• Home page
• News
• About
• Services
• OpenOffice.org
• Contact
• Links
• Site map
  

  

  
  Contributor, Consultants Directory maintainer.

  
  Authorised reseller

  
  RSS?

Securely installing Adobe Acrobat Reader

Adobe's Acrobat Reader gets a lot of attention from malware writers as the PDF specification allows for all sorts of fancy features including running code (JavaScript), starting external programs and embedding media, such as video files. This leaves it open to a wealth of potential for exploitation and in my experience it's a common vector for malware infection. I have found that the PDF reader alternatives don't offer a consistent and reliable enough replacement to Acrobat Reader, and updating them is a manual process, which gives them an element of insecurity. Installing Acrobat Reader with a proactive set of instructions to harden it goes a long way to improve a computer's security.

Whenever I install Acrobat Reader I use a customized installer created with changes I've made using Adobe's Customization Wizard, integrate any updates and add a few other changes. This method disables, and in some cases locks-out, a lot of the features of Adobe Reader that are used for exploitation. Despite these changes I have not come across any PDF documents that are impaired or unreadable. I've installed it on many computers and have never had word from any of my customers that it prevents them from doing anything they need to. I use this installer to also set Acrobat Reader to automatically download and install updates and remove the Desktop and Start Menu icons (which I find superfluous).

This method has many advantages over manually making changes via the user interface:

• Less chance to change a setting incorrectly, or forget to change any
• Most settings apply to all user accounts. Making changes via user interface only applies changes to the user account it's applied with
• Locks-out changes to some of the settings. I have come across quite a few instances where manual changes have reverted back to their default state
• Helps prevent users from being hit by social engineering trickery which would otherwise cause them to allow or enable some features

I'd like to offer a complete installer but would rather not fall afoul of legal attack dogs. I can offer the changes though, alongside instructions.

• Download the necessary files:
  • Download Acrobat Reader's full installer. The "normal" download method on their site is unsuitable for this type of installation
  • Download the patch to version 9.3.1
  • Download my customization and installer files. There are two types: a browser-enabled installer if you want to be able to read PDFs in your browser window and a browser-disabled installer if you don't mind the extra steps of saving PDFs and opening them. In my opinion this extra step is worth it as it makes drive-by infection much more difficult

• Prepare the files for installation:
  • Extract my installer files somewhere easy to find, for example the Desktop
  • Open the Adobe Reader installer, accepting the UAC prompt if you're a Windows Vista or Windows 7 user.
  • Once the Adobe Reader installer has extracted its files it will present you with a "Destination folder" window. Leave this open and open My Computer
  • Navigate to the location of the extracted Acrobat Reader files. The easiest way to do this is to copy and paste the following into the My Computer address bar:
    For Windows XP: %userprofile%\Local Settings\Application Data\Adobe\Reader 9.3
    For Windows Vista and Windows 7: %localappdata%\Adobe\Reader 9.3
    Hit return or click the arrow to the right of the address bar
    You should see "Setup Files" listed
  • Copy the "Setup Files" folder to the Desktop and then close off the My Computer window
  • Move the patch file you downloaded (AdbeRdrUpd931_all_incr.msp) into the Desktop copy of "Setup Files"

• Install Adobe Reader:
  • Press "Cancel" on the Adobe Reader setup window, confirm the prompt then click "Finish"
  • Navigate to where you extracted my installer files and into the "Proactive Services installer" folder. You should see four files. Copy all of them into the "Setup Files" folder, overwriting the existing files.
  • Navigate to the "Setup Files" folder
  • Double-click on "Proactive Services installer.bat" and if using Windows Vista or Windows 7, accept the UAC prompt.
    If you already have a version of Acrobat Reader earlier than 9 installed, your existing Acrobat Reader will automatically be uninstalled
    If you already have Acrobat Reader 9 installed, you'll be prompted with "Setup will allow you to remove..." etc.
    • Click "Next"
    • Check the "Remove" setting, click "Next" then "Remove" and "Finish" once completed
    • Once the uninstallation has completed, double-click on "Proactive Services installer.bat" again and if using Vista or Windows 7, accept the UAC prompt.

• You can delete all of the files you downloaded once the installation has completed

That's it! You should now have a more secure Adobe Acrobat Reader installed on your computer. If this guide has helped you please contact me to let me know.

"Adobe" and "Acrobat" are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.