Skip to main content
D
daniel_guibord
Inspiring
May 4, 2018
Answered

Unclear what security is provided by Adobe Reader’s “Enable Protected Mode at startup” function

  • May 4, 2018
  • 4 replies
  • 5207 views

Adobe employees, please read: The only people who can possibly answer this question are Adobe programmers in charge of Adobe Reader’s security functions. Adobe programmers, If you could answer this question it would be much appreciated.

Protected Mode function is unclear from reading Adobe Acrobat Reader Learn & Support

Protected Mode function: Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Sandbox Protections

Very approximately 95% or more of PDF documents downloadable from the Internet are simple text documents.

It is unclear what security is provided by Adobe Reader's Enable Protected Mode at startup function. This function is available in Reader DC. Not sure about previous versions.

Example: For simple text documents such as found here (http://gahp.net/wp-content/uploads/2017/09/sample.pdf), if the document contains malicious code, will the Protected Mode function alone stop the malicious code, or must the Protected View function also be enabled?

This is an important thing to know. Because if you download a PDF document from an Internet source (e.g., from a PDF document exchange website) of which you are unsure as to whether you can trust or not the author of the PDF document, you can only use the document in Protected View mode — unless you want to put your PC at risk. And that renders unusable any third-party add-on tools that use JavaScript.

Thank you very much,

Daniel Guibord

This topic has been closed for replies.
Correct answer daniel_guibord

With the following settings, the add-on tools work, and I’m reasonably certain that no JavaScript can be executed, other than that of add-on tools and APIs. Reference: Acrobat XI Help | JavaScripts in PDFs as a securityrisk

See also: Application Security Overview — Acrobat Application Security Guide

1- Adobe Reader DC > Edit > Preferences... > JavaScript > Enable Acrobat JavaScript (unchecked)

That disables all JavaScript, except the one that Adobe Reader DC can access in Privileged Locations as per the last line below.

2- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Enable Protected Mode at startup (checked)

3- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Protected View (Off)

4- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Enable Enhanced Security (checked)

5- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Automatically trust documents with valid certification (unchecked)

6- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Automatically trust sites from my Win OS security zones (unchecked)

7- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Folder paths: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts

4 replies

T
Test Screen Name
Legend
May 5, 2018

If only protecting software was possible by just choosing not to do stuff. A history of hackers shows us that hackers are, if nothing else, ingenious. For example back in 2004 we have this report on a JPEG-based attack: JPEG exploit could beat antivirus software - CNET . Now, JPEG files are pictures, and JPEG viewers are written only to view pictures. But the attack would allow bad people to overwrite part of the JPEG viewer with their own software, which could do other, bad, things.

D
daniel_guibordAuthorCorrect answer
Inspiring
May 5, 2018

With the following settings, the add-on tools work, and I’m reasonably certain that no JavaScript can be executed, other than that of add-on tools and APIs. Reference: Acrobat XI Help | JavaScripts in PDFs as a securityrisk

See also: Application Security Overview — Acrobat Application Security Guide

1- Adobe Reader DC > Edit > Preferences... > JavaScript > Enable Acrobat JavaScript (unchecked)

That disables all JavaScript, except the one that Adobe Reader DC can access in Privileged Locations as per the last line below.

2- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Enable Protected Mode at startup (checked)

3- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Protected View (Off)

4- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Enable Enhanced Security (checked)

5- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Automatically trust documents with valid certification (unchecked)

6- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Automatically trust sites from my Win OS security zones (unchecked)

7- Adobe Reader DC > Edit > Preferences... > Security (Enhanced) > Privileged locations > Folder paths: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts

D
daniel_guibordAuthor
Inspiring
May 7, 2018

Now that I have your attention

THIS  POST  IS  FOR  THE  FORUM  MODERATOR

RE: my post on May 4, 2018 4:18 PM.

Please delete the last sentence "In my case here. I'm looking at, ... 20 years" up to the end of the line. It is causing me problems.

Thank you for your understanding,

Dan Guibord

T
Test Screen Name
Legend
May 5, 2018

Your classification of “simple dicuments“ as less threatening is flawed for the reasons I have said. I will not repeat myself. I recommend you employ maximum security if it works for you.

I don’t think you appreciate either that we are dealing with possible futures. There are no known weaknesses that any document can use.

T
Test Screen Name
Legend
May 4, 2018

What is special about a  "simple PDF document composed only of text"? Do you think a malicious document will have special graphics or a warning sign? Malicious stuff would be hidden inside a PDF, using a kind of attack not yet imagined (because if it was imagined it would be prevented). Nobody can answer your question because the malicious functions are theoretical.

D
daniel_guibordAuthor
Inspiring
May 4, 2018

What's special about a "simple document composed only of text" is that it contains no field to fill out or buttons that the reader can click on, and other interactive features that can be part of PDF documents.

Hence, if such simple documents containing malicious code can be completely neutralized with only the Protected Mode function — regardless of malicious code —, then for such simple documents the Protected View function is not necessary. Then, it is possible to use third-party add-on tools with these type of simple documents.

Otherwise, Protected View must be used to stop malicious code that may, as an example, read files on the user's PC and send these files over the internet to criminals (e.g., pirates located in foreign countries).

So, not knowing the capabilities of Protected Mode in stopping malicious code for simple documents, third-party add-on tools cannot be used with some simple documents downloaded from the Internet, unless the user is willing to put his PC at risk. (Text removed by moderator).

try67
Community Expert
try67Community Expert
Community Expert
May 5, 2018

PDF files are not like text documents. It makes absolutely no difference if a PDF contains "only text". In the background it can have a bunch of other things that are hidden from view, unlike with a plain-text file. Attacks that come from PDF files don't rely on interactive objects like form fields, but on flaws in the application and/or the file structure to sneak in code that does things that it should not be doing. It might abuse things like a Flash component, or JavaScript code, but those can exist even if there's only text on the screen.

Anyway, no Adobe programmer is going to reply to your question. First of all, because they don't hang around on these forums, and also because they're not going to say to those who try and cause harm what will and won't work...

    Steve Werner
    Community Expert
    Steve WernerCommunity Expert
    Community Expert
    May 4, 2018

    You may find this Help file helpful:

    Protected View feature for PDFs (Windows), Adobe Reader

    Because PostScript is a programming language and PDF  is derived from it, it can be misused. I think here's the take-away:

    "provide an added layer of security. In protected mode, malicious PDF documents can’t launch arbitrary executable files or write to system directories or the Windows Registry."

    D
    daniel_guibordAuthor
    Inspiring
    May 4, 2018

    Steve,

    I’m not sure if I can trust Adobe’s information on this: "provide an added layer of security. In protected mode, malicious PDF documents can’t launch arbitrary executable files or write to system directories or the Windows Registry." Because, if you put the same question in a different way, you’ll see the ambiguity; here it is:

    For a simple PDF document comprised of text only such as http://gahp.net/wp-content/uploads/2017/09/sample.pdf, and which document would have malicious code embedded into it, what malicious functions can Protected View stop, that Protected Mode alone cannot stop?

    T
    Test Screen Name
    Legend
    May 4, 2018

    A malicious document would of course LOOK ENTIRELY INNOCENT. These are to protect against future undiscovered threats, not current malicious files. It’s about making it harder for the bad guys in future. Sandbox is standard programming practice these days, look it up in Wikipedia. No need to hear from Adobe programmers, who you also say you don’t trust.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices