This information is for Acrobat Professional users in Windows XP. I don't know if it
is valid for PCs using only Acrobat Reader.
Adobe is wrong but that doesn't mean we have to live with their problem.
Since when does anyone open attachments from unknown or unsolicited sources?
Some zip files can be or contain executables (.exe) but that is no excuse for not
knowing where your emails or files come from and not having up to date virus software.
Adobe did not disallow zip file attachments, they just buried the enable so deep
that the average user would never find it and using an editor (regedit) that most users
have never heard of. As far as I am concernced, without any word from the Adobe
Tower, this is pure marketing.
I have inserted a jpeg photo that shows, for Windows XP, where to find the hidden enable
and how to edit to allow opening OR saving (recommended) zip files. This is the
file I have been passing to my Engineers and suppliers. The information comes from
a help call I put in to Adobe.
Editting the registry is not difficult, you just need to be sure that nothing unusual
happens while editting the text or saving after done. Have an IT person or other
superuser do the edit if you are unsure. After editting and saving, select BuiltInPermList,
then pulldown File and click Export. This produces a one-click edit that will fix the
problem on any Windows XP computer.
Adobe is also blocking rar, tar and tgz compressions.
This edit needs to repeated anytime Acrobat is reinstalled.
There's no point in manually configuring your system to allow compressed file attachments if your recipients won't be able to open them. There are valid security reasons why ZIP, RAR, etc. are disabled by default, and while it's possible to override that decision it's not a practicable workflow for a file you intend to distribute to a general audience.
But it is an ideal way to transport under 5M of machine or computer files on a pdf drawing between companies doing
business together via email. There are valid securtiy reasons for not driving to work too. What is needed is a positive
'how to' and a little less corporate 'can't do'. If Adobe were not sensitive to thousands of users, why the phase-out?
Why not just disable these files completely?
I'd suggest helpful topics on setting up FTP, remote 3rd party servers and cloud connections with business partners.
I can't discuss precisely how compressed files can be used to attack a system, but one reason for the change is that many enterprise AV software operating at the firewall/mailserver level cannot reliably extract and scan the contents of a ZIP file which is itself inside a PDF - if the individual user who opens the file hasn't got strong desktop-level protection or the malicious attachment is a trojan rather than a virus, it can run riot. It's the same reason that malicious files shared through P2P tend to be ZIPs inside RARs inside RARs...
Adobe has always worked hard to ensure the PDF format is as trustworthy as possible, and where appropriate has restricted features of its software when the balance of probability suggests that feature will be used for malicious intent. There's nothing to stop someone putting a PDF inside a ZIP (which is easily scanned by AV software), it's just putting a ZIP inside a PDF that's disabled. Yes, the blacklist is editable for special situations, but the default block is to protect the type of user who is least able to understand the implications of opening the attachment.
I'm sorry, but this is extremely frustrating, especially since my current bank insists on sending me PDFs with a Zip file embedded, except I can't extract it, because Adobe Acrobat doesn't even allow the option for doing so.
I'm not tech savvy enough to edit the register without messing something up, and I've been unable to install older versions of Acrobat on my PC. Does anyone have a link to an older version of Acrobat that I can download that will let me open up zip attachments in PDFs?
I'm afraid the fault is with your bank - they are using a combination of formats which is not supported by Adobe Reader and has not been for some time. Given Adobe Reader dominates the PDF consumption market on desktops, they need to change their workflow to reflect what is and is not allowed. There's no reason why a PDF attachment needs to be ZIP compressed; if it's a size issue then they should add the attachment to the PDF and *then compress the PDF*, or deliver it as a standalone file.
It was a security-related decision to remove the support for compressed attachments, so it's intentional that bypassing it is not easy. The registry entries that control blacklisting are designed for enterprise users who have a closed-loop workflow that has to support files which would otherwise be untrustworthy, but changing the blacklist and then opening files from general circulation is, to say the least, not recommended.
Back in 2005 while writing my thesis (with LaTex) I compiled the source into a nice PDF.
Under Acrobat Pro 6.x (or was it 7.x already?) I decided for more safety to attach a zip archive of the source code to my beloved printer-ready pdf. 6 years later, I'm working at a university and would like to reuse part of *my* old code, still embedded somewhere in *my* original PDF (along with a ppt of my oral defense which, possibly, contained harmful macros, but who cares).
Oh, wait. Adobe now prevents me to do it. Can save the ppt, can't save the zip. You can't explain that.
And unfortunately I cannot mess with the registry. You see, this little dirty hack would precisely be a security breach if any end-user can access the windows registry (to disable antiviruses, firewalls... for instance). So our admins forbid it, and Adobe does not offer any solution to what is an otherwise trivial feature found in any email software out there (= save attachments after eventually displaying a warning message, running them through the installed antivirus, or...).
This unilateral "security" gibberish from Adobe is just plain nonsense. If the folks at Adobe think their user basis is made of dummies (hmmm, could very well be!) and are so concerned with the safety of the aforementioned, let's just include an optional anti-malware module within Acrobat. They could even charge for an Adobe Antivirus, tee-hee-hee.
CEASE FIRE !
==> there is no need to previously ZIP an attached file since a PDF-attachment is still zipped !
Seach for "ZIP files in PDF Portfolios" on this page: http://blogs.adobe.com/pdfdevjunkie/category/acrobat/pdf-portfolios/page/2
It's about Portfolios but it's exactly the same thing for "single" PDF files.
You should also Google-translate this french page: http://abracadabrapdf.net/articles.php?lng=fr&pg=637
The attachments navigation panel gives these infos in Reader and in Acrobat: "Size" and "Compressed size" are displayed.
Here is a (french) screengrab:
(Fichier means File, Taille means Size, Taille compressée means Compressed size, and Ko means Kb)
Message was edited by: JR_Boulay
The point of attaching an archive file like .zip is not the compression, we all know that PDF does this for us.
The reason is to be able to keep your attachment count low and preserve any folder structure present in the zip-compressed files. I tried for example to attach the source of my thesis to the final PDF file: thats around a dozen LaTeX files, dozens of images, bibliography, tables, diagrams, etc -- all distributed and organized over a clear folder hierarchy...
You cant be suggesting to manually attach each and every one of these files, therby also losing the correct folder structure?
If you need to preserve folder structure you should take a look to PDF Portfolios:
Adobe's Layouts (Themes) built-in Acrobat X and XI are ugly but you can find some nicest here: http://blog.practicalpdf.com/portfolios/
(With a particular mention for the Grid with Preview theme.)
I am ten and what is this?
No, joke aside: I have never heard of such a thing before. I am fairly certain none of my friends and colleagues have heard of or worked with PDF porfolios before.
Then you seem to need some Adobe pro version to even be able to work with it properly. Also it is not clear if all file types are supported, but things like "The files in a PDF Portfolio can be in a wide range of file types created in different applications" do not make me optimistic.
Last but not least, the one important funtionality everyone here is asking for -- extracting the attached content afterwards and saving it to your disk independent of the PDF(-portfolio) it was shipped with -- is not listed on the page you linked and I would bet a fair amount of money that it's not possible...
extracting the attached content afterwards and saving it to your disk
Yes, no problemo.
More: attachments can be edited/saved even if they stays inside the PDF Portfolio.
Any file type can be embedded, except those considered as potential security issue (.zip, .exe, .js, etc.)
Otherwise, the most common workaround is to add another extension to the restricted file type, as MyFile.zip.txt
But the end-user have to be aware of that and must know how to remove it when/after extracting the file.
What is funny is that setting the value 1 for the considered extension has exactly the behaviour one is likely to expect:
- User is warned that the file may be unsafe and is given three choices: open, or permanently set the behavior to Allowed or Prohibited.
- Dialog: "The file attachment filename may contain programs, macros, or virus that could potentially harm your computer. Open the file only if you are sure it is safe. Would you like to: -- Open the file-- Always allow opening files of this type-- Never allow opening files of this type"*
* The user will always be prompted each time a file of the same type is opened, regardless of which option they choose in the dialog. In addition, the setting in the registry will not change.
Why do not use this by default ???
There are three reasons why ZIP archives aren't allowed in PDF files:
- Attachments can be accessed by scripts in a PDF file without the user necessarily knowing what's going on.
- Not all firewall and AV programs will scan attachments to a PDF file, so there's a real concern from enterprises that a malicious file could pass through perimeter security.
- While there is a warning message shown if you manually change the settings, the very people who are most likely to be duped by a malicious file are least likely to read and understand the prompts.
It's not a theoretical risk - before the setting was introduced, malware-laden attachments were very common and quite effective at luring people into opening the file, despite the warnings. Often the PDF file itself looked perfectly genuine, it was only the attachment that contained malware - unlike a phishing email offering you $500,000,000,000 from a Nigerian minister, until you opened the attachment there was no real indication of anything suspicious. By then it was too late.
In a closed environment there can still be advantages to being able to attach ZIPs which is why Adobe allows an enterprise administrator to change the defaults - but this has to happen on both ends, and in turn exposes that machine to malware from outside the enterprise; so it's only suggested for sandboxed networks.