Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Software

Adobe Acrobat May Block Antivirus Tools From Monitoring PDF Files (bleepingcomputer.com) 43

An anonymous reader quotes a report from BleepingComputer: Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe's product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity. [...] In a post on Citrix forums on March 28, a user complaining about Sophos AV errors due to having an Adobe product installed said that the company "suggested to disable DLL-injection for Acrobat and Reader.

Replying to BleepingComputer, Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library: "We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat's usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues." The company added that it is currently working with these vendors to address the problem and "to ensure proper functionality with Acrobat's CEF sandbox design going forward." Minerva Labs researchers argue that Adobe chose a solution that solves compatibility problems but introduces a real attack risk by preventing security software from protecting the system.

This discussion has been archived. No new comments can be posted.

Adobe Acrobat May Block Antivirus Tools From Monitoring PDF Files

Comments Filter:
  • by Burdell ( 228580 ) on Tuesday June 21, 2022 @07:04PM (#62640774)

    Most "security" software is snake-oil garbage... but Acrobat has been hot garbage for decades. Don't use either!

    • by geekmux ( 1040042 ) on Tuesday June 21, 2022 @11:21PM (#62641148)

      Most "security" software is snake-oil garbage... but Acrobat has been hot garbage for decades. Don't use either!

      Adobe Reader 5.x was under 10MB in size. It reads PDFs.

      Adobe Reader 21.x is over 300MB in size. It reads PDFs.

      Forget the subscription bullshit. I've yet to find a justification to support that much bloat.

      • by AmiMoJo ( 196126 )

        Is Adobe Reader 21 more secure though?

        Remember when security alerts about Adobe products were a weekly, sometimes daily occurrence? It was usually Flash, but Reader (and Acrobat before it) had its fair share of critical flaws.

        It appears they have ditched the old engine entirely and re-written it as Javascript to run in a Chromium based sandbox, a bit like VS Code and many other applications. The main security advantage is that Chromium is highly secure and regularly updated by competent developers. It also

        • Is Adobe Reader 21 more secure though?

          The overwhelming majority of people still use PDFs in a very minimal capacity. Due to the feature-creep and bloat, Adobe Reader became the risk, not the solution. And PDF reader alternatives were born.

          Probably going to take a while to build that trust up again. If ever. At least it looks like they're taking decent steps.

          I'll take 300MB over nearly daily security patches for month's old flaws that have been exploited in the wild.

          Adobe didn't prevent daily security patches and flaws back when it was a 200MB "lightweight" either. 300MB won't guarantee anything.

  • by awwshit ( 6214476 ) on Tuesday June 21, 2022 @07:10PM (#62640784)

    Friends don't let friends use Adobe. Find an alternative that suits you.

    • by sound+vision ( 884283 ) on Tuesday June 21, 2022 @07:30PM (#62640830) Journal

      Silverlight!

    • What completely compliant alternatives exist? The browser pdf readers are a joke. Any recommendations?
      • by higuita ( 129722 )

        google for pdf reader for your OS!!

        browser pdf reader work for 99% of the people, if you are one of the 1% corner case, you know what you need and can search for other pdf readers with that feature.

        hey, some features may only exist in adobe.... but if you using then, i suspect you should use other tool instead of PDF... javascript, dynamic content document in a standard "static document" is plain stupid and a security risk... people that use that have been warned

        • by AmiMoJo ( 196126 )

          PDF Forms are about the only thing I haven't found a good alternative for. pdf.js and Sumatra PDF don't support them.

          Fortunately they don't seem to be very common anymore. People send Word documents instead.

      • What completely compliant alternatives exist? The browser pdf readers are a joke. Any recommendations?

        Foxit.

        • by lsllll ( 830002 )
          Seconded. Installed it on my wife's computer and my gaming machine and have never had any issues (as long as you don't opt in for their bloat).
        • Foxit is a damn good PDF reader. But launch the Linux version from a terminal and watch the console output for a while, it'll give you a new appreciation for sandboxing.

      • I don't know about "completely" compliant, but mupdf is pretty sweet. I think they have their own engine.

      • SumatraPDF. Been using it for years, never looked back. No bloat at all, extremely small, quick, etc. Haven't had a PDF that didn't work.

    • Since it's a reader it should be running in a sandbox with no rights to do anything including clickable links or clipboard access.

    • by lsllll ( 830002 )
      Lucee, Lucee, Lucee!
  • by Anonymous Coward

    Sorry, but I only accept .docx formatted documents.

  • I block Adobe Acrobat by default, since it's basically malware.

  • by Catvid-22 ( 9314307 ) on Tuesday June 21, 2022 @08:56PM (#62640938)
    Any PDF that requires more than a generic reader gives a lie to the modifier "portable".
    • by Anonymous Coward

      I haven't yet seen discussion of the fact that everyone's favorite secure PDF reader is now embedding "CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues” which is "handling multiple integral aspects of the application, such as network interaction and Document Cloud services (Fill and Sign, Send for Signature, Share for View/Review, and so on).

      It's also disappointing that many Windows anti-virus programs are relying upon blockable DLL injection to trap

      • Windows Defender comes free with Windows now, and it has a up-to-date blocklist, followed up by Mircosoft's ability to "killbit" bad software. Getting Norton just gives Symantic a back door way to get in... what improvement on the OS is that?

        If you want to be as secure as an iPhone, get the S version of Windows and it'll be limited to the Microsoft App Store for new programs to get in, no more installing directly from the maker. Mac is on a similar path.

  • Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library

    No, Adobe, your crap reader is incompatible with my security setup.

  • From the people that brought you "flash" . . .

    It wasn't until I had to extract/write/compress PDFs programmatically that I found out what a total mess it was. I didn't know that everyone has 'only mostly' reverse-engineered the files. There's no rough specs or guidelines, just proprietary binaries.

    Why do we put up with this crap?
    • There is. 1000-1400 pages, depending on version you find. But it is convoluted and applied so loosely even in Acrobat, that everyone just implements what seems to be enough. They tried to implement not just document format, but whole web in it, just to keep it popular. And of course, that never worked, just made a lot of companies resort to solutions not fitting all the pieces together and incompatible with the rest. If you have PDF as input somewhere, the maintenance will be higher than you would wish.
      • If you have PDF as input somewhere, the maintenance will be higher than you would wish.

        That is the NICEST, most even handed way of saying that. It's like when my Mom is describing something that happened with my Son. :D

        You are a very kind person.

    • by vbdasc ( 146051 )

      IMHO, Adobe aren't the people who brought you "flash".

  • by swell ( 195815 ) <jabberwock@poetic.com> on Tuesday June 21, 2022 @11:03PM (#62641128)

    I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document? I've got piles of them and I'm just a regular guy who lives an average life. Have you never had to sign such a document? Do you trust a Brand X program to produce that document?

    Acrobat costs a lot of money because there is nothing comparable. I have no love for Adobe or their rentware, but I keep an old copy of Acrobat so I can manage documents securely. I'd love to know if you've found a better PDF maker/editor.

    • This is one case where the cloud signing services are implicitly better options anyhow since they can attach signing metadata (IP address) to help prove authenticity of signatures.
    • by vbdasc ( 146051 )

      I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document?

      Let them enjoy their crypto ransomware and miners then.

    • This isn't a question of secure document or not. It's a question of Adobe or not. I handle secure PDFs all the time, and we do *NOT* use Adobe Acrobat at work.

      Do you trust a Brand X program to produce that document?

      Why wouldn't you? PDF is also known by another name: ISO 32000. I'm surprised people trust Adobe given their long LONG history of incredibly buggy handling of their own format.

      Acrobat costs money because it's relying on the ignorance of customers. There are many alternatives to handling, signing, creating, and modifying secure PDF documents, all in a

    • I'd love to know if you've found a better PDF maker/editor.

      Nitro Pro [gonitro.com].

      Foxit PDF Editor [foxit.com].

      Kofax PowerPDF [kofax.com].

      There are dozens of smaller and/or OSS options [alternativeto.net].

      Do you trust a Brand X program to produce that document?

      Well, now you've got a self-inflicted chicken-and-egg problem. If it's a matter of brand awareness, then yeah, you're stuck with Acrobat. However, each of the listed applications have been around for nearly 20 years; PowerPDF has been through a few hands (was originally ScanSoft, then Nuance), but Kofax is better known for their enterprise grade document management systems. Point is, if the concern is "it doesn't say A

    • I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document?

      I've bought and sold houses online. Digital signatures and nary an Adobe logo anywhere. Why do you truly believe that there is only one vendor of digital forms on the planet? This is like claiming no one will be able to buy gas anymore if Chevron shuts down and is unavailable.

      And if securing a document is that critical, figure out a way to sign the damn thing and mail it. Snail Mail still works globally quite well regardless of human impatience.

  • The underlying problem is that PDFs are no longer static. It's not just the possibility of form fields - which would be fine. That's just the top of the iceberg. PDFs are fully programmable. It's entirely believable that the could hide malware.
  • by Gabest ( 852807 ) on Wednesday June 22, 2022 @12:51AM (#62641226)

    DLL-injection? Wow, that's no different than a virus. Or from overriding interrupt tables in the DOS.

  • It is at least reasonably arguable that a document reader/editor should not have things like browser components, sandboxed or not.

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Working...