pdf-logo

Remove Javascript From PDF Readers for Better Security

Portable Document Format – What is it?

This may seem like an obvious question but it is possible that someone out there isn’t sure what a Portable Document Format (PDF) file is.

The Adobe Acrobat Product line and the PDF file date back to the early 1990’s. In the past two decades the PDF has become the de facto standard for the exchange of electronic documents.

Many times when downloading a document from the internet you will receive a message saying that you will need Adobe Acrobat Reader to access the PDF file. Most likely, they will also kindly provide a link for you to download that program as well.

The truth of the matter is that you don’t have to use the Acrobat Reader; in fact, I advise against it. My reasons are numerous but the main one is that once installed, it is nearly impossible to be rid of it. Acrobat spreads its many tentacles throughout your computer. Even after an uninstall, remnants of it remain all over your system. I don’t like that. When I uninstall a program, I want it to be gone.

Other reasons for angst: The free version is crippled. There is no portable version I am aware of. It costs a whopping $199 (US) to get the full version. The list goes on…

There are many free alternatives that, in some cases, work better and offer more features than Acrobat Reader. Some are even Portable which means they don’t require any installation at all.

Why Javascript? Why disable it?

“JavaScript is particularly useful for XML forms. JavaScript enables automated forms handling, Web and database communication, commenting, and user-interface capabilities.” ~ Adobe

Although Javascript makes it easy to manage forms in PDF files, it is yet another doorway for the Bad Guys to infiltrate your computer. For that reason I am recommending you disable Javascript in your PDF reader of choice. If you don’t need it, lose it.

Some Popular Alternative PDF Readers

When I do a search for “free pdf readers” on the internet I get an astounding 37 million+ results. I won’t be talking about them all today. Sorry.

I’m going to tell you how to disable Javascript in three of them. I’m sure that if your favorite reader is not on this short list, and your PDF Reader supports it, you will be able to find a menu item somewhere that will give you options similar to the ones I’m about to discuss.

I’ll begin with the one I don’t use.

Adobe Acrobat Reader

  1. Under the Edit Menu, choose Preferences
  2. Click Javascript
  3. In the window that opens, uncheck Enable Acrobat Javascript
  4. Click OK and you’re done

Since I provided links to the following PDF Readers, I thought it would only be fair to offer a link here as well. This will take you to a fun video I saw the other day: How to get your dog’s attention

 

FoxIt Reader

  1. Under the File Menu, choose Preferences
  2. Select Trust Manager
  3. In the window that opens, uncheck Enable Javascript Actions
  4. Click OK and you’re done

FoxIt PDF Reader comes in both 32-bit and 64-bit versions. A Portable version can be found as well. If you would like to read a little about FoxIt PDF Reader, you may do so at this FoxIt Page.

 

PDF XChange Viewer

  1. Under the Edit Menu, choose Preferences
  2. Select Javascript
  3. In the window that opens, uncheck Enable Javascript Actions
  4. Click OK and you’re done

This PDF Reader is the one I use. It comes in 32-bit and 64-bit flavors, and a Portable Version can also be found at the Tracker Software Site.

Conclusions

The PDF is everywhere. You may receive them attached to your eMail. You will certainly see them on the many web sites you visit. Hardware and software manuals abound—all using the PDF.

The very fact that we see them every day can make us stop thinking about them. I can assure you the Bad Guys don’t stop thinking. Javascript allows a malicious person to inject malware into your computer when you open the file.

Even if the eMail attachment is from a trusted friend, he/she may be oblivious to the fact that he/she not only just infected his/her computer but is about to do the same to yours.

Always close any security holes that you are aware of. In this case, it’s a simple matter of making a small change to a very useful program.

Richard

4 thoughts on “Remove Javascript From PDF Readers for Better Security”

  1. Robert Bowen

    Thanks for the tip. I uninstalled Java (jre) on the advice of a How-to Geek newsletter, but nothing was said about JavaScript being a security risk. I use Windows 7 Pro SP1 – desktop PC. Is JavaScript a security risk on a desktop? Thank you for the article Richard. I use the free Nitro, which I find meets my every need .
    Greetings from South Africa!

    1. Hi Robert,

      I am most certainly not a security expert. My best take on this subject is that Javascript is not necessarily a security risk in and of itself.

      The risk regarding PDF files is that malicious Javascript code can be utilized within these files without your knowledge. As I pointed out in the article, if you don’t need Javascript enabled in your PDF reader, then disable it.

      Java and Javascript are NOT the same thing. Java has of late proven to be a terrible security risk. I strongly recommend removing Java from your computer. The odds are that you won’t miss it at all except for very specific purposes.

      If you find that you must have Java installed for a particular web page to function properly, then might I suggest a Firefox add-on called QuickJava (it may be available for other browsers as well). This plug-in will let you switch Java on and off with the click of a button. Disable Java if you don’t need it at the moment and only enable it for that particular page.

      Javascript, on the other hand, has not been in the news for security reasons that I am aware of other than the PDF situation mentioned here.

      I am not familiar with Nitro so cannot give you any knowledgeable advice or opinions about that reader.

      Greetings back at you from Wisconsin, USA 🙂
      Richard

  2. Hi,
    With Foxit Phantom PDF
    Click Tools, Preferences, scroll down to JavaScript.
    open Java script, unclick enable JavaScript, click OK
    Done

    1. Hi Ralph,

      Is FoxIt Phantom PDF a different animal (business model?) than your basic FoxIt reader? Or did I make an error somewhere…

      Thanks for the tip,
      Richard

Comments are closed.

Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!