The new zero-day vulnerability in Adobe Reader may have some people wondering if there’s a way to use Portable Document Format (PDF) files more safely. The answer is yes: you can reduce your risk in using PDF files. Here’s how.
First of all – and this can’t be stressed enough – keep your PDF reader up to date. Many popular PDF readers incorporate some sort of autoupdate function to make this easier for you. Be careful about downloading “updates” from unknown download sites, as frequently these turn out to be malicious. Use the built-in autoupdate feature or download directly from the developer’s website instead.
In addition, we won’t mention the usual bits of advice like don’t open suspicious files or websites, etcetera. Let’s assume that if an attack does occur, it will be by a reasonably non-obvious method, like Blackhole spam runs.
You can be exposed to malicious PDF files in many ways, but broadly speaking they can be categorized as either in the browser or out of it. In the browser attacks are just that – PDF files opened within browsers using either external add-ons or the browser’s own capabilities. Exploit kits are an example of how users can be exposed to PDF files in their browser.
By contrast, here is an example of out of the browser attacks: files which are saved onto the computer from a mail client or the browser and then opened in the PDF reader itself.
What you can do in the first case is reduce your usage of plug-ins to open PDF files. Both Google Chrome and Mozilla Firefox can use integrated PDF readers that make relying on external apps unnecessary. (For Chrome, it comes built-in; for Firefox it has to be downloaded as a separate add-on. To use these, it may be necessary to disable any plugins installed by PDF readers. The way to do this differs from browser to browser.