How to Disable JavaScript in Popular Free PDF Readers

toggle-button

PDF files with malicious JavaScript embedded in them are a common way to spread malware. One way to defend against such malware is to disable JavaScript in the reader you use unless you need it for a trusted PDF. Here is how to disable JavaScript in the most commonly used free PDF readers. If JavaScript is ever needed, re-enabling it is straightforward in all cases.

Adobe Reader

  1. Open the Edit menu
  2. Go to Preferences
  3. Click "JavaScript"
  4. The dialog box shown in the figure below will open
  5. Uncheck “Enable Acrobat JavaScript”
  6. Click “OK” (not shown in the screenshot”

Adobe PDF Reader JavaScript settings

Foxit PDF Reader

  1. Open the File menu
  2. Click “Preferences”
  3. Select “Trust Manager”
  4. The dialog shown in the figure below will open
  5. Uncheck “Enable JavaScript Actions”
  6. Click “OK”

Foxit PDF reader KavaScript settings

PDF-XChange Viewer

  1. Open the Edit menu
  2. Click “Preferences”
  3. Select “JavaScript”
  4. The dialog shown in the figure below will open
  5. Uncheck “Enable JavaScript Actions”
  6. Click “OK”

PDF-XChange JavaScript settings

Nitro Reader

  1. Open the File menu
  2. Click “Preferences”
  3. Select “JavaScript”
  4. The dialog shown in the figure below will open
  5. Check “Disable JavaScript”. Note that in this icase you have to add a check instead of removing one as in the other readers discussed.
  6. Click “OK”

Nitro Reader JavaScript settimgs

SumatraPDF

This reader does not have many features and does not have any JavaScript settings. I assume it does not support JavaScript but I do not know this for an absolute fact.

Browser Plug-Ins and Add-Ons

In addition to the PDF readers that are programs for reading files on your computer, there are browser additions for opening PDFs online. The security settings for these plug-ins or Internet Explorer ActiveX components are determined by your browser’s scripting settings and extensions together with any other online security measures you use.

As always, the best defense is to refrain from opening PDFs unless you know they come from a reliable source. Even then, friends can still unwittingly send you an infected PDF. If all you do with PDFs is read them, I see no point in having JavaScript enabled.

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.


This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
4.666665
Average: 4.7 (21 votes)

Comments

SumatraPDF.

Well I wrote the author in SanFrancisco and he told me (wrote) that SumatraPDF does NOT have any Java script reading ability and for me not to worry about it. Another solid reason for using SumtraPDF. Just Sayin'

if I use the PDF printer to create a "new" pdf from the orig PDF, does this eliminate the malicious javascript embedded in the orig PDF?

I only ever read pdfs so I'm deleting Foxit and replacing it with Sumatra. What about pdfs that are opened by Chrome though?

Scripting will be controlled by your browser settings. If you want to disable the Chrome reader, enter "chrome://plugins" in the address bar, find the entry for Chrome PDF viewer, and click "Disable". There might also be an entry for an Adobe or Foxit plug-in. That can also be disabled if you choose.
According to this post http://forums.fofou.org/sumatrapdf/topic?id=773324 by the author of the program, SumatraPDF definitely doesn't support javascript.
Thanks for the information.