Blog: Adobe

PROBLEM: Regular (non-admin) user selects to ‘Repair Adobe Reader Installation’ from the Help menu within Adobe Reader application. After repair is completed, the user is prompted to restart the machine. If Adobe Reader is running on a multi-user server (RDS or Citrix XenApp), selecting yes to reboot the machine would forcibly disconnect all other users sessions which could interrupt their work.[more]

CAUSE: The user was able to do this because the Reader update\repair was performed by the Windows Installer running in the System context.

SOLUTION: Disable Adobe Reader repair option by adding the following registry key (specific to Adobe Reader XI):

  • 64bit OS - HKLM\Software\Wow6432Node\Adobe\Acrobat Reader\11.0\Installer\
  • 32bit OS - HKLM\Software\Adobe\Acrobat Reader\11.0\Installer\
    • “DisableMaintenance”=DWORD:00000001

 

I had recently upgraded Adobe Reader to version 10.1.2 and my printer would only print a blank page when I tried to print a PDF document.  The printer lights would blink, and all print jobs after that would not print until I physically rebooted the printer.  I thought there might be something wrong with the PDF that I was trying to print until it happened to me again with another file.

I came across a knowledge base article from Adobe last updated 1/25/2012, http://kb2.adobe.com/cps/928/cpsid_92870.html that gives a link to a patch for being unable to print at all, and it mentions that Duplex is set to “ON” by default after the upgrade. 

Unchecking the Duplex option allowed me to print successfully.  The patch may help others in troubleshooting print problems.  As Adobe Reader updates get installed on our customers’ PCs, we may have an increase in support calls.


 

Under 64-bit Windows 7, I noticed the latest version of Acrobat Pro X (V10.1.2) becomes unresponsive for about 4-5 minutes after opening a PDF file.  Then everything is fine.  I found references to this problem being related to protected mode being used when opening PDF documents.  In the program's preferences, there's an Enhanced Security section.  When I disabled enhanced security, PDF documents started opening quickly.

Then I went back and turned enhanced security back on and added folder paths to the Privileged Locations you can specify as part of enhanced security and was able to open files from these locations without the delays.  Testing is not conclusive since I have been unable to make it go from fast to slow predictably.  However, turning off enhanced security was conclusive.


 

Level Platforms has partnered with a company called Ninite to provide prebuilt installers for many non-Microsoft utilities and applications.  These include Java, Adobe Reader, and Adobe Flash.  With the new scripting features in Level Platforms MW2011 we should be able use the packages provided by Ninite to centrally manage updates to these applications.  If you want to try Ninite, they provide free installers packages that are completely functional, but with some restrictions for enterprise automation.

https://ninite.com/help/how-ninite-works/


 

After listening to a security podcast about Flash security, I decided to change some of my settings. You can do this by going to the Adobe Flash Player Settings Manager web page and clicking on the tabs to disable features.  One of the settings I disabled was "Allow third-party Flash content to store data on your computer". [more]

Adobe Flash Player Settings Manager

One thing I noticed after I disabled the "Allow third-party Flash content to store data on your computer." option was videos at some sites like CNET stopped working. This was happening regardless of which browser I tried, so I suspected a problem with Flash.  But other Flash content worked like YouTube.  Eventually, I remembered changing the Flash settings and re-enabled the third-party Flash content to fix the problem.


 

Most people know about the cookies that internet browsers use to store information.  It's easy to configure browser settings to not allow cookies, only allow trusted cookies, and to delete cookies when exiting the browser.  What slips around the radar are Local Stored Objects (LSO), also known as super-cookies or Flash cookies.

LSO’s use Flash technology to store more information than regular cookies.  In addition, LSO’s can be used to recreate, or respawn, deleted cookies.  More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies according to UC Berkeley researchers.

To control these Flash cookies, you have to use the controls on Adobe’s site.  According to Wikipedia,  “Users can only opt-out of Local Shared Objects globally by using the Global Storage Settings panel of the online Settings Manager at Adobe's website. Users can also opt-out of them on a per-site basis by right-clicking the Flash player and selecting 'Settings'.  Adobe's online-only Website Storage Settings panel was created to let users view and delete LSOs on a per-domain basis. It is also possible to completely disallow LSOs from a specific domain by setting the storage space to "0 KB", however, although no data is stored, empty directories with the name of the domain are nonetheless created. Add-onextensions that allow the user to view and delete LSOs have also been created for the Firefox Web browser, e.g. BetterPrivacy.”


 

I think we all know better than to download executable programs (.exe's) from untrusted sources and run them.  Opening a Word document from an untrusted source could be dangerous.  Now, even opening a PDF file on a fully patched Windows machine with excellent, up-to-date anti-virus and malware software could cause your machine to get owned.

Didier Stevens, who has written some great PDF analysis tools, published a disturbing blog post the other day.  He demonstrates how to use an existing feature in PDF to execute a program on someone's computer when they open the document.  Adobe Acrobat Reader displays a message first, but the message can be changed to social engineer someone into clicking the Open button on the message.  And my favorite PDF reader, Foxit, does not even display this message.  Disabling javascript does not help. [more]

Here is the link to his article: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

I downloaded his extremely simple example and in a few seconds changed it run a batch script instead of cmd.exe.  It looks it would be trivial to make it run any sequence of commands desired.  Depending on the PDF viewer used on other operating systems such as Linux or Mac OS X, this same technique will work there.

When using Google, one might consider clicking on Quick View or View as HTML instead of viewing the actual the PDF file.

UPDATE:  Adobe finally responded to this, explaining simply how to disable this feature.  This sounds like a good thing to do for most users. http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html


 

We frequently use comments in Word documents as part of our information security audit process and I finally looked for a keyboard shortcut to insert a comment.  The shortcut is Ctrl+Alt+M.  However, the most useful thing I found when looking for this was a comprehensive Word 2007 keyboard shortcut list at http://www.keyxl.com/aaa367b/5/Microsoft-Word-keyboard-shortcuts.htmKeyXL.com has keyboard shortcuts for all types of Microsoft, Adobe, Google, and other applications.  It's definitely worth adding a bookmark for if you're a fan of using shortcuts.