Montag, 9. April 2012

PDF, JavaScript and Code you don't want

My dear readers!

Regarding trojan- and virus-attacks often you can read about pdf-documents entering your local machine as email-attachments. While opening these attachments it's possible that embedded trojans and other malware will be installed unvisible or system settings could be changed.

This works via scriptlanguage JavaScript. With embedded JavaScript-code the functionality of a pdf-document can be greatly expanded. The embedded code will be coupled with an event like OnLoad (that's while a document will be opened) and then executed if the event happens. Normally this is a positive thing but it may also be to your detriment.

Installing your Adobe- or Foxit-PDF-Reader (which are able to interprete Javascript-Code) it's a standard that using Javascript is activated. It's an optional setting which can be deactivated by you again.

Deactivating Javascript in Adobe Reader 9 or 10 (for example) you can go this way:

...Edit -> Preferences -> JavaScript...

in the right window section you can remove the marks in the checkboxes at
"Java Script / Enable Acrobat JavaScript" and
"Java Script Security / Enable menu items Javascript execution privileges".

Deactivating Javascript in Foxit-Reader 5 goes like this:

...Tools -> Preferences -> JavaScript...

Remove the mark at the checkbox at
"Enable Javascript actions".

If you don't want to deal with such things and if an easy pdf-reader is enough for you should try the small and easy to use Sumatra PDF Reader which aren't able to interprete JavaScript.

Cheers,
Ingo