[NYCkayaker] (1) an invitation and (2) a computer security note

Rich Kulawiec rsk@rockandwater.net
Thu Feb 21 09:34:30 EST 2013


1. You're all going to get an invitation to join an "announcements"
list for the HRWA.  The invitation itself will contain a brief
introduction.  If you don't wish to join, do nothing: like all the
mailing lists we host, this one is run with a confirmed opt-in (COI)
process so nobody will ever be added to it without their prior,
affirmative permission.  I'm just mentioning it here so that you
know it's real.  You should only get one invitation; if you get
more than one, that's my mistake, not the HRWA's, not anybody
else here at R&W, so pound on me, not them.


2.  I'd like to ask you to indulge me for about a minute.  Please do this
little exercise:

(a) Go to Google or DuckDuckGo or your favorite search engine.

(b) Type in "security hole adobe reader 2013".  Glance at the first page
of hits.

Now modify that query to "security hole adobe reader 2012".  Repeat.
Now modify that query to "security hole adobe reader 2011".  Repeat.
Now modify that query to "security hole adobe reader 2010".  Repeat.
Now modify that query to "security hole adobe reader 2009".  Repeat.
Now modify that query to "security hole adobe reader 2008".  Repeat.
Now modify that query to "security hole adobe reader 2007".  Repeat.

(c) Are you sensing a theme here?

Why did I ask you to do this?  Because there is yet another gaping
security hole in Adobe's "Acrobat" PDF reader.  Exploits have already
been sighted in the wild.  (Translation: "the bad guys are all over this.")

Enough.  ENOUGH.

It is time to expunge Adobe's Acrobat Reader from your computing
environment -- if you haven't already.  If Adobe, with its army of
programmers and piles of money,  can't manage to release something
as simple and straightforward as a secure PDF reader after umpteen
tries...then they never will.  It's time to stop betting your security
on their competence, because the latter is clearly imaginary.

Multiple alternatives abound, many of them free and open-source.
I suggest looking at these for starters:

	Evince: http://projects.gnome.org/evince/
	Sumatra: http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
	FoxIt: http://www.foxitsoftware.com/Secure_PDF_Reader/

I use Evince, by the way.

Note that the latest release of Firefox has a built-in PDF reader.
So does Chrome/Chromium.  So one handy way to get rid of Adobe
Acrobat and the IE browser simultaneously is to switch to one of these.

	Firefox: https://www.mozilla.org/en-US/firefox/fx/
	Chrome: https://www.google.com/intl/en/chrome/browser/
	Chromium: http://www.chromium.org/

Note that if you use a Mac, both the Safari web browser and
the "Preview" application can read PDFs.

Note that if you're using OpenOffice or LibreOffice (both of which are
mature, free, open-source multi-platform replacements for MS Office)
that they can import PDFs as well.  If you're on a Mac: NeoOffice is
also available:

	OpenOffice: http://www.openoffice.org/
	LibreOffice: https://www.libreoffice.org/
	NeoOffice: http://www.neooffice.org/neojava/en/index.php

For other choices and a table of comparisons:

	https://en.wikipedia.org/wiki/List_of_PDF_software

Now...the alternatives aren't perfect.  They've all had their issues too.
So this is NOT a panacea, a guarantee against any/all future problems.
But all of them combined have not managed to accumulate the dismal
track record that Acrobat has, so this is clearly the way to bet.

If you happen to be a CIO/CTO/CSO, then you should be propagating
this change throughout your company/organization.  Today.

---rsk



More information about the NYCKayaker mailing list