

Most malware in 2009 used Acrobat/PDF for exploits - godDLL
http://blogs.zdnet.com/security/?p=5473

======
kogir
Either Microsoft has raised the bar and attackers are going after easier
exploits not in the base system, or Adobe has lowered the bar and gained
sufficient penetration to be a better target.

How do you tell which?

~~~
evgen
Probably a combination of both (plus a little bit of user education on the MS
side of the equation.) Recent MS operating systems and browsers are more
secure then older versions that are slowly being phased out, most users are
using firewalls/anti-virus enhancements, and users are more aware of the fact
that certain attachments/files are not safe to just blindly open. On the Adobe
side it seems like a decade of stuffing in useless bells and whistles to
Acrobat to justify the size/budget of that group within Adobe is finally
making the code too complex to properly vet and things that seemed like a good
idea in the "what features should we add to the next rev" meetings are now
looking like bad choices. The problem Adobe faces is that it is hard for a big
company to remove features and they no longer have enough dominance over the
spec or marketshare to create a "new and improved" version that enables them
to paper over or rip out their mistakes.

~~~
godDLL
Many such exploits are in-browser, and require no action on the part of the
user apart from visiting a highjacked/fake web-site.

------
maarek
I think the author misses the point at the end - it's not a choice between
Adobe messing up and users not updating. The question is "why are so many
users running outdated versions?" I believe one of biggest reasons is because
Adobe makes it such a pain in the neck to update their products.

------
jamesk2
Flash and Acrobat: more reasons to just go to open source.

~~~
CrazedGeek
Then again, there are some perfectly cromulent proprietary PDF readers:
Preview.app and Foxit.

------
ronnier
Make sure you turn off javascript within acrobat.

~~~
listic
How do I do it?

~~~
ronnier
Edit --> Preferences --> Javascript --> Uncheck "Enable Adobe Javascript"

