Did The Humble PDF Get Too Complicated For Its Own Good?
Nobody can deny that Adobe’s Portable Document Format has been a massive success since being created in 1993. The versatility has proven vital in developing cross-platform communications and our ability to leave tomes of paperwork at home, replaced by a simple PDF on a USB stick.
However, this week the newswires were again filled with reports of how PDF viruses pose a risk to cyber-security. The latest finding suggests that malicious PDF files could be used to infect previously clean PDFs. On his blog Jeremy Conway – a product manager with Nitrosecurity – reveals that by using a program launch action to trigger embedded code “PDF files that have been stored on the user’s computer for years and are trusted, could now house any sort of badness and/or evil I chose to update them with”.
Adobe, have already responded that the warning message accompanying the pop-up dialogue in Adobe Reader advises users to only open files from a trusted source but it does call into doubt previously perceived safety of the PDF, particularly after F-Secure revealed last month that Adobe Reader had been the target of nearly half of all malicious attacks in 2009 overtaking Microsoft’s Word.
Yet, perhaps the vulnerability of the format is a result of over-ambition of a format developed to create a document that didn’t re-format depending on the font you had on your computer or the version of an application you had loaded. The PDF was designed to present a uniform presentation of the document however and on whatever it was viewed or printed. It was effectively the digital equivalent of the photocopy that you could carry in an electronic form in your pocket or send via email.
Modern developments of the format however now allow plug-ins, embedding and full multi-media functionality that increases functionality and appeal of the format but also the vulnerability to attacks. While awareness of the security risks associated with PDFs might be raised, the still-common assumption that PDFs are safe might just be its own undoing. Perhaps it is time to go back to basics, creating a new simple 2-D document representation format and leave the gimmicky bits elsewhere for those that want them?
Tim Fuell
Tim Fuell only joined the Webfusion team earlier this year but having been a customer of the group for more than ten years, he knew all about their success in the Web hosting field. After writing his Masters thesis on the threat of cybersquatting way back in 1998, he has seen the Internet grow beyond even his wildest dreams. A journalist for over sixteen years and a qualified Solicitor, Tim is one of a team of bloggers in the Webfusion stable aiming to educate, inform and assist their online readership.
Tim Fuell only joined the Webfusion team earlier this year but having been a customer of the group for more than ten years, he knew all about their success in the Web hosting field. After writing his Masters thesis on the threat of cybersquatting way back in 1998, he has seen the Internet grow beyond even his wildest dreams. A journalist for over sixteen years and a qualified Solicitor, Tim is one of a team of bloggers in the Webfusion stable aiming to educate, inform and assist their online readership. ...less info
