Does the recent discovery of a Foxit Reader vulnerability change the game for those companies that use it as an...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
alternative to Adobe Reader because they think it's more secure? Is that approach still viable?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
All generally available software has vulnerabilities, and enterprises should expect that they will need to update all the software on their systems at one time or another. The fact that one piece of software needs an update shouldn't affect whether the software is used. However, if a piece of software constantly requires updating to protect against potential zero-days or other high-risk attacks, and there are alternatives available, then enterprises might want to consider using a different piece of software. Enterprises that don't have facilities to update a piece of software should take that into consideration. If an enterprise can't keep the software up to date, they might need to implement other security controls to manage security on desktops, update the software manually, or not install it.
Installing an alternative PDF reader is still a viable option, but will not provide 100% protection from PDF attacks. The risks from using Foxit Reader are smaller than Adobe Reader, since it doesn't have the legacy functionality that is abused in Adobe Reader; a smaller attack surface means less risk. Enterprises also have other options than Foxit for PDF readers, including the built-in reader in Firefox or Chrome, Google docs or the Ghostscript utilities to view PDFs. However, the vulnerability identified in the Foxit Reader shouldn't stop enterprises from using the software.
Dig Deeper on Securing Productivity Applications
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.