The PDF is dead, long live the PDF

By Tim Anderson
Technology journalist

Image caption,
The software has constantly evolved to include more capabilities

Seven years ago PDFs were declared "unfit for human consumption" by usability expert Jakob Nielsen. it has also been criticised for several high-profile security flaws.

Yet, use of the document format has exploded. There are now more than 160 million PDF documents on the web according to Adobe, the company which invented the format.

And the firm has just released the tenth version of the official software for creating PDF documents, along with a new version of the reader software.

Its aim is to hit back a some of its critics and to root PDF more firmly into the web.

"We wanted to make the in-browser experience much like any other web content," said Adobe's Mark Grilli.

Criminal target

The format's popularity is, in part, down to publishers who like it because it keeps even complex page layouts unchanged, no matter what web browser or operating system is used to view them.

By contrast, a webpage may look different according to your computer setup.

That could be a disaster for something like a repair manual with carefully positioned diagrams and instructions.

PDF solves the problem. It also prints reliably.

The problem is that a web browser cannot display a PDF document directly. The main language of the web is HTML, not PDF.

This meant that - until now - reading a PDF document triggers either a browser add-on that takes over the web page behind the scenes, or a downloaded file which opens in a separate window.

The latest version of the software - Adobe Acrobat X - attempts to solve those problems.

Now, when someone open a PDF page in a web browser, it will no longer show its own menu and toolbar: just the content, with a floating controller for navigating pages.

It is the latest change to a format that has constantly evolved.

Over the years, Adobe has added various capabilities to the documents such as the ability to embed multimedia content created using Flash software, as used in many web pages.

"The idea of a document has changed," says Grilli. "It's no longer just a piece of paper."

But the increased capabilities of PDF and its reader software has a downside

"It's not unusual at all for cybercriminals to plant malicious code inside PDF files, and use them as a distribution model for an attack," says Graham Cluley at anti-virus firm Sophos.

"The problem is compounded by the public's belief that PDFs and other documents are somehow safer to open than, say, program files.

"If there weren't quite so many bells-and-whistles in the PDF file format it would be targeted a lot less often."

'Child's play'

Adobe's Brad Arkin, senior director of product security, said these claims are unfounded.

"There is nothing inherently insecure in the PDF format", he told BBC News.

Mr Arkin says the same problems are faced by any software that accepts content from the internet and displays it to the user, whether it is a web browser, a multimedia player, or Adobe Reader, all of which have suffered from security vulnerabilities.

He also said that the latest Reader is more secure.

"Version X is night and day different and better," he said.

The main reason for his confidence is a new feature which places an invisible barrier between the document and the user's computer, preventing it from storing any permanent data there.

This is known as a "sandbox", so named because it is like letting a child play in a sandbox where he cannot do harm.

The sandbox is a feature of the new Windows Reader, not a change in PDF itself.

Uses will need to upgrade, and it will not help those using alternative computers or software to view PDF documents - though Arkin says Windows is the only operating system under attack.

"I doubt it will be the end of security issues," said Mr Cluley. "Even if the sandbox is perfect there will still be ways of kick-starting malware infections and malicious attacks via PDF files. Nevertheless, it's a development which should be welcomed."

Related Internet Links

The BBC is not responsible for the content of external sites.