Q

Foxit Reader vulnerability: Time to find an alternative PDF reader?

Does the latest Foxit Reader vulnerability mean it's time to find an alternative PDF reader? Expert Nick Lewis offers his advice.

Does the recent discovery of a Foxit Reader vulnerability change the game for those companies that use it as an

alternative to Adobe Reader because they think it's more secure? Is that approach still viable?

Ask the Expert!

SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

All generally available software has vulnerabilities, and enterprises should expect that they will need to update all the software on their systems at one time or another. The fact that one piece of software needs an update shouldn't affect whether the software is used. However, if a piece of software constantly requires updating to protect against potential zero-days or other high-risk attacks, and there are alternatives available, then enterprises might want to consider using a different piece of software. Enterprises that don't have facilities to update a piece of software should take that into consideration. If an enterprise can't keep the software up to date, they might need to implement other security controls to manage security on desktops, update the software manually, or not install it.

Installing an alternative PDF reader is still a viable option, but will not provide 100% protection from PDF attacks. The risks from using Foxit Reader are smaller than Adobe Reader, since it doesn't have the legacy functionality that is abused in Adobe Reader; a smaller attack surface means less risk. Enterprises also have other options than Foxit for PDF readers, including the built-in reader in Firefox or Chrome, Google docs or the Ghostscript utilities to view PDFs. However, the vulnerability identified in the Foxit Reader shouldn't stop enterprises from using the software.

This was first published in July 2013

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close