del /s *.pdf
Pointless Document Format.
Adobe released an unscheduled update to Reader and Acrobat on Tuesday that addresses a variety of security bugs in its PDF software, including an unpatched flaw that has become the subject of hacking attacks over recent weeks. Updates of Adobe Reader and Acrobat 9.4 for Windows, Macintosh and Unix address a critical flaw in …
There actually are points to PDF, quite a few of them in fact. But even it that weren't so, many of us do not live on uninhabited islands where we can make these decisions independently of suppliers and customers.
Alternate readers are a more realistic defense. It would be especially nice if there were a reader that refused to handle anything but PDF/A (and, of course, the corresponding default in the major generating apps).
Did I wake up recently and discovered that I'm Adobe's Patch Beeatch? Sure seems that way for all the crap for all their stuff that makes me their Beeatch patching our home systems.
Really sick of it, they're worse than MSFT who can at least (usually) to have the patches rolled into 1 monster patch.
The problem is not the PDF format itself. It's the dodgy programming of Acrobat Reader and Adobe's inability to fix it.
PDF is an important format everybody needs to exchange printable documents. There exist secure readers like Evince and Google Chrome developer version. Just make sure you don't use Adobe Products and you are generally quite safe.
http://live.gnome.org/Evince/Downloads
http://en.wikipedia.org/wiki/List_of_PDF_software
I am so tired of linux distributions coming without full-fat acroread and trying to shove various half-assed pdf readers down my throat. They invariably have a user interface that manages to be worse than acroread while being unable to render or print a variety of files. I haven't seen any evidence that they are any safer either-- as some actually informed commenters above pointed out, the PDF spec itself allows for embedding things like flash and javascript which greatly increases the difficulty of creating a secure reader.
I'll grant that acroread is a bloated steaming piece of crap with more security holes than you can shake a stick at, but I've yet to see anything better. There are many good FOSS projects, but slapping a gnu, bsd, or apache license on bad code in no way makes it better.
"PDF is an important format everybody needs to exchange printable documents"
Yes, the key word being printable. How are you going to print Flash? Video? Audio? Why is that crap in the format other then to give them something new to put on the box of the latest $299 upgrade?
The latest hole is due to Flash. Something I do not even want in a printable document!
Wow ain't this weird
"Earlier version 8 installations of Reader and Acrobat are not vulnerable to the bug and therefore don't need patching. "
Sure enough, no update
still I think I'll keep it in <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04">EMET </a>
Thought for the day: Too bad EMET doesn't do dll's , we have to rename them.
Before you rant against PDF (as opposed to Adobe PDF software), you should better look at the standard:
http://en.wikipedia.org/wiki/PDF
and also
http://en.wikipedia.org/wiki/PDF/A
You will find that PDF is much better than Postscript and that most of it makes perfect sense. Sane developers don't implement the "dancing monkey" feature of embedding multimedia crap into a Reader.
PDF readers can indeed be implemented securely. One approach would be not to use C/C++, but PASCAL or ADA for PDF Readers. This would easily kill 90% of the exploit potential.
So as a real-world advice - simply don't use Adobe products and most problems disappear in a puff of smoke. Evince, xpdf, google Chrome dev version are very secure. If you are paranoid, use SE Linux or AppArmor to secure Evince even more.