Technology for Everyone

Keeping your computer free from viruses, malware, and trojans could be as simple as one check box.

Uncheck "Enable Acrobat JavaScript"

If you’re a trusting soul and just want to take my word for it, open up Adobe Reader (and/or Adobe Acrobat), go to Edit -> Preferences -> Javascript, and uncheck “Enable Acrobat JavaScript”.

Why?

Experts are saying (and I believe them) that Adobe products such as Acrobat, Adobe Reader, and Flash will be the biggest targets for hackers in 2010.  With Microsoft doing a much better job at security, hackers are turning their attention to poking at the holes in Adobe’s software.  For the hackers, it just makes good sense to reach for this low-hanging fruit.

Over the course of 2009, many warnings were issued concerning vulnerabilities in Adobe’s core PDF creation and viewing products.  The common thread in many of these warnings is that the vulnerabilities exploit the JavaScript functionality in PDF documents.

When I state that JavaScript is the key security hole in “many of these warnings”, I really mean “every single one that I can remember”.  Users who have disabled JavaScript are not at risk.

Adobe’s security chief defends JavaScript in Acrobat.  I have no qualms with JavaScript being available in PDF files, but the simple fact of the matter is that the overwhelming majority of users don’t need it, don’t use it, and wouldn’t even notice if it were turned off.  Instead of choosing to make their product secure by default, Adobe has made their product the number one target for hackers.

UPDATE:  Rogue PDFs account for 80% of all exploits [in Q4 of 2009], says researcher