Recent news accounts have highlighted some security vulnerabilities in current releases of Adobe Acrobat and Adobe Reader, with the latest such vulnerability to be addressed (Adobe says) in an update due out January 12.
Very little public information out there offers readers a useful sense of the risks and how to mitigate them. The common refrain is to “deactivate JavaScript”, but that’s lousy general advice (because it only applies in some cases), and doesn’t really put the issue in context, or help you deal with the real problem. Deactivating JavaScript is like refusing to drive your car because one of the tail-lights is out.
Bottom Line: All the “nasty” PDF stuff you’ve been reading about requires that a user (ie, you) opens a so-called “malicious” document, whereupon all sorts of horrible things could theoretically start to happen.
The thing to remember here is simple. In order for a PDF to be nasty, it must have originated from someone nasty, which is to say, someone unknown to you with no plausible reason for sending you some random PDF.
As such, the most basic – and important – precaution you can take is simply not open files from sources you don’t already trust (ie, you don’t worry about them deliberately sending you a virus).
Now – this isn’t exactly news. Elementary computer security that everyone should know before they open their first email account goes something like: “Never open attachments to emails when the source is unknown to you.”
As for PDF files found on legitimate websites – don’t worry about it. Sure, there’s a possibility that some clever evildoer has managed to post their own nasty PDFs on someone else’s website – but (and this is the point) – PDF is no worse than any other format in this regard, and in fact, it’s a lot BETTER than many other common formats.
If you MUST open a PDF from someone you’ve never heard of who has no other reason to be sending it to you, ask yourself “Why would I do that?” A corollary: If a website tries to make you open a PDF file that you didn’t explicitly request – don’t open it!