The Downside of Adobe Reader

Adobe Reader is one of the most popular programs in the computing universe. Almost every computer has some version of this free program installed, whether it's a PC, a Mac, or virtually any other computer and Operating System.

In a stroke of marketing genius, Adobe established this program early on as the standard for producing documents that look identical across any platform. They accomplished this objective by giving the Reader program (also known as Acrobat Reader) free of charge to anyone who requests it.

As a result, the document format developed by Adobe is universally used to distribute documents to anyone who needs them, without regard to the computer, Operating System, or printer on which the documents will be viewed or printed.

This document format is known as Portable Document Format, or .pdf files. Over the years most computer users have come to recognize and trust these files as coming from reputable sources.

Typical .pdf files would include forms downloaded from the IRS or other government agencies, product literature from vendors, invoices from suppliers, and any other form or document that may need to be distributed to a wide range of recipients.

Unfortunately, the universal use of Adobe Reader has made it a very attractive target for virus writers and others who would do harm to unsuspecting computer users. The program's popularity has made it one of the major victims of today's bad guys.

The most common approach is to send an e-mail with a .pdf attachment, and giving the recipient a compelling reason to open the attachment. It may be represented as an attempted delivery notice from UPS or Federal Express, or an inquiry from the Better Business Bureau on behalf of an unhappy customer.

For whatever reason, Adobe Reader has suffered from more than its fair share of programming errors that allow malicious .pdf files to infect the computer on which the file is opened. Adobe makes a diligent effort to keep the program secure, but the virus producers keep finding more vulnerabilities.

With the release of Adobe Reader X in 2012, Adobe thought they had developed a permanent solution to this problem. With Reader X they implemented a technique known as "sandboxing," which means that the document is opened in an area that is isolated from the Operating System.

Even so, the updates continued as more vulnerabilities were discovered. But Adobe was confident in their sandboxing approach and perhaps let their guard down.

And then it happened! A creative virus writer developed an approach that would get around the sandbox and infect the Operating System. Adobe initially confessed they did not have a solution to this new attack vector.

To their credit, Adobe introduced Adobe Reader XI fairly quickly, and it is now available to anyone who wants to download it. This latest version presumably repairs the hole in the sandbox of Adobe Reader X, so the world is safe for .pdf files for a while longer!

While this update is good news, the bad news is that many computer users are still running Adobe X, or Adobe 9, or even older versions. These will not be updated automatically to Adobe XI, so those systems remain at risk.

To be safe from modern malware, you will want to be sure that all the computers for which you are responsible are upgraded to Adobe Reader XI ASAP. While you're at it, be sure they also have the latest versions of Adobe Air, Flash, and Shockwave. All of these programs are frequent malware targets too.