Slashdot Mirror

← Back to Stories (view on slashdot.org)

Foxit One-Ups Adobe In Blocking PDF Attack Tactics

Posted by kdawson on from the can't-fox-us dept.

CWmike writes "Foxit Software, the developer of a rival PDF viewer to Adobe's vulnerability-plagued Reader, released an update on Tuesday that blocks some attacks with a 'safe mode' that's switched on by default. Foxit Reader 3.3 for Windows' 'Trust Manager' blocks all external commands that may be tucked into a PDF document. 'The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachment PDF actions, and JavaScript functions,' the update's accompanying text explains. Last week, several security companies warned of a major malware campaign that tried to dupe users into opening rigged PDFs that exploited an unpatched design flaw in the PDF format, one attackers could use to infect users of Adobe's and Foxit's software. That flaw in the PDF specification's '/Launch' function was disclosed in late March by Belgium security researcher Didier Stevens, who demonstrated how he could abuse the feature to run malware embedded in a PDF document. He also reported he had figured out how to change Adobe Reader's warning to enhance the scam."

7 of 112 comments (clear)

  1. If Foxit Can Do It ... by WrongSizeGlass · · Score: 5, Funny

    ... then surely Adobe can do it. It's probably because Foxit is bigger and able to reassign resources better than Adobe ... oh wait ... how did Foxit beat Adobe on this fix?

  2. Hey! This thing has code! Were you expecting that? by LostCluster · · Score: 4, Insightful

    They used to say there was no way an image file or text doc could spread a computer virus... then buffer overruns were discovered in image handlers, and Microsoft added VBA macros that basically had the full power of Visual Basic at its disposal to Office, and away it went!

    Now, I make my living writing Visual Basic, so there's no way I want to see VBA going away. Still there needs to be some safety to prevent a VBA macro from using unknowing users' computers from flooding the Internet with useless traffic... and the solution is pretty simple: If an Office doc contains VBA code, a warning is shown to the user asking them if they trust the source of the file, and would like the code to be enabled. If the user declined, macros won't run but users can see the static content in the file.

    So.. that's the solution being employed here. They're effectively saying "Hey, this PDF is using network functionality, do you trust it to do that?" That should shut off the threat vector while still allowing the functionality to be used in trustworthy situations... why isn't this something in Adobe's official reader yet?

  3. Re:Hey! This thing has code! Were you expecting th by just_another_sean · · Score: 4, Insightful

    The only problem with all that is that most users just shrug and say, um, sure -> OK.
    IMHO, for corporate use anyway, Foxit should add some way to leave the default "don't let
    it run" enabled and prevent users from turning it off. Just to give us poor, overworked
    sysadmins a way to prevent non-root/non-Administrator user "Just click OK" (TM) syndrome.

    I believe MS does provide a way to handle the VBA situation you described but it's been
    a while so not 100% sure

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
  4. Why wasn't this implemented from day one? by ProdigyPuNk · · Score: 5, Insightful

    Is this really a "feature" that should be celebrated? This should have been implemented since the beginning. If you're making a PDF reader, and the PDF spec has an "execute" functionality, shouldn't everyone developing these programs have seen the spec and realized what this could do?

  5. Adobe is down down down by rcastro0 · · Score: 4, Informative

    Is it a coincidence that I read that Adobe is losing the grip on PDF just a few days after I read Job's "Thoughts on Flash", essentially dumping Flash from iPhones/iPads, and burning it at a stake? Or is Adobe's strategy really failing spectacularly before our own eyes?

    I should've seen it coming -- I haven't used Acrobat Reader for years. PDF Xchange Viewer is my current favorite, though Foxit was my first off-Adobe alternative, back when.

    --
    Quem a paca cara compra, paca cara pagará.
  6. Re:FoxIt for Linux? by ichthyoboy · · Score: 5, Informative

    You mean like they already have?

  7. Since I can't change behavior... by drumcat · · Score: 5, Informative

    As an IT admin, I'm not getting anyone to drop PDF as a format. That's insane. But this, along with the 9.2 update installing McAfee without permission, has made me decide my company will be moving to Foxit. Adobe has screwed me for the last time. For anyone's info, if you have Reader 9.0, without the McAfee install selected, and you then do a "Check for updates" update from within the program, McAfee AV will be installed. I now have to UNinstall it from a shit-ton of machines. Adobe is famous for bad installers, but this takes the cake.