Securing Adobe Reader
Adobe Reader (also known as Acrobat Reader) is a free viewer for PDF (portable document format) files. It has been plagued by viruses and other malware for several years now; mainly because its numerous security bugs have enabled loading malicious documents on web pages without user consent. In October, 2012, Adobe released Reader XI (version 11) that includes enhanced sandboxing (running the program in protected mode, so that malicious scripts and programs can not alter other contents on user's computer while reading the PDF file).
There are some simple steps to stop Adobe Reader from being misused.
The very first step is to verify that Reader is up-to-date. See the Browser and Plug-in Check for this. If necessary, download the latest version from Adobe's web page. This ensures that you will get two very important features in the program - protected mode and automatic updates.
To keep Adobe Reader and many other important programs updated automatically, you can also use the free program called Secunia PSI.
Open Adobe Reader's preferences by using keyboard shortcut Ctrl+K or by opening Edit menu and clicking Preferences...:
Now open the Security (Enhanced) tab.
First, put a check mark in the Enable Protected Mode at startup box in the Sandbox Protections section. Then select Files from potentially unsafe locations for Protected View. This keeps Adobe Reader from opening files that might be harmful. Most secure (but not very convenient) option is All files.
Finally, ensure that there is a tick mark in the Enable Enhanced Security check box.
Click the Trust Manager tab on the left. Clear the Allow opening of non-PDF file attachments with external applications box. This is a very important step as several botnets are using PDF files for opening unpatched programs and infecting victim's computers with trojans that steal personal information such as login names and passwords.
Then check the Load trusted root certificates from an Adobe server box. This will keep information about certificate authorities up-to-date and prevent opening files signed with fake or stolen security certificates.
And finally, open the Updater tab. If you do not have this tab, your Adobe Reader is not the latest version - close Preferences window by clicking OK, then open Help menu and click Check for updates (or just download and install the latest version from http://get.adobe.com/reader).
To change options on this tab you need administrative rights on your Windows computer!
Click to select the Automatically install updates option. This will ensure that you are always using the latest, fully patched version of Adobe Reader.
You might see the red Adobe Updater icon in Taskbar's Notification Area in the future while Adobe Reader updates are being downloaded and installed. Always let the process finish, its work; you can safely continue doing your work.
Click OK to close Preferences window.
To add an extra protection layer from even unpatched security bugs, please read our Microsoft EMET article!
And that's it - your Adobe Reader is now more secure!