Protect PDF documents no matter where they reside:. Control how documents are used:. Set documents to automatically expire:. Revoke access regardless of where documents are located:. Add dynamic watermarks to viewed and or printed pages. See how your documents are being used:. Comply with legislation by controlling access and use:. Protect IPR, reduce costs, ensure compliance, gain new revenue:.
At first sight, plugins software components that add features to existing applications — most typically browsers offer a superior way of delivering Digital Rights Management DRM functionality into PDF documents on an end user device desktop, laptop, tablet and so on.
Users would be amazed to find out just how many plugins or add-ons are already installed in their browsers and they never noticed. So a well-designed plugin can offer good PDF security because it can be delivered reasonably easily, has direct access into the browser functionality and a connection to the Internet already provided so it can download documents as required and do any user authentication required. Current security controls often require an Administrator to allow them to be installed, just the same as an executable does, so that makes them the same as installing application software.
However, unlike application software they can create a gateway for other applications or malware to enter, decreasing the overall security of the application they are plugged in to. There is no formal testing process by the browser providers. By studying a plugin it is possible to see where it acts on data and design another plugin to take advantage by grabbing the data being processed.
It is also possible to manipulate plugins to allow malware to be uploaded into a user machine. Browsers are always in a state of update. And there is no coordinated schedule of when they are changing or what is changing. So you can certainly participate in the browser beta schedules — the manufacturers helpfully make their expected release candidates available to extend their own testing capabilities — but changes to other plugins cannot be easily coped with.
This is compounded by the presence of different versions of browsers on different platforms. So when updates roll through things can stop working for a while. And some corporations only allow versions of the browser that they have locked down, and this may not be compatible with updated plugins either. So whilst the automatic plugins of the big software suppliers for PDF, Flash and Quicktime mainly work OK for corporates other plugins have no guarantee.
There are also a lot of differences between the corporate world and the consumer. Corporates move slowly, preferring to be behind the curve on the systems they are running — not on the bleeding edge. Companies selling plugin solutions will claim they are easier for users to install. This is not true. And unlike application software they can create a gateway for other applications or malware to enter, decreasing the overall security of the application they are plugged in to.
In the PDF world it is commonplace to use plug-ins to provide extra functionality and features. But they are known to also create security holes. We reproduce some of the text published in the CERT report:. The purpose of the Reader enabling plugin architecture and IKLA is for licensing only and does not imply suitability or endorsement by Adobe of third party plug-ins.
The Certified Mode of both Adobe Acrobat and Adobe Reader is used to provide added assurances that only plug-ins provided by Adobe are compatible. All third party plug-ins are restricted to non-certified mode. Unverified non-certified plug-ins can be removed from the plug-ins directory, and they will no longer load at startup. We respect the advice given by CERT, but note that if an attacker permits the loading of unverified non-certified plug-ins which happens by default in all versions of Adobe unless you specifically check a box to say otherwise they may introduce vulnerabilities.
Of course, one must assume that this is precisely what any attacker would therefore do. Normal users familiar with their desktop plug-ins can hardly be criticized for using non-certified plug-ins when you can hardly expect them to understand any of these arcane technical issues, still less comply with them.
There are many Adobe Acrobat and Adobe Reader plug-ins that can load by design only in certified mode. Certified mode assures that all other plug-ins, loaded with those ones, have been also certified by Adobe. However, with this vulnerability, a plug-in with forged signature can perform virtually everything, including but not limited to:. The following white paper, Plug-ins — a source of insecurity , examines and questions the claims often made by plug-in suppliers that they are secure, giving published examples of where they are not.
It demonstrates why you should not purchase a document security solution that relies on plugins. If you cannot rely on a PDF security plugin working as expected not conflicting or circumvented by other plugins and failing to operate when Acrobat is frequently updated then the plugin is effectively useless. And if you are forced to turn off security in Adobe Acrobat in order to get the PDF security plugin to work see Fileopen Rights Manager as an example then you are putting the security of the application and your system at risk.
Many software product manufacturers provide customer access into their products. There are many reasons to do this, including:. Sometimes these points of access are called APIs, and sometimes they are called plug-ins. What do they do? They tell the outsider where data is found and how to interpret it. Ideally a plug-in should be secure by virtue of its own design, adding it to an existing application would not add a new weakness, and the plug-in would not conflict with any other plug-ins used in the same application.
However, it seems that plug-ins sometimes conflict with each other. The first thing you are told if there is an issue with an application is to disable all plugins. And if you do a Google search you will find companies selling plug-in conflict detection tools, so the problem is a genuine hazard. Unfortunately, plug-ins, like any other computer programs, may also contain errors that need to be corrected. So the solution is to update.
But of course everyone has to implement the update, and we know just how difficult that is to achieve. And finally, it can be strange to consider that IT departments install plugins without any knowledge of what impact they may have. A plug-in for example, obtains the rights of the application it is plugged into, which may be very considerable indeed. So plug-ins are not a guarantee of security, and, if used at all, should be used with great care and caution.
Before you download and install the Adobe Acrobat Plugin, or before you choose an Adobe Acrobat alternative , you may want to compare the main features with another program. Unfortunately, Adobe Acrobat and Chrome are no longer compatible. You will likely need to use another browser to activate your Adobe plug-ins instead. The solution for these problems is to always ensure you have your plugin enabled. If your browser does not support the plugin, you may have to use another browser.
Note that Adobe Reader has ended support, there are no more updates or customer support available for the program. You can though keep using it, but if you have an issue using it, there are no resources to turn to. More importantly, your file and data might be at risk due to a lack of protection. In this case, you can free download the best alternatives to Adobe Acrobat here.
Buy PDFelement right now! Elise Williams.
0コメント