Adobe Acrobat May Block Antivirus Tools From Monitoring PDF Files (bleepingcomputer.com) 43
An anonymous reader quotes a report from BleepingComputer: Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe's product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity. [...] In a post on Citrix forums on March 28, a user complaining about Sophos AV errors due to having an Adobe product installed said that the company "suggested to disable DLL-injection for Acrobat and Reader.
Replying to BleepingComputer, Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library: "We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat's usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues." The company added that it is currently working with these vendors to address the problem and "to ensure proper functionality with Acrobat's CEF sandbox design going forward." Minerva Labs researchers argue that Adobe chose a solution that solves compatibility problems but introduces a real attack risk by preventing security software from protecting the system.
Replying to BleepingComputer, Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library: "We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat's usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues." The company added that it is currently working with these vendors to address the problem and "to ensure proper functionality with Acrobat's CEF sandbox design going forward." Minerva Labs researchers argue that Adobe chose a solution that solves compatibility problems but introduces a real attack risk by preventing security software from protecting the system.
Another "they both suck" case (Score:5, Insightful)
Most "security" software is snake-oil garbage... but Acrobat has been hot garbage for decades. Don't use either!
Re:Another "they both suck" case (Score:4, Interesting)
Most "security" software is snake-oil garbage... but Acrobat has been hot garbage for decades. Don't use either!
Adobe Reader 5.x was under 10MB in size. It reads PDFs.
Adobe Reader 21.x is over 300MB in size. It reads PDFs.
Forget the subscription bullshit. I've yet to find a justification to support that much bloat.
Re: (Score:2)
Is Adobe Reader 21 more secure though?
Remember when security alerts about Adobe products were a weekly, sometimes daily occurrence? It was usually Flash, but Reader (and Acrobat before it) had its fair share of critical flaws.
It appears they have ditched the old engine entirely and re-written it as Javascript to run in a Chromium based sandbox, a bit like VS Code and many other applications. The main security advantage is that Chromium is highly secure and regularly updated by competent developers. It also
Re: (Score:3)
Is Adobe Reader 21 more secure though?
The overwhelming majority of people still use PDFs in a very minimal capacity. Due to the feature-creep and bloat, Adobe Reader became the risk, not the solution. And PDF reader alternatives were born.
Probably going to take a while to build that trust up again. If ever. At least it looks like they're taking decent steps.
I'll take 300MB over nearly daily security patches for month's old flaws that have been exploited in the wild.
Adobe didn't prevent daily security patches and flaws back when it was a 200MB "lightweight" either. 300MB won't guarantee anything.
use something else (Score:5, Funny)
Friends don't let friends use Adobe. Find an alternative that suits you.
Re:use something else (Score:5, Funny)
Silverlight!
Re: use something else (Score:1)
Re: (Score:3)
google for pdf reader for your OS!!
browser pdf reader work for 99% of the people, if you are one of the 1% corner case, you know what you need and can search for other pdf readers with that feature.
hey, some features may only exist in adobe.... but if you using then, i suspect you should use other tool instead of PDF... javascript, dynamic content document in a standard "static document" is plain stupid and a security risk... people that use that have been warned
Re: (Score:2)
PDF Forms are about the only thing I haven't found a good alternative for. pdf.js and Sumatra PDF don't support them.
Fortunately they don't seem to be very common anymore. People send Word documents instead.
Re: (Score:3)
What completely compliant alternatives exist? The browser pdf readers are a joke. Any recommendations?
Foxit.
Re: (Score:2)
Re: (Score:3)
Foxit is a damn good PDF reader. But launch the Linux version from a terminal and watch the console output for a while, it'll give you a new appreciation for sandboxing.
Re: use something else (Score:2)
I don't know about "completely" compliant, but mupdf is pretty sweet. I think they have their own engine.
Re: use something else (Score:1)
SumatraPDF. Been using it for years, never looked back. No bloat at all, extremely small, quick, etc. Haven't had a PDF that didn't work.
Re: use something else (Score:2)
Since it's a reader it should be running in a sandbox with no rights to do anything including clickable links or clipboard access.
Re: (Score:2)
Word to the wise (Score:1, Funny)
Sorry, but I only accept .docx formatted documents.
Re: (Score:1)
Re: Word to the wise (Score:2)
That's okay (Score:2)
I block Adobe Acrobat by default, since it's basically malware.
Why use Acrobat at all? (Score:3)
PDF Reader embedding a Chromium web browser??? (Score:2, Interesting)
I haven't yet seen discussion of the fact that everyone's favorite secure PDF reader is now embedding "CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues” which is "handling multiple integral aspects of the application, such as network interaction and Document Cloud services (Fill and Sign, Send for Signature, Share for View/Review, and so on).”
It's also disappointing that many Windows anti-virus programs are relying upon blockable DLL injection to trap
Re: (Score:2)
Windows Defender comes free with Windows now, and it has a up-to-date blocklist, followed up by Mircosoft's ability to "killbit" bad software. Getting Norton just gives Symantic a back door way to get in... what improvement on the OS is that?
If you want to be as secure as an iPhone, get the S version of Windows and it'll be limited to the Microsoft App Store for new programs to get in, no more installing directly from the maker. Mac is on a similar path.
Oh no, Adobe, you got that backwards (Score:2)
Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library
No, Adobe, your crap reader is incompatible with my security setup.
More Proprietary Crap (Score:2, Troll)
It wasn't until I had to extract/write/compress PDFs programmatically that I found out what a total mess it was. I didn't know that everyone has 'only mostly' reverse-engineered the files. There's no rough specs or guidelines, just proprietary binaries.
Why do we put up with this crap?
Re: (Score:3)
Re: (Score:2)
If you have PDF as input somewhere, the maintenance will be higher than you would wish.
That is the NICEST, most even handed way of saying that. It's like when my Mom is describing something that happened with my Son. :D
You are a very kind person.
Re: (Score:2)
IMHO, Adobe aren't the people who brought you "flash".
Re: (Score:2)
IMHO, Adobe aren't the people who brought you "flash".
Touche! They DID make it awful though.
name an alternative for secure documents (Score:4, Insightful)
I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document? I've got piles of them and I'm just a regular guy who lives an average life. Have you never had to sign such a document? Do you trust a Brand X program to produce that document?
Acrobat costs a lot of money because there is nothing comparable. I have no love for Adobe or their rentware, but I keep an old copy of Acrobat so I can manage documents securely. I'd love to know if you've found a better PDF maker/editor.
Re: name an alternative for secure documents (Score:2)
Re: (Score:2)
I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document?
Let them enjoy their crypto ransomware and miners then.
Re: name an alternative for secure documents (Score:3)
...as opposed to enjoying the "crypto ransomware and miners" of snakeoil security tools?
Re: (Score:2)
This isn't a question of secure document or not. It's a question of Adobe or not. I handle secure PDFs all the time, and we do *NOT* use Adobe Acrobat at work.
Do you trust a Brand X program to produce that document?
Why wouldn't you? PDF is also known by another name: ISO 32000. I'm surprised people trust Adobe given their long LONG history of incredibly buggy handling of their own format.
Acrobat costs money because it's relying on the ignorance of customers. There are many alternatives to handling, signing, creating, and modifying secure PDF documents, all in a
Re: (Score:2)
I'd love to know if you've found a better PDF maker/editor.
Nitro Pro [gonitro.com].
Foxit PDF Editor [foxit.com].
Kofax PowerPDF [kofax.com].
There are dozens of smaller and/or OSS options [alternativeto.net].
Do you trust a Brand X program to produce that document?
Well, now you've got a self-inflicted chicken-and-egg problem. If it's a matter of brand awareness, then yeah, you're stuck with Acrobat. However, each of the listed applications have been around for nearly 20 years; PowerPDF has been through a few hands (was originally ScanSoft, then Nuance), but Kofax is better known for their enterprise grade document management systems. Point is, if the concern is "it doesn't say A
Re: (Score:2)
I guess there are no doctors or lawyers here. No CEOs, insurance agents, building contractors, lenders, entrepreneurs, nobody at all who works with contracts or official documents. These people often require signed documents to confirm agreements. It's not always reasonable to meet in person, and fax machines are rare as hen's teeth. So what are they going to use but an Acrobat document?
I've bought and sold houses online. Digital signatures and nary an Adobe logo anywhere. Why do you truly believe that there is only one vendor of digital forms on the planet? This is like claiming no one will be able to buy gas anymore if Chevron shuts down and is unavailable.
And if securing a document is that critical, figure out a way to sign the damn thing and mail it. Snail Mail still works globally quite well regardless of human impatience.
Should be static, but aren't (Score:2)
Wait what? (Score:3)
DLL-injection? Wow, that's no different than a virus. Or from overriding interrupt tables in the DOS.
Re: (Score:2)
With the PDF patents expired... Adobe's done a lot to add "features" to a once perfect format.
So, the problem is w/features it shouldn't have? (Score:2)