Adobe Document Services
Insights, trends, news and more.

Posts tagged "Security"

August 6, 2013

Top 10 Reasons To Use PDF Instead of Word, Excel or PowerPoint

Working with PDF formats allows professionals to edit, share, collaborate and ensure the security of the content within digital documents. Now, the PDF can do that much more. Here is the top 10 hit list of why it is the best format.

 

1)    PDFs are Universal.  Editing documents in Word can be easy and useful, but if you save a Word document on a Mac, it may not visually transfer properly to a PC; whereas PDFs are viewable on any device.

2)    Trusted Security. Even legal professionals trust PDFs as their preferred file format. According to Legalscans.com, for an electronic document to be admissible in a court of law, it must be created in a file format that cannot be altered without leaving an electronic footprint. PDFs satisfy that need.

3)    Quick and Easy to Create. Whether working with Word, Excel or PowerPoint, documents are easily converted into PDF, and with Adobe Acrobat XI you can easily convert them back if need be.

4)    Decreases File Size. Professionals can convert any file into a PDF without sacrificing quality. You can even merge multiple documents, such as spreadsheets, photos, and presentations, into a single PDF file.

5)    Reading is Free. Most PDF Readers, including Adobe Reader, are free to the public.  This ensures that anyone you send the file to will be able to see the full version of your document.

6)    Interactive Documents. To create a fully interactive experience, the latest version of Adobe Acrobat allows you to add hyperlinks, rich media, music, movies, and many other advanced features to your PDF.

7)    Mobile Access. Adobe Reader is available on any device, so people can read your PDF files anywhere they want, while still accessing a lot of the same functionality they would get on a desktop. 

8)    Completely Searchable. Users can easily find what they are looking for through a quick search. PDF documents can even be organized with a table of contents that link all sections to the appropriate pages in the file.

9)    Password Protection. Many industries deal in sensitive material or intellectual copyrights that need an even higher level of security.  The password protection option allows both recipients and those receiving the file to know that their information is secure.

10) Document Analytics. Recipients can also view who has access to the information. If the password is breached, the appropriate actions can easily be taken.

Bonus) Collaborating with Teams.  Colleagues can markup and comment on documents, leaving you in control of editing the original, even if they only have Adobe Reader.

 

We know there are many more reasons why you use PDFs, so let us know your number one reason for using PDFs in the comments below.

 

Bookmark and Share
5:55 AM Permalink
May 14, 2013

Adobe Reader and Acrobat Quarterly Updates Now Available

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. You can update your system to the latest versions from the built-in updater or by downloading the patch from the Adobe website. IT professionals can get more details on the update and deploying it from the Enterprise Toolkit for Acrobat products.

For more details please review the official security bulletin.

Bookmark and Share
2:16 PM Permalink
April 9, 2013

Is PDF Application Security really that important?

Cyber attackers today are intent on not only stealing data, but also crashing systems, damaging reputations, or just simply showing off their hacking prowess. As a result, businesses, schools and government agencies have to spend more resources to battle those attacks. It’s not only expensive from an IT perspective, but also in the potential loss of trust in that organization by their customers and constituents. A recent survey by PWC found that 28.6% of respondents claim their company suffered financial loss due to a security breach incident. That’s a worrying statistic for sure.

 

Universally-accepted file types – including PDF, unfortunately – are one of many ways these hackers gain entry to systems by embedding malicious code into the files. So choosing a PDF software application that fully uses modern mitigation techniques to reduce risk is obviously important. To help you understand the risks and evaluate a vendor’s approach to security, we have recently updated and published the white paper PDF Application Security – How to minimize your risk. It’s available for free from Adobe’s web site.

 

The white paper contains results of independent third-­party testing on the entire Acrobat family of products, specifically related to security. Adobe Reader X and Adobe Acrobat X produced excellent results in security testing by implementing what security experts call a “defense-in-depth” approach within the software and as offered by the operating system. Adobe Reader XI and Adobe Acrobat XI have improved security and sandboxing even further, and Adobe continues to invest in security. This investment has helped reduce the need for out-­of-­cycle security updates. Note in the diagram below, Adobe Acrobat X only had two out-­of-­cycle security updates, while Adobe Acrobat 9 had seven. Deploying a software patch is a timely and expensive process, so we want to help IT professionals minimize those costs by reducing the number of out-of-cycle patches for the Adobe Acrobat family of products.

Chart showing the number of Acrobat and Adobe Reader update releases

 

If you are considering PDF software based on the licensing cost, please be careful. The days of making software choices based on the quoted price alone – without thorough consideration of security – are long gone. You should be asking vendors about operating system mitigations built into their PDF software, processes in place for addressing security threats, and even how involved the vendor is with the broader security community. To get more details about all the ways the Adobe Acrobat family helps organizations do more with PDF, while also providing advanced security, lower costs, and easier software management, download and read the free white paper, PDF Application Security – How to minimize your risk.

Bookmark and Share
5:53 AM Permalink
February 19, 2013

Adobe Reader and Acrobat updates planned for week of February 18, 2013

UPDATE for FEBRUARY 20, 2013: Patches are now available for Adobe Reader and Acrobat XI for Windows and Macintosh, X for Windows and Macintosh, and 9 for Windows, Macintosh and Linux. Please refer to the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog for details.

Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013. Adobe will continue to provide updates on these issues via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog. Please refer to these resources for any details.

Bookmark and Share
9:40 AM Permalink
August 20, 2012

Securing and Protecting Your IP

We recently conducted a study of the challenges and expectations of knowledge workers and IT. While the full results of the study aren’t ready yet – and I’ll share them with you here, among other places, when they are – there was one finding that stood out: the majority of organizations underestimate their overall information security risk as a vast majority of workers regularly collaborate with others outside their companies.

The implications of this are enormous. Leaked sensitive information damages your competitive advantage and erodes your customers’ and partners’ trust in you. And that, of course, hits the bottom line. IT departments can choose a user-friendly, document-level security solution to protect the company’s documents, inside and outside the firewall. For their part, users need the ability to secure documents with a solution that can easily integrate into the existing IT environment. That way, everybody’s happy.

Adobe Acrobat customers deal with document-level security risks all day long. We all remember the embarrassing high profile cases in which law firms or government agencies thought they’d deleted sensitive content only to find it on the front page of the NYTimes. However, using Acrobat, Andrew Moir, a partner at international law firm Herbert Smith, says “we know that information we need to keep confidential, stays confidential.”

Adobe Acrobat lets you remove sensitive data from documents before sharing them with others. The PDF redaction tools permanently delete confidential information, while sanitization tools remove hidden information with one click. Acrobat’s Guided actions also help ensure that all team members prepare documents for distribution correctly and consistently.

You can further mitigate the risk of sensitive information being leaked by controlling access to documents. “We need to control who accesses documents and give people the assurance that the materials they receive have not been altered,” says Margaret M. DiBianca, Associate, Young Conaway Stargatt & Taylor

Young Conaway uses Acrobat to password-protect those documents with Acrobat’s 256-bit AES encryption technology to control access. The firm also sets file permissions to prevent editing, printing, or copying content. “With Acrobat, we can put controls on PDF files to limit access to information and restrict copying of data from files,” DiBianca adds. Acrobat also works with Adobe LiveCycle® Rights Management ES2 for extended rights management protection.

It’s also important to understand the role eSignatures play in security. Without an assurance that someone’s signature is the real deal, business could come to a screeching halt. That was one reason Adobe acquired EchoSign last year. With Adobe EchoSign eSignature and Web contracting services, you can send and receive digitally signed documents securely and quickly. EchoSign has been designed from the ground up for state-of-the-art ASP security. Electronic signatures are also protected by the federal ESIGN Act, which ensures that customers who sign contracts electronically are as protected as they would be had they opted for pen-on-paper agreements. You could argue the protections are even greater with digital contracts, since eSignature solutions can offer additional authentications from email, IP addresses, passwords, social network credentials and other safeguards that surpass anything possible with physical copies or fax transmissions.

What’s happening now is that Web contracting, which includes the automation of the entire contract process — from creation, collaboration, and execution to archiving and management — is quickly replacing the painful paper-based processes of the past with the advantages of working on the Web.

The main drivers of Web contracting and eSignatures are customers, partners, and internal users. Customers are increasingly comfortable conducting business via the Web and mobile devices, and they are demanding that companies move more of their customer-facing processes online. That, of course, adds a new dimension to security considerations.

So whether your security needs are redaction, rights management, access or secure e-signatures, Acrobat can provide a solution. There’s more information at the Acrobat IT Resource Center for insights into how to Acrobat can make your documents — and your IT operation — more secure.

Mark Grilli, senior director of Acrobat Solutions product marketing

Bookmark and Share
7:50 AM Permalink
July 25, 2012

Three Common Adobe Reader and Acrobat Security Questions

I get a lot of great questions regarding Adobe Acrobat and Reader security. Recently, a few have been asked more frequently than others. So, I thought I’d share those with you.

Q: What is the Adobe Acrobat and Reader update schedule?

About three years ago, we moved to a quarterly update schedule for Adobe Reader and Acrobat. It was part of a major initiative to strengthen the security of our products. At the time, three-month update cycles seemed like the right cadence given the threat environment and the pace we were adding new mitigation capabilities into the products. Fast-forward three years, and technologies like Protected Mode in Adobe Reader and Protected View in Acrobat (sandboxes) have provided effective layers of defense, reducing the need for the ongoing quarterly cadence.

So, recently we announced a closer alignment with the Microsoft Patch Tuesday model. Instead of delivering updates on a quarterly schedule, we will provide Adobe Acrobat and Reader updates on the second Tuesday of any given month as needed throughout the year to best address customer requirements and keep all of our users safe. We will also continue to publish a prenotification on the Adobe Product Security Incident Response Team blog three business days before we release a security update, and we will continue to be flexible and respond “out-of-cycle” to urgent needs, such as a zero-day attack.

Q: How is Flash content being handled in Adobe Acrobat and Reader?

Starting with Adobe Reader and Acrobat 9.5.1, we have classified Flash content into two categories, “known” and “unknown.” Known Flash content has been authored by Adobe and ships with the product. For instance, Portfolio Navigators and user interface elements are classified as known Flash content. Unknown Flash content has been authored outside of Adobe and does not ship with the product. For example, Custom Portfolio Navigators and Flash content embedded into PDFs are considered unknown. With this classification scheme, we are able to selectively render Flash content with different Flash Players. In 9.5.1 and later, we render known Flash content with an internal component embedded inside of Adobe Reader and Acrobat, and let the system Flash Player (NPAPI version) render the unknown content.

Since an attack would leverage unknown, as opposed to known, Flash content, this means that Adobe Reader/Acrobat 9.x users will no longer have to update Adobe Reader/Acrobat each time we update the Flash Player. This is particularly beneficial to customers in managed environments, because fewer updates means a lower cost of ownership, while maintaining a vigilant security posture. Keeping in mind that there is no silver bullet when it comes to security, we do follow a defense-in-depth security strategy. Therefore, even though we run all Flash content inside the sandbox in Adobe Reader and Acrobat X, where we’ve had great success thwarting attacks, we’ll still implement this new handling of Flash content into those products in the future. We’ll let you know when that happens.

Q: Can you explain the new security ratings?

In the past, security ratings were based on the worst-case scenario of a vulnerability without taking into account the presence or likelihood of an exploit. For a bit of background, a vulnerability is a code defect that can potentially be leveraged by an exploit to attack a system. Imagine the exact same code defect in two products. One product has a known exploit, while the other product has extra layers of defense that thwart the exploit from working. If you only consider the vulnerability, the security rating would look the same. But, if you consider the presence (or lack) of a functioning exploit as part of the security rating, you’ll get a different answer, and a better understanding of the threat, which in turn, provides better guidance on how quickly you should deploy the update.

This has happened with the introduction of new security mitigation technologies, like Adobe Reader Protected Mode (sandbox protections), which has made vulnerabilities much more difficult to exploit. Therefore, we’ve taken the degree of difficulty for exploit creation and included it in our new update priority ratings. We feel that this is the best way to clearly communicate real-world risk associated with the vulnerabilities addressed in any given security update.

Steve Gottwals, Group Product Manager, Adobe Acrobat Solutions Security

Bookmark and Share
6:21 AM Permalink

Ask a question


Acrobat XI Pro
Experience the full power of PDF with Acrobat XI.

Upgrade from

US $ 199 00 Buy

Free trial

or call 800-585-0774

Acrobat XI Standard

Acrobat XI Standard
Get what you need to get the job done right.

Upgrade from

US $ 139 00 Buy