F-Secure suggests integrated PDF reader for Windows

In a letter to Microsoft F-Secure staff member Sean Sullivan writes "We'd like you to consider developing a PDF reader for your Windows OS”. Sullivan says that a simple viewer like Preview.app in Mac OS X would suffice. He says the reason for this request is the constant stream of new security flaws in Adobe Reader, many of which are the result of additional options that are not even needed to simply view a document, such as the /launch function, JavaScript support, and the ability to playback audio and video files.

Sullivan argues that a PDF viewer that fulfils the PDF/A standard would be more than enough; after all, PDF/A explicitly rules out support of these options. Sullivan speculates that adding such an option to Windows might entail license fees for Microsoft, but he points out that Adobe's license terms for developers have allowed the patents to be used for free for some time now.

Sullivan even believes that Microsoft would not necessarily have to offer the viewer as a standard part of Windows; it could simply be made available as a separate download. Microsoft already does with its Office add-on to save as PDF, an add-on that was made available from Microsoft's website after the PDF standard was released.

However Sullivan fails to mention that streamlined PDF viewers sometimes also contain security flaws. Indeed, though Sullivan praises Preview for Mac OS X, the hacker and Pwn0wn winner Charlie Miller recently announced that he would demonstrate how he discovered at least 20 zero day Mac security flaws. And because security risks are repeatedly found in alternative PDF viewers like Foxit, Germany's Office of Security in Information Technology (BSI) even considered developing its own safe PDF viewer in 2009.

See also:

• PDF files spread Windows worm, a report from The H.
• Adobe introduces automatic update for Reader, a report from The H.
• PDF exploit requires no specific security hole to function, a report from The H.

(crve)