Answer

Foxit Reader vulnerability: Time to find an alternative PDF reader?

Does the recent discovery of a Foxit Reader vulnerability change the game for those companies that use it as an alternative to Adobe Reader because they think it's more secure? Is that approach still viable?

    Requires Free Membership to View

Ask the Expert!

SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

All generally available software has vulnerabilities, and enterprises should expect that they will need to update all the software on their systems at one time or another. The fact that one piece of software needs an update shouldn't affect whether the software is used. However, if a piece of software constantly requires updating to protect against potential zero-days or other high-risk attacks, and there are alternatives available, then enterprises might want to consider using a different piece of software. Enterprises that don't have facilities to update a piece of software should take that into consideration. If an enterprise can't keep the software up to date, they might need to implement other security controls to manage security on desktops, update the software manually, or not install it.

Installing an alternative PDF reader is still a viable option, but will not provide 100% protection from PDF attacks. The risks from using Foxit Reader are smaller than Adobe Reader, since it doesn't have the legacy functionality that is abused in Adobe Reader; a smaller attack surface means less risk. Enterprises also have other options than Foxit for PDF readers, including the built-in reader in Firefox or Chrome, Google docs or the Ghostscript utilities to view PDFs. However, the vulnerability identified in the Foxit Reader shouldn't stop enterprises from using the software.

This was first published in July 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: