Securing Acrobat Reader to mitigate viruses

security malware adobe-acrobat

Solution 1:

Unfortunately, Adobe Reader has had numerous serious security vulnerabilites in the past years, and although Adobe has focused slightly more on security lately (establishing their Product Security Incident Response Team (PSIRT)), it is wise to assume that new vulnerabilities will be found and exploited.

The most important things you can do is:

  • Read the Reader Security Guide, available from https://www.adobe.com/devnet/acrobat/security.html

  • In particular, disable Javascript if possible by setting bEnableJS under HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\JSPrefs to 0. Many of the recent exploits have utilized the Javascript support.

  • Keep an eye on the PSIRT blog and the ISC Storm Center for new vulnerabilities.

  • Establish an ongoing patch regime ensuring rapid deployment of new versions, and actively eradicate old versions.

  • The Adobe PSIRT publicly announced a serious flaw on December 14th 2009, but a patch was not available until mid-January 2010. For time intervals like this, you should have a plan for mitigating security controls, for example blocking PDFs on mail gateways and web proxies.

  • Consider the use of alternative PDF readers (Mac OS X has builtin support, Foxit Reader and others may be an alternative on the Windows platform)

Solution 2:

Disabling Javascript within Reader will help a bit. Also, enable the "Enhanced Security" feature (it is on by default in Reader 9.3 and 8.2).

Solution 3:

Not really, many of the recent vulnerabilities have been in either javascript or JPEG processing, so if you're inclined to disable images and JS, you might gain a little false sense of security.

Enhanced security mode does indeed help, but many of the recent exploits have had the ability to break out of the self-imposed sandbox.

The issue with Adobe Reader bugs is that its an unexamined field, Sure, theres been bugs in Reader since time immemorial and people have discovered them, but only recently have auditors taken to looking for bugs.

Furthermore, and arguably compounding the issue is the distinct LACK of buffer overflows in Adobe products (Comparatively speaking to say, Microsoft) in the past. For those who aren't familiar, the Buffer overflow was THE programmatic flaw to exploit circa 1989-2005, Thus Adobe's been riding on a false air of security for quite some time. Now that highly complex vulnerabilities like use-after-free point dereferencing conditions and Integer Overflows leading into function pointer poisoning are becoming increasingly popular to exploit in Adobe products, Adobe is scrambling to review code for vulnerabilities (I've heard anecdotally that Adobe only kept 3 people on staff for security QA in the entire company before CVE-2009-0189).

The long story short is that vulns could be anywhere, So just practice due diligence, In this particular case - that means keeping AV updated and maintaining your IPS/Firewall.

Related

How to fix the wiring mess that is my server room
Allow access to Linux Console
What is the oldest hardware still in production use? How is it kept running? [closed]
Do we have to be PCI compliant to store Social Security Numbers in our hosted database?
How can I create multiple, numbered copies of a file in Windows?
Tail server logs into XMPP?
Local SVN repository to git
Is it possible to run varnish with both memory and disk storage?
Why is the mysql client utility not using the port I specify?
Puppet: Running shell command when file (or package) is updated
Local Admin user via GPO
Find users that are auto forwarding / redirecting their email in Exchange 2010 using Powershell