PDF Blog Contents Summary

This PDF Blog page contains extracts from our regular series of PDF Security Newsletters, starting with articles issued from 2022

Avoiding PDF malware and phishing

Over recent years a wide range of concerns about the security of "standard" PDFs have been raised. Literally billions of PDF files are created and distributed every year and almost all are safe to view and use. However, a significant number of PDF files contain direct and indirect security concerns, so in this article we look at the main ones circulating today and how to avoid being caught out. Click here or on our Infographic to read the full article

PDF Security Infographic

PDF Knowledgebase

In addition to this "PDF Security blog" page, our separate PDF Wiki Knowledgebase resource is designed to make information about PDF files and their usage readily available in a clear, user-friendly manner. There is also an emphasis on issues of PDF security in the context of content and copyright protection, whether for private individuals, businesses or governmental organizations. The knowledgebase also provides details on all Drumlin, Javelin and Webdoxx software and services.

PDF Wiki

Secure electronic publishing - ePUB or PDF or Web?

Overview: If publications are designed to be read from cover to cover, and contain little or no formatting or images, and color is not important, then ePUB is probably the best option. This is the usual choice for novels and similar books. However, if the publications contain anything more complicated, or were originally designed for print publication, or as training resource materials, then PDF may be a better choice. In either case, security of copyrighted content is paramount for most publishers.

For open-access publication of Magazines, Catalogs and Comics, with optional access control (e.g., for subscription services), then web-based may be the best way to go. Journal publications, newspapers and newsletters are also often best handled via web-based display, providing maximum reach with minimal support. Controls over copying, downloading and printing are all standard features that provide basic content security.

PDFs: One of the most important features of PDF documents is that they are defined by a page-based model - this describes how individual pages in the document are made up, in terms of the text, the fonts used, graphical objects, interactive elements and possibly other features associated with the page. This page-based model means that when you look at a PDF page on-screen or on printed output, it should always look the same and as specified by the designer.

Page-based ePUB3 and HTML5: Although standard ePUB and HTML are designed for flowable text (see further, below), the more recent variants can be used to present page-based information. These features enable fixed layouts to be used, often with color images and in some cases, with interactive and multimedia elements. This ideal for graphic novels, comics, magazines and books with a lot of color content (e.g., photographs, technical drawings etc.).

Flowable ePUB and HTML: Standard ePUB and HTML formats are effectively a linear stream of items, one after another, with limited "layout" elements. A major aim of the ePUB format is to allow the text to be the dominant element, re-sizable and re-flowable, ignoring the page concept and focusing on the size and orientation of the device on which it is viewed. ePUB, and its variants and versions, is the most widely used format for reading eBooks and similar documents on mobile devices, including of course Amazon Kindle, Nook and other specialized ebook reader devices.

As an indication of what this means for an existing, well-structured and formatted source document (e.g., created in Word or InDesign) see this article by Reka Oroszi. In the article the author explains that for standard ePUB documents to work properly you need to start by:

1. Removing all text formatting (styles); then

2. Remove all numbered lists, bulletized lists, page numbers, tables, tables of contents, forced line breaks, double spaces, double paragraphs, page breaks, tabs, image wrapping, footnotes and direct links to third party webstores!

Only then can you re-introduce a basic level of formatting - ideal for works of fiction and publications with very limited format requirements, but not for more complicated documents. For the latter, PDF format with Digital Rights Management (DRM) protection, or a matching web-based (HTML5) implementation is what is needed.

Our offline and web-based services support secure document publishing of both ePUB and PDF source documents. In addition, we can assist in creating suitable files from sources in other formats (e.g., Word, Powerpoint, InDesign etc.) and can advise on print-production and distribution if that forms part of the requirement.

Changing pages in PDF files

PDF modifications: In general, special PDF editing software is required for deleting pages, inserting pages and extracting pages. These facilities are now provided as standard in the latest version of our free Javelin3 for Windows PDF reader.

To use these new facilities, open any standard PDF in Javelin3 for Windows (latest versions) and right-click on a page to see the new options. These include: Delete ... , for deleting the current page or a selection of pages; Insert PDF document, enabling an entire PDF document from disk to be inserted into the current document AFTER the current page; and Extract, where one or more pages from the current PDF document can be extracted to a new, separate PDF file. After making any changes to the current PDF document a prompt is given when leaving the document that changes should be saved or discarded. If discarded the source PDF remains unchanged.

Right click

Running iOS apps on Mac computers

"iPhone apps and iPad apps are available without modification on the Mac App Store on Apple silicon Macs. These apps can be optimized to work with keyboards, windows, and touch-input gestures by using existing capabilities that are already available to iPhone and iPad apps." (Apple Inc, 2023)

However, when such apps are run in this way they lack some of the security features that real iPAD and iPhone devices provide. Javelin secure PDF reader for iOS and apps based on Javelin identify the specific device on which access to secured documents are permitted using its deviceID. The deviceID provided by Apple in this case is a 'virtual' deviceID, not the unique physical ID of the device. This is believed to have been introduced some years ago for US government security reasons, and so as long as the virtual deviceID does not change, Javelin readers will retain the details of documents and their authorization status enabled on that device. However, this is not the case for emulations of iOS devices, such as the recent Apple MacOS M1 chipset devices, on which the virtual deviceIDs change each time they are run, so these do not have the necessary security framework for the encrypted PDFs. The same is true if the iOS operating system is replaced following a fault with the device. For this reason users will not now find Javelin and related apps on the MacOS AppStore, but only on the main Apple iOS AppStore.

Accessibility, Language and Text to Speech (TTS)

Overview: One of the most effective ways of providing accessibility to text-based documents is to enable them for text-to-speech (TTS) technology. Also known as "Speech Synthesis" TTS enables selected blocks of text or entire pages to be read aloud in a meaningful manner. Typically, this uses built-in features of the operating system (OS) for the device in question, and these vary in quality and functionality.

The "voice" used for TTS on different operating systems is selectable, not only by type or name but also by language. For example, reading aloud a Spanish textbook using an English voice not only sounds wrong, but it can also be impossible to understand! The solution is to ensure the language pack for the preferred language is installed on the target device and then selected as the default language and voice for TTS.

A summary of the facilities for each main end-user OS is provided below:

macOS v13 and later - The Settings (System Preferences) facility, Accessibility/Speech option is where you will find the System Voice selector, for example "Jorge" for a Spanish, male voice speaker. Use the Customize option to select a language and speaker that is not present in the default list. Read aloud is enabled via a key sequence, e.g., Option+Esc (the Option key is often labelled "Alt"). In Javelin3 for macOS, select a block of text and press the key sequence for the text to be read aloud in the chosen default voice

Android v9 and later - on Android devices the Settings facility, General Management/Language and Input/Speech section is where TTS is defined. Select the language to use, touch the PLAY button to check the setting, and then exit. Then run Javelin3 for Android, open the document to be read aloud, and either select text for highlighting/reading aloud from the reader toolbar (highlight icon), or use the 3-dot icon on the toolbar to select the Read Page option. The text will be read using the voice just selected. The voice used may revert to the device regional settings voice next time the Javelin3 app is used, so if this occurs, simply repeat the select and PLAY check described above and it will spring into life again!

Windows 10 and 11 - the Windows Settings facility, Language option is where this is defined. Once the default language for speech is defined, selected text or pages will be spoken with the chosen voice, e.g., "Helena". If in doubt, check the Microsoft Help facilities. In Javelin3 for Windows, select a block of text and right-click to see the read aloud options (Read Selected Text by ..., Read Selected Text, or Read page) and it will be spoken with your selected voice. If a block of text is not selected, then only the Read Page option will be available. Read aloud ends when the chosen text or page end has been reached or via the right-click option, "Stop speaking". The Tools menu, Settings options allows the default voice to be selected. Owing to a bug in current versions of Windows 10 and 11, only a subset of available voices for a selected language may be chosen

iOS - as with macOS, TTS is enabled via the Settings facility, Accessibility/Spoken Content options. Selection of text to be read aloud is essential for TTS to work as expected on iOS devices. Currently Javelin for iOS does not support this functionality, but it may be enabled in the future

WEB - Several web-based services use text-to-speech for audiobook provision, although professional human-read audiobooks work much better, particularly for longer non-technical texts and works of fiction

Javelin3 secure PDF reader - Major new release, v3.1

In response to a number of requests, Javelin3 for Windows has been revamped, with many enhancements, as illustrated and summarized below:

  • Multi-language speech synthesis support (see above)
  • Revised Home page display, with modern layout - as illustrated
  • New direct Home page links to the User Guide, Help facilities and Web Resources
  • New option to immediately open the last document viewed, rather than the Home page, speeding up access to documents
  • Page window size and display settings, and the last page viewed, are retained even if the program is exit-ed abnormally rather than after closing a document or using the File menu, Quit option
  • Menu display issue when Windows Scaling not 100% now resolved (note that scaling is not recommended as it can result in poorer quality display of text and graphics)
  • White Label option extended - ask us for more details
  • Updated documentation and video demos
  • Page modification: Insert PDF file, Delete pages and Extract PDF pages

Personalization of PDFs

Sometimes it is desirable to send someone a PDF document that is personalized in order to make it clear that it is specific to that individual, to discourage or prevent its use by others. One way to do this is to edit the source PDF so that every page includes information about the user (e.g. Full name, their email address, their organizational affiliation etc.) as a form of "Stamp" or Watermark on every page (see further, our PDF Wiki article on this topic). In addition, the PDF filename can be changed to include the user's name or other user-specific identification. These changes can be applied to any PDF, with added standard PDF security or stronger DRM-enforced security. Facilities to provide such functionality are included as standard in our DrumlinPublisher software. All existing subscribing publishes can now use this facility.

Issuing PDFs that Expire

The PDF standard does not include facilities to enable a PDF to be issued that will no longer be readable after a specified date. However, there are three ways in which a PDF can be expired on a specific date and/or time:

  • using javascript that is included within the PDF to set an expiry date - this is widely discredited as an approach for several reasons: (i) non-Adobe readers generally ignore/do not support javascript elements in PDF files; (ii) many corporates and generic AV software tools will reject any PDF that contains javascript as potentially a security threat; (iii) the javascript can be readily removed from a distributed PDF; and finally, it may not work reliably anyway!
  • using a Digital Rights Management (DRM) service. This type of service does provide for reliable and secure date expiry, but typically requires subscription to a suitable DRM service and use of a proprietary PDF reader. Our Drumlin DRM service and Javelin PDF readers provide this kind of facility as standard
  • using a web-based secure PDF display service (like our Webdoxx service) that protects against PDF downloading or provides the PDF content in a form that looks exactly like the source PDF but the PDF itself is not hosted on the server used. In this case the PDF can be expired automatically or simply removed from the server. With this approach the end user does not require any special software to view it - just an HTML5 compliant web browser

PDF and Secure PDF Questions and Answers

QUESTION: Can screen capture be prevented?

ANSWER: This is probably the most frequent question we get asked. The short answer is "no", not reliably, no matter whose systems and software you are using - the same issue applies to printed documents - they can always be scanned or photographed, even if some attempt is made to prevent screen grab programs from being used on electronically displayed documents. We provide an option in DrumlinPublisher to specify screen capture disabling, which applies to Javelin3 for Windows usage, and deals with most screen grab attempts. On Javelin3 for Android the built-in hardware screen capture facility is always disabled, as this is an option provided within the Android operating system. On iOS/iPadOS screen capture is made difficult and cumbersome in the Javelin reader rather than prevented and on macOS screen capture is not disabled as attempting to do so is too messy and unreliable. However, with all OS variants we recommend NOT using the Disable Screen Capture option, but using dynamic watermarking, as noted in our Watermarking FAQ answer. This identifies the individual and device if/when a screen grab is made, strongly discouraging misuse of the captured image. We also provide a "personalization" facility within DrumlinPublisher, enabling even more specific personalization of secured files distributed to multiple end users. In our experience these are extremely effective measures to employ if publishers have real concerns about possible screen capture

QUESTION: What is the Terminal application on Mac computers for, and why do some apps close when the Terminal app is running?

ANSWER: Most MacOS users are unaware of the built-in app called Terminal. It effectively provides direct access to the operating system, rather like the CMD and Shell facilities provided in the Windows operating system. Most of the time, if Terminal is running, it forms part of a start-up process setup by an IT Department, for example to facilitate access to some in-network facilities, and is quite common on University campus-based systems. Unfortunately it also provides a backdoor for would-be hackers to attack the operating system and its memory handling, and for that reason when Javelin3 for Mac is run, it will close itself with a warning message and not allow secure documents to be viewed unless the Terminal app is closed first.

QUESTION: Can secured PDFs be accessed on multiple devices?

ANSWER: "Yes" - but it really depends on the choices made when publishing secured files, whether offline or online. With offline usage, by specifying an authorization code as just one usage, then access is limited to a single device, but often publishers will set the value as 2, so a desktop or laptop plus a mobile device for that end user is permitted. In special cases, for example in a closed classroom envirnment with many students in attendance, a much higher value is sometimes specified (e.g. 30) to allow a single code to be used for all students in a class, which is then disabled (set back to 0) after its initial use in the classroom or lecture theatre. With online (web-based) access, unlimited access can be provided by not requiring logins, or limited access can be selected by specifying a limit on the number of browsers permitted to access the file by one logged in user (e.g. on different devices), or by restricting the number of simultaneous sessions for that user.

QUESTION: Why is Javelin3 for Mac not available on the Mac App Store?

ANSWER: On the Mac many apps are not provided on the Apple App Store, for a variety of reasons (commercial, technical, practical, 'political' etc.) - this includes Adobe PDF Reader, for example. Like the Javelin3 reader for Mac, the Adobe reader is provided as a signed, downloadable file, and works just fine on Mac platforms (for example, see the Adobe site for more details).

The Javelin3 reader, which is free, is produced by us with Apple's approval for us as a Mac developer and uses Apple's PDF Library for the document display handling, so is essentially a secure version of the Preview app issued by Apple themselves. We update it whenever necessary, but it tends not to require changing unless Apple have a major problem themselves, or they completely change their operating system architecture and library, which generally only occurs every few years and tends to require new versions of all their software as well as everyone else's if the user chooses to upgrade their operating system - often Apple do not provide backward compatibility, forcing users to purchase new hardware and/or software, whereas we do provide multiple versions to provide full backward compatibility.

QUESTION: I have an end user who wants to transfer his secure ebook from his existing PC to a new PC, together with the notes and markup he has added. Can this be done with Javelin3 for Windows?

ANSWER: Using Javelin3 for Windows, there is a special function to support this - the user can open the document and select the File menu, Create Backup copy, and this will produce a special backup file that includes the original document plus the associated annots file with the markup and notes created by the user. This backup file can then be taken to another PC and with the File menu, Restore Backup the file and its annots can be re-instated. However, if installed on a new PC (or an old PC with its registry re-installed) the file will need to be re-authorized (i.e., with a reset code or new code) because it would not be recognized on that device.

QUESTION: Can Javelin3 for Windows be installed "silently"?

ANSWER: YES ... within the InnoSetup install program there are options for silent installation - please see Inno Setup Command Line Parameters

e.g. "Javelin3.1.0.1setup.exe /verysilent /suppressmsgboxes /norestart /allusers"

If this is done from an Administrator shell, then no UI interaction at all takes place as the system message box "Do you want to allow this app to make changes to your device?" is not required. Note that both the installed images and the setup executables are digitally signed with GlobalSign EV certificates.

QUESTION:One of our trainees wants to do a reset of his PC laptop and he is already using Javelin3 PDF reader for his studies. He wants to know how to retain the highlighted content and annotation he done to all the PDFs we have shared with him.

ANSWER: On the PC version of Javelin3 there is a special option for this via the File menu - if a secured document with annotations is opened, there is an option "Create Backup Copy" - this creates a special file that includes both the document and any annotations, which can be saved on an external disk for example. The user can then use another PC or the same PC (even if the latter has had its operating system re-installed), and they can then use the File menu, Restore Backup option to restore the file they have saved. If in doubt they can test this works on another PC first, just to make sure it all looks OK. The only thing that would need to be done in this case is that the file or files will need to be re-authorized if the registry entries have been cleared. This is documented in the Javelin3 user guide, page 28, available locally or online at: here

QUESTION: I just downloaded Javelin for an ebook I purchased. However now every pdf is automatically getting associated with the Javelin3 PDF reader. Any guidance on how to rectify this would be greatly appreciated.

ANSWER: This can happen with Android-based devices, because when you initially download and open a PDF on Android, it asks you which PDF reader you want to use, either Just Once or Always, and if you answer "Always" it will remember that as the default. That can be changed via the Settings facility on an Android device, apps section, and select the app (Javelin3) to see the facilities and settings, which can then be changed.

On a PC this would normally only occur if you have selected (but not opened) a PDF in Windows Explorer, right clicked on the filename and used the OPEN WITH... option to select the program you want to use - if the option box is ticked to SET AS DEFAULT that would choose the selected program for all subsequent PDFs, but you can change to another one at any time by going through the same steps.