Wednesday, April 29, 2009

Dump Adobe Reader? Yeah, why not.

I never like articles with a title ending in a question mark. You know what you're going to get: no answer to the question. Therefore, they are typically filler. Yawn on that. So here is my question and answer title. Let's get to the point right off the bat: Adobe Reader is a security risk.

The chatter on the net this past week has come to the conclusion that the long line of security holes in Adobe Reader over the past two years is enough already. Dump the thing. It's like my conclusion from decades past that Windows, among its many disappointments, is too much of a security risk to use professionally. That any business or any government uses it greatly concerns me. But it's not Microsoft bashing day. It's Adobe bashing day. If you don't need Adobe Reader, don't use it. Thankfully, Mac OS X users have Apple's Preview application, which has not got the JavaScript vulnerabilities of Adobe Reader. So use Preview instead. It's not totally immune to infected PDF files, but it's much safer than Adobe Reader.

OK, it's not like anyone's Mac got pwned by using Adobe Reader. There is no malware targeting Macs that I know of that weasels its way in via holes in Adobe Reader. So really there is no major alarm going off telling us to kick Adobe Reader off the bus for having cooties. But considering that Mac OS X is the safest professional operating system on the planet (not that I'm dissing Linux mind you), avoiding Adobe Reader at this time is a very good idea.

Personally, I've been a fan of PDF since Adobe Acrobat version 3. It's brilliant and has only become better over time. Thank you Adobe, and especially thank you for making it an open standard. Its integration into the core of Mac OS X is incredible. However, Adobe allowed in some poor code, including support for the catastrophe oddly known as JavaScript. I'll skip my usual lecture on how it got its misnomer and how it was ruined as a standard by Microsoft. Simply know that it is a security holey mess. Apple has gotten burned by JavaScript in QuickTime since 2006. The same JavaScript insecurities are equally plaguing Adobe Reader. Apple got control of their JavaScript problems. Adobe are still playing catch up.

Me, I'll still continue to use Acrobat. I'll still keep Reader around for when I absolutely need it. And there are indeed times when I require Reader. But I'm also going to keep an eye on the latest Reader problems and continue to update it (manually!) when updates are offered.

No comments:

Post a Comment