Skip to main content.

Update (11/11/2005): Today I received an e-mail from Adobe saying that in 7.0.5 (which is not available for Unix systems yet), they show a dialog for every HTTP request. And yes, they do so, which obsoletes most of this page.

How to stop it — the easy solution

The easy solution would be stop using Adobe/Acrobat reader altogether and start using an alternative viewer. Personally, I prefer xpdf, which is available for various Unix-like operating systems and various other operating systems and has some nice features. There are a bunch of other viewers available for Linux & Co, which might be worth a look at. As for Windows, I don't really know what to recommend, the only (really) free alternative would be ghostview, I guess. Keep me posted if you have a better solution. On Mac OS, you can always use Preview app, which seems to be quite nice.

How to stop it — the hard way

If you need your Adobe/Acrobat reader for whatever reason, or just like its features (why can't xpdf have a continuous page layout as well?), you can do it the hard way: disabling the relevant parts of the application.

Disabling Javascript

The first idea at hand would probably to disable Javascript at all, as you might be used to from your browser. Unluckily, after disabling Javascript, every time you open a PDF which has Javascript code embedded, you are bugged with a notice asking you if you want to re-enable it. And of course its default is set to yes. So much for that.

Removing the plugins

Locate your plugin directory (under Linux it is at /usr/local/Adobe/Acrobat7.0/Reader/intellinux/plug_ins) if you use the default installation path and remove it. Now you no longer have any plugins (which might impact the usefulness, but it sure is still as useful as any other PDF viewer) and thus you can not exec Javascript anymore. You will be bugged every time you open a PDF with embedded Javascript, but at least reinstalling is not so easy any more. The easy way to do this under Debian is using the marillat source and installing just the acroread package (acroread is split into acroread and acroread-plugins there).

Another hard (or rather paranoid) way would be to filter each and every PDF you ever open and convert them to another format, possibly Postscript or some raster image format. An easier way of filtering would be something like replacing every occurence of /JS with /KS in the PDF (for example using sed -e 's/\/JS/\/KS/g'). This actually works nicely, but then you'd have to do it for any PDF you receive.

How to not do it

Several people have suggested just blocking the applications access to the net (via a personal firewall or iptables, for example). This is not simply a bad idea because it uses personal firewalls (repeat after me: “A firewall is a computer security concept, not a piece of software”), but also because when the PDF is viewed from within a browser window, the browser actually makes the HTTP request (which you probably allowed it to do), not Adobe/Acrobat reader!