If you pay any attention to computer security news, you’ve almost certainly heard of the recently-discovered PDF hack that allows an attacker to embed arbitrary commands in a PDF file. Well, it’s worse than you thought — another researcher has a proof-of-concept hack that allows an infected PDF to infect every PDF file on the system, essentially opening the entire system up to the attacker, repeatedly.
Fortunately, there’s a simple solution, at least for most of us: use an alternative PDF-viewing program, such as Sumatra or Evince. Both are apparently immune to this attack, and have the added bonus of being lighter on system resources as well.
You could also use Ploni’s favorite, Google Docs. I tend to dislike web-based programs (I’m not always connected to the ‘net), but for people who don’t have that bias, it could be a viable option.
Sumatra works because it’s primative (and slow), though it might be a good idea, I haven’t tried it since I’ve moved on to the core2 CPU series from Pentium 4, so maybe its performance is tolerable for me now. Foxit, which you didn’t mention, is probably vulnerable, as I’ve mentioned before, it shares a lot of Adobe’s exploits so using it is not really as secure as most people think. I only mentioned Google Docs because it’s pretty much immune to anything you’d throw at it, since it lives on Google’s servers, it’ll exploit Google, not you. 😉
I don’t “like” Google Docs, or web-based apps in general. (I use Google Mail but usually via an IMAP client.) I just use it for viewing stuff my own system doesn’t support – which now includes PDF when in Windows. (OS X has pretty well-embedded PDF support, comes from NeXTSTep, which had “Display Postscript” that got changed to “Display PDF” in OS X. So, unfortunately, you can’t excise the PDF cancer from OS X. 😉 )
I didn’t mention Foxit because it is vulnerable. And Google Docs was your recommendation to people, so presumably it’s the one that you use yourself.
Yeah, I use it, but that doesn’t mean I have to like it. 😉