eXPert PDF Reader

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
21,564
Location
I am omnipresent
Howell, you know that when Foxit is asking to update, most of the time it's to address security issues, right? And that those issues are largely created by the file format itself?
 

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
Howell, I don't have those problems ... any more. Have you tried completely uninstalling Foxit and installing a new version from scratch? I did experience Foxit sluggishness with my old Windows install on the same PC, especially when exiting. I can barely remember the nag screens.

I tried your suggestion of eXpert PDF Reader, but found it really, really struggled when rendering an org chart (vector graphics perhaps?), although after a slow startup it seemed okay with other files. However, the inability to rotate a page or display a two-page view lost me completely.

I also tried Cool PDF Reader, which couldn't even scroll through the pages. Only saving grace is its tiny download size.

I was impressed with PDF-XChange PDF Viewer. It's mostly fast (with multi-threading), has all of Foxit's features plus a few more, such as the ability to Export to JPG or a heap of other image formats. Also nicely thought out UI, eg: a popup thumbnail that updates when you drag the scroll bar to move through a long document, and the Esc key shifts focus from the text search control back to the document so you can scroll. It also has some built-in PDF creation features and a bunch of other stuff you need to pay for with Foxit.

The downside is that it eats memory like a starving dog. Possibly as a result, it's not as fast as Foxit when scrolling through big graphics-rich documents.

In my tests, Foxit used vastly less memory than anything else and was easily the best all-round performer. It's gradually getting better, I recommend cleaning out all traces and trying the latest versions.
 

udaman

Wannabe Storage Freak
Joined
Sep 20, 2006
Messages
1,209
Howell, you know that when Foxit is asking to update, most of the time it's to address security issues, right? And that those issues are largely created by the file format itself?

http://blogs.zdnet.com/security/?cat=5

http://www.macdailynews.com/index.php/weblog/comments/24469/

"The 36-year old researcher used a technique known as 'dumb fuzzing' to perform a side-by-side comparison of four different software applications: Adobe Reader, Apple Preview, Microsoft PowerPoint and Oracle's OpenOffice," Greenberg reports. "He wrote a simple Python script--just five lines of code--that randomly changes one bit of a PDF or PowerPoint file, plugs the file into the target application to see if it crashes, and then changes another bit, repeatedly tweaking and testing."

"After running his fuzzer program on the applications for 3 weeks each, Miller found nearly a thousand unique ways to make the programs crash, and combed through those data to find which of those bugs allowed him to take control of the program," Greenberg reports. "The results don't look good for Apple: 20 exploitable bugs in Preview compared with either 3 or 4 each in Reader, PowerPoint, and OpenOffice... Even so, Miller doesn't confine his criticism to Apple. 'Microsoft, Apple, and Adobe all have huge security teams, and I'm one guy working out of my house,' he says. 'I shouldn't be able to find bugs like these, ever.'"


MacDailyNews Take: This the annual "Much Ado About Nothing/Let's Blow This Totally Out of Proportion" festival. Microsoft apologists love it. Of course, they also think a firecracker equals an atom bomb. Expect Apple to update before any real users are affected, as usual. Still, would it kill Apple to hire a fuzzer right out of college to find these things first, get them corrected, and make Mr. Miller's "job" more difficult?


VANCOUVER, BC — For the third year in a row, Charlie Miller has hacked into a MacBook by exploiting a critical Safari browser vulnerability.
At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook.

Hmm, I'll bet a certain mod won't be complaining about this particular OT post, lol...never mind that Miller has said he thinks the Mac OS is safer, simply bc of fewer viruses on that platform.


http://www.h-online.com/security/news/item/Mac-OS-X-safer-but-less-secure-Update-957981.html

The approximately 20 zero-day holes are contained in closed source Apple products, said Miller. "OS X has a large attack surface consisting of open source components (i.e. webkit, libz, etc), closed source 3rd party components (Flash), and closed source Apple components (Preview, mdnsresponder, etc). Bugs in any of these types of components can lead to remote compromise", he emphasised.

Apple users are currently "safer, but less secure", he said. While malware authors don't concern themselves with the relatively small number of Apple users, Miller said, the size of the market share is no longer a valid argument in targeted attacks such as operation Aurora: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
^:D
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
I liked Foxit, it was just the update screen that caused me to switch.


Merc,
I turn off those automatic update features and install updates on my own schedule on servers. On my own machine it also seemed to want to install the same bits over and over.

Time, thanks for the in depth review. I'll give Foxit another go.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
And that those issues are largely created by the file format itself?
That's a patently ridiculous statement.

JPEGs can carry malicious code, but people aren't all up in arms about Paint being installed on every Windows machine because it doesn't allow the code to execute.

You might as well blame Seagate because Windows has security issues.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,511
Location
Horsens, Denmark
That's a patently ridiculous statement.

JPEGs can carry malicious code, but people aren't all up in arms about Paint being installed on every Windows machine because it doesn't allow the code to execute.

You might as well blame Seagate because Windows has security issues.

You're missing an important part in that argument. The JPEG spec does not specify that code should be executable, therefore ignoring executable code is still a legit implementation.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,625
Location
USA
Why are any of you downloading dodgy PDF files? I don't understand.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,511
Location
Horsens, Denmark
I would consider any PDF I did not create to be potentially dodgy. Considering the purpose of the format is to easily transport and exchange information, dealing with dodgy PDFs kinda comes with the territory.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,625
Location
USA
So the malwares are in product brochures, instruction manuals, white papers, and other corporate docs downloadable on the internet?
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,511
Location
Horsens, Denmark
Corporate docs? You bet. How about contracts from clients or vendors? How about PDFs that I created and that have been stored on the file server (where other potentially infected computers have read/write access)?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
21,564
Location
I am omnipresent
So the malwares are in product brochures, instruction manuals, white papers, and other corporate docs downloadable on the internet?

At this point, yeah. PDFs need to be considered suspect. My dad got one of the 1,001 variants on XP Antivirus a couple weeks back from looking at home design blueprints in PDF format.

PDFs have a built in javascript interpreter, and Adobe has fuck-all interest in providing secure products, so malware programmers are finding that it's easier to attack computers through either a browser's Acrobat plug-in (the issues seem to be specific to Acrobat, though Foxit and anything else that fully implements PDF could technically have an issue) or directly with malware-laden PDFs. The good news is, the bad guys are less interested in attacking our web browsers. The bad news is, it's because they've found an easier target.

And for those keeping track at home, Adobe has officially joined the elite pantheon of corporations I wish could be raped to death with a chainsaw.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,709
Location
Left Coast
PDFs have a built in javascript interpreter
Merc, when did you become a fount of misinformation?

Even you should know that, if PDFs had a built-in JavaScript interpreter, then they would self-executing. They're not.

PDFs just hold the scripts. Like all of the other information in the file, it's just text. You can check the PDF reference yourself. It's the reader program that interprets the code.

You may wish to violate Adobe with a gas-powered forestry tool, but the PDF format is open; anyone can use it. Because of this, Adobe can't control the crap PDF readers and writers that other people put out. I suppose that you could blame Adobe for opening the format, but, at that point, you might as well blame Linus Torvalds for any problems with Linux.
 

MaxBurn

Storage Is My Life
Joined
Jan 20, 2004
Messages
3,245
Location
SC
fix

"Adobe acrobat has a built in javascript interpreter"

Now the rant is valid.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
21,564
Location
I am omnipresent
fix

"Adobe acrobat has a built in javascript interpreter"

Now the rant is valid.

More correctly, all PDF readers have a built in javascript interpreter, which is most assuredly what I meant. I'd been awake for about 20 hours when I wrote that.

Anyway, when Adobe is swept from the Earth like the plague that it is, we will hopefully be given some better format for our portable documents. Has anyone ever done anything meaningful with .XPS?
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,625
Location
USA
Is the switch for turning off the intrepretater defective? :viking:
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,737
Location
USA
Nope, it's conveniently located in the add/remove programs under the control panel. ;-)
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
16,625
Location
USA
Nope, it's conveniently located in the add/remove programs under the control panel. ;-)

It would be too hard to reinstall. I'd rather restore the image when in doubt. I do that hundreds of times each year anyway.
 
Top