Does the recent discovery of a Foxit Reader vulnerability change the game for those companies that use it as an...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
alternative to Adobe Reader because they think it's more secure? Is that approach still viable?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
All generally available software has vulnerabilities, and enterprises should expect that they will need to update all the software on their systems at one time or another. The fact that one piece of software needs an update shouldn't affect whether the software is used. However, if a piece of software constantly requires updating to protect against potential zero-days or other high-risk attacks, and there are alternatives available, then enterprises might want to consider using a different piece of software. Enterprises that don't have facilities to update a piece of software should take that into consideration. If an enterprise can't keep the software up to date, they might need to implement other security controls to manage security on desktops, update the software manually, or not install it.
Installing an alternative PDF reader is still a viable option, but will not provide 100% protection from PDF attacks. The risks from using Foxit Reader are smaller than Adobe Reader, since it doesn't have the legacy functionality that is abused in Adobe Reader; a smaller attack surface means less risk. Enterprises also have other options than Foxit for PDF readers, including the built-in reader in Firefox or Chrome, Google docs or the Ghostscript utilities to view PDFs. However, the vulnerability identified in the Foxit Reader shouldn't stop enterprises from using the software.
Dig Deeper on Securing Productivity Applications
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.