum, please click in the link and login with your AOL userid to continue...
No...users are the problem, and any amount of warnings you do will invariably result in one of two behaviors:
1) they will be told by IT to hit "ignore" once, and they will hit ignore FOREVER MORE.
2) they will be told it's dangerous by their nephew, and ignore it no matter what. If IT tells them to hit it "just once" they will either
a] lie and not actually hit it, but say they did
b] goto 1)
Bottom line--all people between keyboard and chair known as "users" are fucking incapable of exercising any judgement, discretion, or common sense.
Yeah, I'm in IT for a living. And my attitude isn't the problem. If you're incensed by this--you are.
Re:Evince (Score:1, Interesting)
... or xpdf...
Re:If Foxit Can Do It ... (Score:4, Interesting)
Re:Adobe is down down down (Score:3, Interesting)
Re:Why wasn't this implemented from day one? (Score:2, Interesting)
Re:If Foxit Can Do It ... (Score:2, Interesting)
Indeed, one of my mac users was sent a PDF that had been marked up with Foxit by a volunteer. The markup only shows in Foxit reader, which is only available on Windows. A complete waste of the volunteer's time.
- RG>
Re:If Foxit Can Do It ... (Score:3, Interesting)
Adobe has the mindset of a monopolist. In their markets they often are. There support is shoddy to non-existent and their innovation is down. A few years back to cement their position with their graphics tools as dominant (Photoshop et. al), they started requiring those wishing to develop plug-ins to adopt exclusive licensing with Adobe, where adobe could halt sales of their plug-in with any other competing product, if it was determined that it out-performed adobe's product. Most plugin developers don't bother with image editing products outside of photoshop now.
Their licensing mechanism sucks... they sold me a bill of good about functionality, regarding products in there Creative Suite 4 package. I bought 3 of them separately -- turns out that their tools that ties all of the together 'Bridge' only will enable suite
color management if it detects a package license, it won't enable separately bought pieces to work together. It only took me 3 months to get them to admit it was a broken conditional in their license processing in "Bridge" -- they then proceeded to issue me a new license -- for another single copy of photoshop. When I said that wasn't acceptable -- it had to be for all the products I'd purchased (because that's what the documentation says will work), they said I'd have to talk to customer service and would move it back there (I'd gone from customer service to technical, and then back again, and then technical and now again to C.S). That was about a month ago and I haven't heard from them since. Unfortunately I've been too tied up with other more pressing issues than to worry about their broken licensing model.
But basically their support sucks -- they have some wiz bang products that do great things, but prey you don't need technical support.
Their technical support people are way in over their heads (at least the ones I dealth
with).