NICE. Thanks Dave yes, a search for "number of PDF vulnerabilities" helps me a lot!
From: David [mailto:[email protected]] Sent: Friday, November 04, 2011 11:08 AM To: NT System Admin Issues Subject: Re: So...I need to pitch the Adobe upgrade I think there are some stats available (maybe atSANS) the document the rise in PDF vulnerabilities over the last months, it's pretty dramatic if I recall correctly. OTOH, Acrobat X has changed its interface substantially, it's become 'dumbed down' and our users aren't especially excited about it. Probably still better than existing with all the attack vectors on PDFs though. David On Fri, Nov 4, 2011 at 10:35 AM, David Lum <[email protected]<mailto:[email protected]>> wrote: We have at least 40 users who actually need the full version of Adobe Acrobat and potentially over 200. What I need to do is justify the cost to management and, being security related, means I have to come up with some kind of risk analysis to justify it. Can y'all help me with this? I am not great at thinking about the kinds of Q's management would ask. "Adobe has stopped support for version 8 of Adobe Acrobat (Reader, Standard, and Professional) this means they no longer are releasing security updates for this version. Currently we show an installed base of 250 systems which means we have this many systems that will become increasingly vulnerable. What are they vulnerable to? The malware a PDF can carry almost any kind of malware, virus, spyware, etc and is not limited to a "can only mess with other PDF's" kind of vulnerability. PDF's are a *very* common document exchange format, and a PDF file can deliver malware just as easily as visiting a website. In fact, opening a PDF from the Internet is the most likely form of compromise so the odds of compromise go up with each opening of a PDF file. It's worthy to note many PDF vulnerabilities are operating system agnostic - Mac and Windows machines are equally vulnerable. Our options are to leave the systems as-is and accept the risk of compromised systems, or to upgrade to the currently supported version of Adobe. In my opinion the potential security risk greatly exceeds the cost of upgrading the necessary systems to Acrobat X Standard which is fully supported with security updates until Nov 15, 2015" David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- David _____________________ "Remember that democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet that did not commit suicide." --John Adams, letter to John Taylor, 1814 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
