There’s something to be said for not going with the crowd, when it comes to securing your computer.
Just think about it – substantially more malware is written for Windows than there is for Mac or Linux.
Similarly, we see frequent attacks against the likes of Java, Adobe Flash and Adobe’s Acrobat PDF reader because they are so widely used. The malicious attackers like it when the whole world is using the same software, as it increases their chances of a successful attack.
And for that reason, some people use alternative software – such as Foxit Software’s PDF reader.
The thinking is that if online criminals exploit a security vulnerability in Adobe’s PDF software, it may not be also present in the Foxit reader.
That doesn’t mean, of course, that alternative software is immune from security vulnerabilities. As a case in point, a vulnerability was found in Foxit’s browser plugin earlier this month.
No malware appeared in the wild that exploited the bug, but Naked Security’s Paul Ducklin examined and explained the vulnerability in some detail. He wrote that “the [bug], which is a side-effect of a stack overflow, pretty much lets you write to a memory location of your choice. That’s not good.”
But there is good news now, namely that Foxit has responded to the vulnerability with an update.
You can either go to Help|Check for Updates in the Foxit reader software, or download the latest version (5.4.5) directly from Foxit’s website.
When I tried, however, I couldn’t reach Foxit’s website to download the software:
It’s unclear quite what the problem is with Foxit Software’s website, but hopefully they will be able to fix it soon for the benefit of their users. Of course, just because the website is down doesn’t necessarily mean that updates requested from within the product are necessarily impacted.
(If you are having trouble getting the update, don’t forget that Duck’s article includes instructions for a simple mitigation you can use to tide you over.)
An advisory from Foxit is allegedly published here, but I can’t get to it.
There’s something to be said for not going with the crowd, when it comes to securing your computer.
But you best have your fingers crossed that your alternative providers’ websites don’t fall over when you need a security update.
Good luck to those of you who are Foxit users. Update as soon as you can.
Update at 2013-01-22T10:56+11. As mentioned in the comments, the Foxit site seems to be fine now. Go get that fix!