Comments on: Security researcher argues for built-in PDF viewer in Windows

By: Nick De Roeck

Nick De Roeck — Thu, 13 May 2010 09:43:04 +0000

The mess I’m referring too is the leaky abstraction that Adobe has created around the concept ‘document’ with PDF.

PDF contains Javascript (and actions), so one has to assume that a PDF can contain it. It doesn’t matter if this only a small part of the spec.

From a security standpoint receiving a PDF is becoming equivalent to receiving an application – which is a big difference. Relaying on the goodness of a ‘well behaving client app’ isn’t also that great.

The Google solution is a good one, albeit an ironic one.
It keeps the document outside, and turns the PDF back into a ‘safe’ static document that displays in your browser.

By: Rowan Hanna

Rowan Hanna — Wed, 12 May 2010 15:14:25 +0000

That’s a great point — I rarely download a PDF that I receive via email before I have viewed it in Gmail’s PDF viewer. It much quicker to open the PDF via Gmail instead of downloading it and then waiting for a PDF viewer to launch.

This would help skip over the security issue as well. If Gmail can hvae a PDF viewer, why can’t Windows??

By: Karl De Abrew

Karl De Abrew — Tue, 11 May 2010 07:54:04 +0000

Actually — exhibit A in this case would be the built-in Gmail PDF viewer — I almost never download a PDF file within gmail when I’m looking for a quick read/heads up….

By: Rowan Hanna

Rowan Hanna — Tue, 11 May 2010 07:49:51 +0000

Why does Windows include an application that lets you preview JPG, BMP, TIFF, PNG, etc, images?

PDF is just as ubiquitous as TIFF files (and other image formats) these days and yet if you want to view them on Windows, you have to download a separate app. Whereas on Mac OSX and a lot of Linux distros, a basic built-in PDF viewer is included by default.

With regards to the security exploit, there is no “mess” that needs to be cleaned up. Simply put, there are countless ways that security exploits can make it onto your computer. Using your definition of a “mess” you could argue against using USB drives, floppy disks or even the Internet because all of these mediums can be used to transport security exploits onto your computer.

JavaScript is just one small feature of PDF and is mostly irrelevant to the majority of users — they won’t even notice if they’re using a PDF viewer that doesn’t support it.

Getting back to Sullivan’s point, if you use a PDF viewer on your computer that does not support JavaScript (or allows you to work without JavaScript support enabled), then there is no security exploit. The same thing can’t be said for removing the possibility of exploits from other Windows applications, such as Microsoft Word.

If Microsoft were to introduce a basic PDF viewer for Windows (similar to the Preview feature in Mac OSX) then it would be a win-win situation for Windows users. They would no longer need to download a separate app and they wouldn’t be exposed to this security exploit.

By: Nick De Roeck

Nick De Roeck — Tue, 11 May 2010 07:25:19 +0000

Sean Sullivan argues that this viewer can also be a separate download, but why not download Adobe Reader then?

Isn’t this asking Microsoft to fix the mess Adobe made with PDF?
And in one go, opening yet another front for Microsoft where they will need to defend against accusations of being the big bad gorilla crushing innovation?

Apple’s PDF viewer is indeed an incredibly useful application, but it’s not like they are getting a lot of big gratitude from Adobe, if you’re following the Adobe evangelists, they take every opportunity to take a stab at Apple’s app.

Fact of the matter is: PDF is broken. Becoming a jack of all trades, master at none.