2 Replies Latest reply on May 1, 2009 11:22 AM by Cagekicker

    Disabling JavaScript


      Currently there are two unresolved vulnerabilities in Adobe Reader and Acrobat JavaScript function. It's recommended to disable JavaScript, but when you do disable it- it prompts the user with the following dialogue box: "This document contains JavaScripts. Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled." There's no option to turn off this popup, which means it's still left up to the user on whether they want to possibly compromise the box or not.


      Now, I'm not just dealing with my home computer here, I'm dealing with an Enterprise class network with approximately 400 users..most of which will see the popup, read it and select yes in order to get away from the hassle of being asked this...every time they open a PDF file. This also means that when a user selects "yes", they are effectively bypassing the reason for having set it to disable JavaScript. This is working against what System Administrators are trying to accomplish by protecting their systems against vulnerabilities and possible attack. There are no other options that I can find providing a way to actually lock down this setting and make it "silent" for users...


      Anybody have any ideas?  Adobe, can you please do something about this setting and add a function to make it run silently to the end user?

        • 1. Re: Disabling JavaScript

          Adobe provides terribly insecure software.  I would suggest switching to something else -- it is inevitable the new "patched" version will have a new vulnerability.


          Is Adobe bribed by malware authors to leave intentional holes in their software?

          • 2. Re: Disabling JavaScript
            Cagekicker Level 1

            If you can't contribute something meaningful to my question and situation other than the lack of security gibberish, don't reply, please. Go troll your own post in the forums.  http://forums.adobe.com/thread/426908?tstart=0   (For anyone else who wants to just post their opinions and not a solution, here's a good place to do so).


            I'm looking for a solution to the work-around issue, not debating how unsecure their software is and how vulnerable the next patch will be. "Go to something else"...is not a solution that will work in my case.