Members Login
Username 
 
Password 
    Remember Me  
 

Topic: F-Secure Says Stop Using Acrobat Reader

Page 1 of 1  sorted by
Wide (rest of width)
Narrow (200px)
Teacha
Status: Offline
Posts: 4475
Date:

F-Secure Says Stop Using Acrobat Reader

During the RSA Conference (2009) held this week, F-Secure's chief research officer Mikko Hypponen told the press on Tuesday that consumers should not use Adobe's Acrobat Reader, but rather switch to an alternate application to read PDF files. Those are strong words, especially when most consumers have Acrobat Reader installed and set as the default PDF application. However, according to Hypponen, 47-percent of the targeted attacks in 2009 have exploited holes in the program; six vulnerabilities have been discovered in Reader so far (SA29773) this year.

Hypponen went on to warn that Adobe Reader is the new Internet Explorer (6), referring to a time when security experts told consumers to switch to another browser due to huge security holes in Microsoft's browser. By getting rid of Reader, he said that consumers will reduce their risk of acquiring malicious code and infecting the PC. "That's my advice," Hypponen said. "I don't expect a Christmas card from Adobe."

PDF files can be especially dangerous to consumers and executives who are accustomed to receiving files in that format. Recipients of an infected PDF merely open the file via Acrobat Reader and activate the embedded malicious code (aka a "targeted attack"), opening a back door in the PC and allowing the attacker to steal sensitive data. Security flaws in the Adobe Acrobat Reader browser plugin also allows the attacker to come in and create a back door, termed as a "drive-by download," when the end user downloads a PDF from a "tainted" website.

Unfortunately, the problem is getting worse. According to Hypponen, F-Secure saw 128 "dangerous" drive-by attacks between Jan 1 and April 16, 2008. In the same time frame this year, F-Secure has seen 2,305 drive-by attacks. To alleviate the problem, Hypponen suggested that Adobe should make security a priority, and to take notes from Microsoft whom releases monthly security patches on a regular basis. Unfortunately, consumers aren't fully aware that Adobe's Acrobat Reader requires updating in a security sense, and often avoid installing crucial updates when the program alerts the end-user of a new patch.

For now, Hypponen suggests that consumers stop using Reader altogether, and locate a compatible program by heading to this website. Are these programs more secure? That's a good question, however, like Firefox and the other non-Internet Explorer browsers, they're not currently in the hacker-oriented spotlight. Still, come this holiday season, it will not be surprising to see Adobe sending Hypponen a Christmas card PDF to his email inbox.

__________________
Its better to Have plans and Schemes than Hopes and Dreams.........Hard Work is the Key to Sucsess..doah
GAZA MI SEY

avrh4m.gif


MZ Life Time Super G/\Z/\ Member
Status: Offline
Posts: 26023
Date:
47-percent of the targeted attacks in 2009 have exploited holes in the program...wow I was wonderin how he could say something like "consumers should not use Adobe's Acrobat Reader"


so wat program should we use

__________________

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.