After the recent emergency out of cycle patch of Adobe Reader (again!), maybe we should be looking toward finding a better solution to the problem – the fact that Adobe cannot write secure software.
Yeah I know they are releasing Reader X with ‘sandboxing’ la la la, link here to article on ThreatPost, but maybe they should just write some decent secure code – its only a document viewer after all!
After doing a bit of research and having some experience using alternate PDF readers, I’ve come to the conclusion that there are other better more secure applications.
There is 1 application in particular – Evince – the 1 included with Ubuntu and other Gnome distro’s, I have found only 1 advisory listed on Exploitdb where as Adobe Reader, Exploitdb lists 9 and visit the Adobe site and search for advisories and you’ll be amazed how many there are listed.
Many would argue that Adobe Reader is the best most feature rich pdf reader blah blah blah, but at the end of the day 99% of people just want to be able to read pdf’s, they don’t know about or need any of the extra stuff Adobe Reader does.
But I hear you say I use Windows and you can’t get Evince for Windows – well you can check out the download page here get yourself a copy of the installer and dump Adobe Reader.
There are some more pretty screen-shots here on the Evince project site to get you interested.
People need to vote with their ‘cyber feet’ and move away from these bloated poorly written applications and get on with enjoying the internet for what it is and not worrying about getting got by some ‘criminal gang’ extorting money and stealing their private information.