Dear LIS Professionals,

 

Following is the advise  for using PDF keeping in view security threat. I thought it to share. Recently there have been numerous cases wherein users have received malicious Adobe Acrobat  attachments. Opening of such attachments, embedded malicious code in the PDF file exploits the vulnerabilities in the Acrobat reader leading to system compromise. This process takes place in the background without any clue to the user. Guidelines to avoid the exploitation of Adobe reader vulnerabilities by malicious code are as follows:

 

  1. Even if the sender of the email is known, the relevance of the mail content should be checked before opening the attachments.
  2. Do not access PDF documents from untrusted sources particularly those hosted on web sites or delivered as email attachments.
  3. Latest version of Adobe Reader with up-to-date patches should be installed. Presently it is version 9.3.
  4. Enable Data Execution Prevention (DEP) in Microsoft Windows  to mitigate the execution of attacker-supplied code. Use of DEP should be considered in conjunction with the patches.
  5. Disable java_script, Multimedia, Flash and 3D options of the Acrobat reader and enable only when required to prevent its’ vulnerabilities from being exploited. If this workaround is applied to updated versions of Adobe Reader, it may also protect against future vulnerabilities.

To disable java_script in Adobe Reader:

                                                                     i.            Open Adobe Acrobat Reader.

                                                                   ii.            Open the Edit menu.

                                                                  iii.            Choose the Preferences... option.

                                                                 iv.            Choose the java_script section.

                                                                   v.            Uncheck the Enable Acrobat java_script check box.

 

Similarly, Multimedia, Flash and 3D options should also be disabled.

  1. Disable the displaying of PDF documents in the web browser.

Steps to prevent PDF documents from automatically being opened in a web browser with Adobe Reader:

                                                               i.      Open Adobe Acrobat Reader.

                                                             ii.      Open the Edit menu.

                                                            iii.      Choose the Preferences... option.

                                                           iv.      Choose the Internet section.

                                                             v.      Uncheck the Display PDF in browser check box.

 

Regards,

 

P K Upadhyay

NIC Library, Delhi

http://egranthalaya.nic.in

http://mcitconsortium.nic.in


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.