A secure democratic Net is a fundamental right

While going with Didier Stevens through the different possibilities of defence against the javascript based attacks against PDF reader, we were running in problems

* only opening pdf files in the browser and setting the browser to noscript would not help

* using other PDF readers instead of the one from ADOBE would not always help

* using a sandbox would not always help

* a HIDS would not always help

because the javascript is called from within the document and not from an application

but before I ran into the wall and decided to look for a tool that would convert every pdf file into something else, it hit us  You could TURN OFF the javascript function in the PDF files which is activated by default (maybe Adobe should do it the other way round, like microsoft is doing)

This is where you can desactivate javascript in your PDF reader so that malware javascript in PDF files won't attack your computer

It will ask over and over again to put it on again, just say NO. You normally don't need javascript to read documents. Developers should also learn to make documents with and without javascript. They would also understand that javascript is one of the most powerful languages in IT that could bring whole systems with only a few lines of code. Bringing javascript into the picture is like playing with fire in the forest during summer.

Maybe Adobe should fix this "activate javascript" nagging and look for a way to make documents work even if not all interactive functions are activated.