Secure IT Foundation

Posts Tagged ‘Adobe reader security

While your Windows Security updates will automatically download and install themselves, to date there has been limited options for home computer users to automatically patch all the other applications installed.  Thankfully a nice Danish company has released the home version of their enterprise tool for automatically updating computers. A fully patched computer makes a much harder computer to break into, while you still need Anti Virus software, you are not relying on a single security approach to protect yourself. Most drive-by malware and self replicating viruses depend on your lack of security to work. Much like your teeth, if there is no hole the risk of cavities is much lower.

Secunia PSI is a free tool for home use which checks all the applications on your computer and tells you which need to updated for security. The latest version of Secunia PSI, recently updated to version 3.0 includes automatic updating for many applications like Oracle’s Java, Adobe Flash and Adobe Reader, possibly the worst security offenders in 2012.  We have completed our testing of the product and while it does not automatically update everything it is the best tool out there for home computer security. If they have any sense Microsoft will purchase Secunia and make it a standard security tool on all home computers… At our shop in Rotterdam, Secunia PSI has been a standard addition to all our customer installations of Windows.

SecurityBrad

If you only ever update your computer’s operating system and applications once every few months, if at all, then it is time you checked your updates as June proved to be a busy month for security exploits used to take over your computer.

Adobe has released updates to their Flash player, Shockwave Player and Reader products plus a host of other updates for their paid versions.

Java has been updated to Version 6 Update 26

Sumatra PDF has been updated to version 1.6, but do choose not to install the plugins for browsers.

Microsoft issued 16 new security updates for multiple versions of Windows. Link only works for Internet Explorer users sadly. If you have already installed the June updates, there has been an update released on the 28th June to fix an additional problem with TLS/SSL.

Apple released new versions for Itunes, Quicktime and MobileMe. From Windows run Apple Software Update but mind their trick of showing you items not installed in the hope you leave then selected!

Mozilla updated both Firefox to version 5.0 and Thunderbird to 3.1.11.

While you are running updates, Skype also should be updated from the built in check for updates option.

If that hasn’t got you rushing to patch your PC, then either you do not consider your computer’s security important yet or you have already installed Secunia’s PSI application to check your patch level on a regular basis for you…

SecurityBrad

For those of you who do not use Secunia’s Personal Security Inspector software already (it is free for personal use!), make sure you have done your updates.

Adobe has become the new Microsoft for releasing insecure software and their Flash, Shockwave and Reader products all need urgent updating. Sun’s Java is not far behind in the insecurity stakes, and also needs to be checked that you are using the latest version. Both Adobe and Sun share one ability though, their old software is not fully removed when you update your products, so do check your browser plugins and installed software for old versions, or you can just use PSI and let it do the work for you!

You can blame the software providers for not fully security testing and releasing poorly secured software. The usual analogy is that it is like getting a car missing parts or a car with known defects, and this would never happen. Recent history has shown that car manufacturers also use the same security testing practices…

SecurityBrad

If you are not aware, Adobe’s free Acrobat Reader (now just called Adobe Reader) software is prone to serious security risks. The software was originally just a way to standardise document exchange and printing with the PDF file format, but now has had additional functionality over the years. The biggest two risks are the JavaScript which lets code be stored in the PDF document to be run on your computer and the PDF also allows files to be stored within a PDF file so can bypass virus scanners. Turning off the JavaScript setting and not opening files embedded in PDF documents will help prevent viruses taking control of your computer with no effect on reading PDF documents.

You can do this by starting Adobe Reader, clicking on Edit then Preferences and making the following changes going through the many settings pages on by one:

  • Tick Enable Enhanced Security
  • Untick Opening of non-PDF file attachments with external applications
  • Untick Multimedia operations for both trusted and other documents
  • Untick Adobe JavaScript
  • Untick Display PDF in browser
  • Untick Speculative downloading in the background

SecurityBrad



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories