Wednesday, March 31, 2010

SOFTWARE: PDFs On Watch List

The best defence against viruses and the like (worms, becoming zombies, etc.) is not being idiotic and believing everything that comes across the transom. If you don't expect it, don't click on it. You will USUALLY be safe if you NEVER disobey that one directive. You'll be percentages safer if you never click on anything, but that probably means you're the type to put plastic all over the coach and STILL forbid the kids and dogs from sitting on it. There's only so much abstinance before crazy town sets in.

At any rate, one of the 'safe' things out there was PDF files. Portable Document Files. Invented by Adobe and just about ruined by Adobe's bloated software to read and create the things. Thankfully, several other companies have stepped in and started offering alternatives to the free Adobe Reader (aka Adobe Acrobat in its youth). For the last two or so years, my alternative of choice has been Foxit Reader. It's fast, small on resouce-chomping and isn't from Adobe, which might be reason enough to use it. It searches through the file quickly, both backward, forward and around the ends. I like it.

But now I am worried. Dider Stevens has found Foxit's rep as a 'secure' alternative to Adobe Reader is flawed. Badly flawed. A nasty person of dubious parentage, can run a program inside of a PDF opened in the latest version(s) of Foxit. The threat is lessoned to some degree by using Adobe thanks to a message system that might or might not let you catch yourself before getting futzed up. A little skill at writing replacement text for Adobe's warning message might let the thing through anyways, but at least there's a chance to stop calamity. Unfortunately, Stevens' article is now out in the wild and the bad guys will be inspecting his example and burrowing through the PDF language in the hopes of figuring out exactly how to deliver harm rather than Stevens' proof of concept.

Which means I must now cast a cautious eye towards everything PDF I collect. And I collect lots of PDF files. Being a roto player means mining various sites and I frequently get the data back in PDF file format. Now, I'll have to reconsider. It's not like the HTML stuff is a whole lot more palatable. But I might just react to the Foxit security hole by switching to PDF-XChange Viewer.

Now, PDF-XChange Viewer has more going on than Foxit. There's a LOT of commenting and marking tools available in the free version (I remain committed to using free software unless there is no alternative to a needed feature of a pro version of anything). But it has one thing that Foxit doesn't have. That's the ability to move a LOT of the command toolbars off to the side and onto the same level as the word menu. What that does is to restore MORE depth to the viewing window. And that means bigger magnification of text. And that's good.

Two months ago, when one of my Samsung 21in screens went a bit wonky and I decided to replace the twin screens with twin 23in monitors, I went from individual monitors displaying 1600x1200 to the individual monitors displaying 2000x1148. That 52 lost pixels in depth are mostly offset by the extra 400 pixels in width. Except in web browsing and in PDF viewing. It's four percent shorter and that means every letter seems a point smaller on the screen. It's noticeable. However, by moving anything that CAN move (and locking them down, don't forget to do that) in PDF-XChange Viewer, I was able to get roughly the same viewing area as I used to get on the old desktop. So, I am in the process of switching over to PDF-XChange Viewer as the default PDF viewer here at the Castle of Confusion.

Plus, it means I probably don't have to worry about PDF security for another while.

No comments: