Security tip #1: disable JavaScript in PDF reader

I would like to start a series of non-regular posts related to basic computer security. Security and cryptography are two areas of computer science that I have a passion for and, unfortunately, are two areas that most computer users do a truly terrible job at. I will try to make these as straight forward as possible so anyone can follow along!

For the record, the suggestions I will be making in these tips are simply things that I have found to work for me. Whether or not they work for you, or even are appropriate for you, falls completely upon you to decide.

Earlier in the year Adobe’s Acrobat Reader fell under attack do to a flaw in the way it processes JavaScript inside of PDFs. This was especially shocking to me because I had no idea you could even embed JavaScript inside of a PDF. Thankfully this has since been patched, however scripting is one of those things that seems to attract continuous attacks. Therefore I am going to walk you through how to turn off JavaScript inside of your favourite PDF reader, so long as your favourite PDF reader is either Acrobat Reader or Foxit Reader 😛

I understand that JavaScript can be useful for many things, for example as a PDF form auto-competition mechanism. That being said I have never needed this feature and since disabling it many months ago I have never had to enable it for a single PDF. While your circumstances may vary from mine, I still do not see any harm in disabling this feature and then only selectively enabling it when and if you ever need it.

Adobe Acrobat Reader

  1. Open Acrobat Reader
  2. Open the Preferences window. To do this click Edit > Preferences
  3. Click JavaScript on the left
  4. Uncheck “Enable Acrobat JavaScript”
  5. Click OK
  6. You’re done!

Foxit Reader

  1. Open Foxit Reader
  2. Open the Preferences window. To do this click Tools > Preferences
  3. Click JavaScript on the left
  4. Uncheck “Enable JavaScript Actions”
  5. Click OK
  6. You’re done!