Educause Security Discussion mailing list archives
Re: Disable Adobe Reader javascript?
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Thu, 30 Apr 2009 10:17:25 -0400
2009/4/29 Gary Flynn <flynngn () jmu edu>:
Anyone ever heard of problems after disabling javacript in Adobe Reader or know of it commonly being used? We're considering pushing it as policy to managed workstations due to the frequency of security defects discovered and exploited in Adobe Reader. Two zero days since the beginning of the year.
We've had javascript disabled in Reader/Acrobat for this term with no issues. We pushed it out as policy at the beginning of the term and disabled it by default in our build images. In the weeks leading up to the push we sent emails to faculty/staff letting them know what was going to happen, why we were doing it and gave information about how to enable it if necessary. We realise that means that yes, some of our users did turn around and re-enable it but having it disabled on the bulk of faculty/staff machines and having it disabled on our public access/laboratory machines with minimal blowback from those two (arbitrary number) faculty members that use flash-embedded pdfs was worth it. kmw -- Kevin Wilcox Network Infrastructure and Control Systems Appalachian State University Email: wilcoxkm () appstate edu Office: 828.262.6259
Current thread:
- Disable Adobe Reader javascript? Gary Flynn (Apr 29)
- <Possible follow-ups>
- Re: Disable Adobe Reader javascript? Vincent Stoffer (Apr 29)
- Re: Disable Adobe Reader javascript? Eric C. Lukens (Apr 29)
- Re: Disable Adobe Reader javascript? Irish, Adrian L (Apr 29)
- Re: Disable Adobe Reader javascript? Theodore Pham (Apr 29)
- Re: Disable Adobe Reader javascript? Roger Safian (Apr 30)
- Re: Disable Adobe Reader javascript? Kevin Wilcox (Apr 30)
- Re: Disable Adobe Reader javascript? Plesco, Todd (Apr 30)