05 May 2010, 15:42

Foxit Reader adds new security features - Update

Foxit draws level with Adobe and offers a Trust Manager option to disable embedded code execution. Version 3.3 of Foxit Reader contains a feature called Trust Manager which allows configuring the Reader so that it no longer executes scripts and programs embedded in a PDF document. A similar feature has been available in Adobe Reader for some time.

By incorporating this functionality, the Foxit developers have responded to the still smouldering problem with the PDF specification's /launch function. The "Launch Actions/Launch File" function allows scripts or EXE files embedded in PDFs to run. Although, since version 3.2.1.0401, Foxit has issued a dialogue message asking users to confirm the execution of such embedded code, this dialogue can be formed in such a way that users have no idea they may be allowing malware to infect their systems.

If "Enable Safe Reading Mode" is activated, Foxit Reader won't even execute the code when a user disregards the alert and opens a script. The new option is activated by default during installation. Adobe Reader handles this feature the opposite way: Only disabling the "Allow opening non-PDF file attachments with external applications" feature, which is enabled by default, makes Adobe Reader immune.

Only recently, anti-virus vendors reported that criminals have attempted to use PDF documents to infect Windows PCs with ZeuS bots and worms. Therefore, users are urgently advised to check the configuration of their PDF Reader.

Update - Foxit have released version 3.3.1 of their PDF reader which resolves the dialogue issue mentioned above. The update separates the command and parameters to be executed into their own fields in the dialogue. This ensures that the user can always see the command to be executed and that the command is not obscured by a long list of parameters, which may contain misleading text.

See also: