I'm working solely with Adobe Reader 11.x on Windows 64-bit systems for the purposes of this discussion.
As far as I'm aware, the two most serious attack vectors are attacks on Adobe Reader's browser plug-in, and attacks involving malicious PDFs.
My current configuration of Adobe Reader for the average user involves updating it to the latest revision (IIRC 11.0.9) using its auto-update system, and making a few changes in Edit > Preferences:
1 - Under 'Internet', I disable 'fast web view' and 'allow speculative downloading in the background'. I think 'fast web view' is the clincher here, I think it removes the browser plug-in from browsers such as IE and Firefox.
2 - Under 'JavaScript', I disable 'Acrobat JavaScript'. I'm sure that this will break some PDF functionality for someone at some point, but for all the other users who require a basic PDF reader most of the time (but form filling in the PDF appears to be becoming more common and I don't think SumatraPDF can do this), it should be a benefit rather than an obstacle.
I'm happier about having Adobe Reader on customers' systems since the current version doesn't reinstate default settings after every update (which would undo any security enhancements I hope to make).
PS - I have in the past switched between recommending Adobe Reader, Foxit Reader and SumatraPDF. SumatraPDF's printing support appears to be shaky, I've seen printing problems on several systems, more commonly with HP printers. I wasn't happy with Foxit Reader for a while because they turned their auto-update system into (effectively) a product install procedure complete with reconfiguration to get rid of the browser plugin, and I'm currently not happy with its default overly-complicated ribbon interface (it's a PDF reader, how complicated does a PDF reader's interface really need to be?).
Hopefully Adobe will completely fix their auto update system at some point so Reader 11 users will automatically be updated to version 12 when it is released. The 10 to 11 auto update sometimes happens as one might expect.
I guess the reason why I'm posting this thread is to ask for suggestions for ways to tighten Adobe Reader's security without creating problems for common uses of it.
As far as I'm aware, the two most serious attack vectors are attacks on Adobe Reader's browser plug-in, and attacks involving malicious PDFs.
My current configuration of Adobe Reader for the average user involves updating it to the latest revision (IIRC 11.0.9) using its auto-update system, and making a few changes in Edit > Preferences:
1 - Under 'Internet', I disable 'fast web view' and 'allow speculative downloading in the background'. I think 'fast web view' is the clincher here, I think it removes the browser plug-in from browsers such as IE and Firefox.
2 - Under 'JavaScript', I disable 'Acrobat JavaScript'. I'm sure that this will break some PDF functionality for someone at some point, but for all the other users who require a basic PDF reader most of the time (but form filling in the PDF appears to be becoming more common and I don't think SumatraPDF can do this), it should be a benefit rather than an obstacle.
I'm happier about having Adobe Reader on customers' systems since the current version doesn't reinstate default settings after every update (which would undo any security enhancements I hope to make).
PS - I have in the past switched between recommending Adobe Reader, Foxit Reader and SumatraPDF. SumatraPDF's printing support appears to be shaky, I've seen printing problems on several systems, more commonly with HP printers. I wasn't happy with Foxit Reader for a while because they turned their auto-update system into (effectively) a product install procedure complete with reconfiguration to get rid of the browser plugin, and I'm currently not happy with its default overly-complicated ribbon interface (it's a PDF reader, how complicated does a PDF reader's interface really need to be?).
Hopefully Adobe will completely fix their auto update system at some point so Reader 11 users will automatically be updated to version 12 when it is released. The 10 to 11 auto update sometimes happens as one might expect.
I guess the reason why I'm posting this thread is to ask for suggestions for ways to tighten Adobe Reader's security without creating problems for common uses of it.
Last edited: