Educause Security Discussion mailing list archives

Re: Disable Adobe Reader javascript?

From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Thu, 30 Apr 2009 10:17:25 -0400

2009/4/29 Gary Flynn <flynngn () jmu edu>:

Anyone ever heard of problems after disabling javacript
in Adobe Reader or know of it commonly being used?
We're considering pushing it as policy to managed
workstations due to the frequency of security defects
discovered and exploited in Adobe Reader. Two zero
days since the beginning of the year.


We've had javascript disabled in Reader/Acrobat for this term with no
issues. We pushed it out as policy at the beginning of the term and
disabled it by default in our build images.

In the weeks leading up to the push we sent emails to faculty/staff
letting them know what was going to happen, why we were doing it and
gave information about how to enable it if necessary. We realise that
means that yes, some of our users did turn around and re-enable it but
having it disabled on the bulk of faculty/staff machines and having it
disabled on our public access/laboratory machines with minimal
blowback from those two (arbitrary number) faculty members that use
flash-embedded pdfs was worth it.

kmw

--
Kevin Wilcox
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu
Office: 828.262.6259

Current thread:

Disable Adobe Reader javascript? Gary Flynn (Apr 29)
- <Possible follow-ups>
- Re: Disable Adobe Reader javascript? Vincent Stoffer (Apr 29)
- Re: Disable Adobe Reader javascript? Eric C. Lukens (Apr 29)
- Re: Disable Adobe Reader javascript? Irish, Adrian L (Apr 29)
- Re: Disable Adobe Reader javascript? Theodore Pham (Apr 29)
- Re: Disable Adobe Reader javascript? Roger Safian (Apr 30)
- Re: Disable Adobe Reader javascript? Kevin Wilcox (Apr 30)
- Re: Disable Adobe Reader javascript? Plesco, Todd (Apr 30)