You are here: Home » Did You Know? » Why You Don’t Need Adobe Reader

Why You Don’t Need Adobe Reader

by Dave on September 28, 2011

Adobe and Sumatra LogosI recently read an article (http://ow.ly/6E5dr) by one of my favorite security gurus, Michael Horowitz. It’s a bit long but very thorough and contains a discussion of the safety and security of Adobe Reader. I read a similar article by Michael several years ago and switched away from Adobe Reader as a result. Since then I’ve changed computers and neglected to download a safer PDF reader.

For the sake of brevity, let me try to summarize the article.

The more code a program contains, the more opportunities for mistakes (vulnerabilities) there are.

The more code a program contains, the more opportunities (attack surfaces) hackers have to attack the code.

The more ‘features’ a program contains, the more code it needs to run all the features.

Adobe Acrobat, the program that creates PDF documents, can create multimedia PDFs. Todays PDFs can contain audio files, Flash movie files, interactive Javascript, and more. (http://ow.ly/6E5lY) Hackers love PDFs because they can bury their malware needles in a haystack of code.

Adobe Reader necessarily contains a ton of code to allow users to run all those features. But seriously, when was the last time you received a PDF that contained much more than text or images? Me either.

The other problem with Adobe Reader is that it’s everywhere. It comes built in to most browsers and many, if not most, computers. So when hackers are looking for a vehicle to distribute their malware widely, PDFs are an excellent choice.

Yet there are other less well known PDF readers that don’t have all the bells and whistles. So they don’t have as much code to attack. They’re also virtually unknown to average users, so they’re not a big enough target to attract hackers.

Michael’s point is that for most average users, the security risks of using Adobe Reader far outweigh the advantages. He suggests using one of the lesser know, lean-and mean PDF readers. He likes Sumatra (http://ow.ly/6E5Di). If you’ve never heard of it, that’s good. The hackers haven’t either.

At Michael’s suggestion, I’ve used Sumatra for a few years and have rarely needed to call on Adobe Reader. Michael doesn’t suggest getting rid of Adobe Reader. Just don’t use it as your default PDF reader. Set Sumatra, or another reader as your default. You’ll be much safer.

Michael’s complete article is here: http://ow.ly/6E5dr

Be Sociable, Share!

Related posts:

  1. E-reader Price Wars

Comments on this entry are closed.

Previous post:

Next post: