Why I do not use Adobe Reader

[b]Adobe Reader zero-day attack – now with stolen certificate[/b] Roel Kaspersky Lab Expert Posted September 08, 23:45 GMT

Today Adobe put out an advisory for a previously unknown zero-day in its PDF Reader/Acrobat software. This vulnerability is actively being exploited in the wild.

The exploit is pretty basic. What’s interesting about it is that it makes use of Return Oriented Programming to bypass the ASLR and DEP mitigation technologies in Windows Vista and 7.

More widespread usage of ROP for exploits is something I’ve been expecting for a while. Why? Because Windows 7 is gaining more and more traction in both the consumer and corporate space.

http://www.securelist.com/en/blog/2287/Adobe_Reader_zero_day_attack_now_with_stolen_certificate

i saw this topic at morning,i find very interesting things on this site about viruses etc :slight_smile:

Thanks for the posting.
So for us who don’t know much about these issues,should we just not use adobe reader till they issue an update to resolve this vulnerability or should we just unistall the whole program till is secure? :-
Thanks!

PS: I use OpenOffice 3.2 Is this a substitute for the adobe Reader? Do I really need Adobe Reader?

Why use an insecure 41mb program to just read pdf files when you can use

Foxit Reader 4.1.1.0805 ( only 6,7mb ) http://filehippo.com/download_foxit/
Sumatra pdf reader ( 1,7mb ) http://blog.kowalczyk.info/software/sumatrapdf/index.html
Nitro pdf reader http://www.nitroreader.com/

Foxit Reader has Ask.com Toolbar pre-selected! :o

I use Cool PDF Reader:
http://www.pdf2exe.com/reader.html

As anjana asks, should we/I delete Adobe Reader 9.3.4? And, it is mentioned that it is 41mb, mine is 210MB? on Programs and Features. The answer to the questioned was “why would you use” question again, “should I delete” and choose, say, Foxit Reader? Thanks so much, from a person who does not know anything about these issues.

At 210MB is another reason to get rid of Adobe Reader. :wink:

ckiwi and others,

Given that the reported vulnerability is rated critical by Adobe, and is reported to be actively exploited in the wild, in my opinion the only options are to either (1) not open any PDF files that you cannot trust - that is, know for sure they are not infected, or (2) uninstall Adobe reader and use another. (I use Nitro, and am happy with it.)

Number (1) (don’t open any untrusted files) is the only workaround offered at this stage. Therefore, if it were me, I’d remove it and use another for this reason alone. (I removed it and installed another long before now, for performance reasons.)

If you don’t have reason to open any PDF’s, and you want to keep Adobe, you might choose to wait and see if a solution is forthcoming.

Thanks YoKenny, Pondus, and Tarq57 for your advice and info. Seeing this i don’t really see a reason to keep Adobe Reader.
Thanks for the alternative options to it… :wink:

Thanks Tarq57, for a straight answer to the question. Adobe Reader has been uninstalled. And now I will help my dad uninstall it on his computer. Thanks to all, but I was just needing a simple answer.

What? Is Adobe Reader safe? i use Adobe Reader 9.0 is it safe?

It is such a huge target that you have to really make sure that you have the very latest updated version and even then they have been very slow to patch vulnerabilities when they are discovered. So for me I gave up on it many years ago as a) it is very bloated for what it is a PDF reader (see image for what I mean about bloat) and b) it is such a target.

Your version if it is just 9.0 is out of date a vulnerable.

Hello thanks for the Reply! I like 9.0 it cause it doesn’t update on me and i don’t use it is just a program that has never been used on my OS. but i seen how much MB’s it uses and it seems to take alot of memory and also Avast has User guide thing in PDF why not XPS? :stuck_out_tongue: :slight_smile:

What about Adobe Flash Player? is that safe or neccessary?
Thanks
I also have Acrobat.com from Adobe, what’s that?

Adobe make a few different softwares, including photoshop, and the flash player. If it is the latest flash player version (check it here) it should be good.
At least until the next flash player vulnerability is found.

Exploits are found in this software, and Java platforms…all sorts of software, in fact, from time to time. A good reason to check everything is up to date, regularly.

For the concerned users

Auto Update your Programs - Secunia PSI 2.0 Public Beta
Detects and installs missing security patches for your PC

http://secunia.com/blog/123

I am at 100% on my Secunia System Score.

Liking a version which has vulnerabilities which are being exploited and sticking with it, just because it doesn’t update on you is crazy. The fact that you say you have never used it doesn’t mean it can’t be exploited because the infrastructure is in place for just that (its installed and probably running in the background when not needed).

Because it doesn’t update on you is hardly a reassurance that you should keep that version.

There are plenty of alternatives to adobe pdf reader that a) aren’t bloated, b) if you like you can set not to check for updates (but you must) and c) aren’t such a huge target and not as vulnerable.

So for something that you purport not to use, I can’t understand why you have it installed at all, making a smaller alternate pdf reader an even better proposition and they can also read the avast user guide, mine does.

+1

Secunia PSI will agree with you as well.

Does anybody know which version is affected? The latest version with security patches is 9.3.4!


All of them.

YoKenny mentioned coolPDFreader above and if you ever use it, you will hate Adobe Reader. CoolPDFreader is a very small program and far, far quicker than the antiquated AR.