Does the recent discovery of a Foxit Reader vulnerability change the game for those companies that use it as an...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
alternative to Adobe Reader because they think it's more secure? Is that approach still viable?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
All generally available software has vulnerabilities, and enterprises should expect that they will need to update all the software on their systems at one time or another. The fact that one piece of software needs an update shouldn't affect whether the software is used. However, if a piece of software constantly requires updating to protect against potential zero-days or other high-risk attacks, and there are alternatives available, then enterprises might want to consider using a different piece of software. Enterprises that don't have facilities to update a piece of software should take that into consideration. If an enterprise can't keep the software up to date, they might need to implement other security controls to manage security on desktops, update the software manually, or not install it.
Installing an alternative PDF reader is still a viable option, but will not provide 100% protection from PDF attacks. The risks from using Foxit Reader are smaller than Adobe Reader, since it doesn't have the legacy functionality that is abused in Adobe Reader; a smaller attack surface means less risk. Enterprises also have other options than Foxit for PDF readers, including the built-in reader in Firefox or Chrome, Google docs or the Ghostscript utilities to view PDFs. However, the vulnerability identified in the Foxit Reader shouldn't stop enterprises from using the software.
Dig Deeper on Productivity apps and messaging security
Related Q&A from Nick Lewis
Vulnerabilities in Java and Python have opened them up to possible FTP injections. Expert Nick Lewis explains how enterprises can mitigate these ...continue reading
Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how ...continue reading
The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.