Some rich clients deliberately ignore parts of the format. For example, the Windows-based Sumatra client did. It seems to have been acquiring more features in the last few releases, and I'm not sure of its current state. But in the past it has been useful for example in that it simply doesn't run embedded Javascript. Or Flash.
That's been my personal approach, such as it is, to the need to deal with some PDF files from third parties. I look for the environment that does no more than render the static page content.
Somewhat akin to using NoScript in the browser. I only execute when I need to, and then from a source for whom I have some trust.
I recently had to clean up some business systems belonging to a relative whose employee ran an infected PDF. By avoiding execution, I was able to examine the PDF and show them how it was indeed the source of their problems.
Unfortunately, these "business users" still have limited will to learn the techniques to avoid such problems. I've made some impression, but the Adobe PDF format is still a time bomb ticking away in the midst of their organization.
I'll mention that, for casual browsing, I use an extension that redirects PDF URL's to Google's Document Viewer (while not signed in to Google). Again, I get (usually) the static view without having to trust or execute the file on my own system. Thanks, Goog!
(Note that I don't do the latter with documents containing sensitive/personal information.)
That's been my personal approach, such as it is, to the need to deal with some PDF files from third parties. I look for the environment that does no more than render the static page content.
Somewhat akin to using NoScript in the browser. I only execute when I need to, and then from a source for whom I have some trust.
I recently had to clean up some business systems belonging to a relative whose employee ran an infected PDF. By avoiding execution, I was able to examine the PDF and show them how it was indeed the source of their problems.
Unfortunately, these "business users" still have limited will to learn the techniques to avoid such problems. I've made some impression, but the Adobe PDF format is still a time bomb ticking away in the midst of their organization.
I'll mention that, for casual browsing, I use an extension that redirects PDF URL's to Google's Document Viewer (while not signed in to Google). Again, I get (usually) the static view without having to trust or execute the file on my own system. Thanks, Goog!
(Note that I don't do the latter with documents containing sensitive/personal information.)