Wednesday, December 07, 2011

Security experts continue to show concern about PDF vulnerabilities, from "unnecessary" features from Adobe

Today, Sophos Security (associated with Webroot) sent a downloadable white paper on PDF security. The way it was delivered makes it hard to give an effective URL, but Neil Rubenking of PC Mag  gives a pretty cogent view (from April 2010) about how Adobe “lost its way” by adding so many features to PDF, that make them a security hazard. 

I get updates from Adobe constantly, but there seems to be some scuttlebutt that keeping up is difficult, and that the wide range of capabilities of PDF documents are unnecessary for most users, causing needless risk.

The PDF format does have one great advantage for book-like documents: they view and print (and paginate and font-interpret) exactly the same on any device. So they’re very popular, for example, for transmitting program notes that accompany music .mpg files when composers sell them online.  

There are a lot of suggestions to use Google Docs to view PDF files on the web, and to install the gPDF plugin, particularly for Firefox. 

The link for the story is here.

The view of PDF makes it sound as risky to view on the Web as used to be thought the case with Word documents (instead of HTML).  But today, it's not so clear that HTML has to be safe either. 

I have noticed that Webroot will sometimes give me warnings about Microsoft Word macros on a few of my own local documents from earlier times.

I have used PDF for my new eBook on my “Do Ask Do Tell” site, and for three other documents explaining my plans.  I created these from Word.  I guess I should reassess this since some visitors may not like opening PDF documents.  


No comments: