Foxit Reader intros new Safe Reading feature

Summary:The latest version of the Foxit Reader, includes the new Safe Reading Mode feature, protecting users from a wide range of malicious PDF file actions. A test using a malicious PDF file, proves just how useful the feature really is.

With numerous reports, continuing to highlight the rise of malicious PDFs, in combination with DIY crimeware tools acts as a key driving force for the growth of cybercrime, end users and companies are constantly looking for ways to mitigate the risks posed by the ubiquitous PDF format.

This week, Adobe's main competitor in respect to the timely introduced security features responding to in-the-wild threats, has once again reacted to the current cyber threat landscape, by introducing a new feature in the latest Foxit Reader v3.3.

More details on the new feature, including a test using a spamvertised malicious PDF relying on the /Launch command:

The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF actions, and JavaScript functions; efficiently avoiding the attack from malicious contents and viruses. Enables users to show or hide the Ask Search Button in the Preferences menu.

The "Enable Safe Reading Mode" feature is not just alerting the end user, it's actually preventing any further interactions with the malicious PDF file. This is where the true usefulness of the feature really is, as you can see in the attached screenshot, using a spamvertised malicious PDF file, using the “/launch” command.

For a truly safe, PDF format experience, disabling JavaScript Actions from Tools -> Preferences -> JavaScript -> Disable JavaScript Actions, is also highly recommended.

Windows users running the Foxit Reader, in a combination with well configured NoScript for Firefox, least privilege accounts, decent host-based firewall, lack of any outdated third-party applications on their host, and sandboxing/isolated web browsing habits, mitigate a huge percentage of the currently active exploitation tactics used by cybercriminals.

So, what are you waiting for? The time has come to migrate to an alternative PDF reader.

Topics: Open Source, Security


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.