PDF DRM Plugins

PDF Plugins for document DRM security & PDF protection

Protect IP

Protect PDF documents no matter where they reside:

Stop unauthorized access
Stop sharing and distribution
No useless & insecure passwords or plug-ins

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

The issues of PDF plug-ins – conflicts, updates, and malware

Why use Plugins for PDF DRM Security?

At first sight, plugins (software components that add features to existing applications – most typically browsers) offer a superior way of delivering Digital Rights Management (DRM) functionality into PDF documents on an end user device (desktop, laptop, tablet and so on).

The attractions are that plugins may be delivered ‘seamlessly’ through the browser, that they inherit all the authority of the browser, and act transparently so the end user need not be aware that they are there. Users would be amazed to find out just how many plugins (or add-ons) are already installed in their browsers and they never noticed. Good bets you will find Flash, Quicktime, Java, WordPress, Moodle, IrfanView and so on.

So a well-designed plugin can offer good PDF security because it can be delivered reasonably easily, has direct access into the browser functionality and a connection to the Internet already provided so it can download documents as required and do any user authentication required.

However, in practice there are some problems when it comes to the implementation.

Plugins and conflicts, admin rights, malware and updates

Current security controls often require an Administrator to allow them to be installed, just the same as an executable does, so that makes them the same as installing application software. However, unlike application software they can create a gateway for other applications or malware to enter, decreasing the overall security of the application they are plugged in to.

Browsers can run many plugins at the same time, and the plugins are not ‘aware’ of each other, and therefore of any conflict over the resources they are using. So it is possible for them to be in conflict with each other when using the same data (they are using the browser’s data so there is no sand box control) and it can be a complex thing for the plugin supplier to test out their plugin with all the commonest suppliers to make sure everything works. There is no formal testing process by the browser providers.

By studying a plugin it is possible to see where it acts on data and design another plugin to take advantage by grabbing the data being processed. It is also possible to manipulate plugins to allow malware to be uploaded into a user machine.

Browsers are always in a state of update. And there is no coordinated schedule of when they are changing or what is changing. So you can certainly participate in the browser beta schedules – the manufacturers helpfully make their expected release candidates available to extend their own testing capabilities – but changes to other plugins cannot be easily coped with. So, if Adobe change their links for handling PDF files in Acrobat, separate plugins to process the PDF files may be affected and stop working.

This is compounded by the presence of different versions of browsers on different platforms. So when updates roll through things can stop working for a while. And some corporations only allow versions of the browser that they have locked down, and this may not be compatible with updated plugins either. So whilst the automatic plugins of the big software suppliers for PDF, Flash and Quicktime mainly work OK for corporates other plugins have no guarantee.

There are also a lot of differences between the corporate world and the consumer. Corporates move slowly, preferring to be behind the curve on the systems they are running – not on the bleeding edge. Consumers often look for the latest and greatest and frequently change their environments. This diversity gives the plugin provider serious operational problems.

Plugins and document security

Increasingly plugins are a part of life. You only have to look at WordPress to see how extensively plugins are required for normal processing, but they may not be too useful where security is required, as in PDF DRM. Here you have to rely on the PDF security plugin working as expected (not conflicting or being circumvented by other plugins) and not failing to operate when Acrobat is frequently updated. If you cannot achieve that then the plugin is effectively useless.

To read more about Adobe Security Plugins see:

Adobe Plug-ins and Security issues – explains why even ‘Adobe certified mode protection’ is not all it seems and that certified plugins are not guaranteed to be fit for purpose.
Plug-ins – a source of insecurity – examines and questions the claims often made by plug-in suppliers that they are secure, giving published examples of where they are not. It demonstrates why you should not purchase a document security solution that relies on plugins.
PDF security flaws – covers common security flaws and vulnerabilities in Adobe Acrobat (the application that is plugged into).

Adobe Acrobat Plugins and certified mode

There are many Adobe Acrobat and Adobe Reader plug-ins that can load (by design) only in certified mode. One example is all documents protected with “Adobe DRM” security handler (so-called eBooks). Certified mode assures that all other plug-ins, loaded with those ones, have been also certified by Adobe. However, with this vulnerability the plug-in with forged signature can perform virtually everything, including but not limited to:

removing or modifying any restrictions (from copying text to Clipboard, printing etc) from the documents loaded into Adobe Acrobat or Adobe Reader
remove any DRM (Digital Rights Management) schemes from PDF documents, regardless the encryption handler used – WebBuy, InterTrust DocBox, Adobe DRM (EBX) etc.
modify or remove digital signatures used within a PDF document
affect any/all other aspects of a document’s confidentiality, integrity and authenticity.

The official US-CERT posting can be viewed here along with Adobe’s response.

Why plugins are useless for document security

Plugins can be overruled
A plugin from one manufacturer can stop a plugin from another manufacturer from:
- not working correctly
- not working at all
- changing what controls it enforces
Plugins can put your system at risk
Some document DRM products like FileOpen Rights Manager require you to turn OFF security in Adobe Acrobat in order for their plugin to work.
Some may say this is not a great basis for a security product, but it just emphasizes the point that even ‘security’ plugins are not as integrated into applications as you may think and may actually make it and your system less secure.
Plugins can be easily broken
Plugins may suddenly stop working when there is:
- an update to the application it plugs into
- an update to another plugin within the application
And if you think about all the different Operating Systems and versions of Adobe Acrobat that have to be supported (a plugin may work in one version but not another) you can see how the situation quickly gets out of control.
Anyone can write a plugin for Acrobat
- Anyone can write a plug-in for Adobe Acrobat Standard or Professional without obtaining an IKLA. See PDF plugin security.
- If a company has an IKLA with Adobe Systems, it does not mean that their product is certified as fit for purpose, is secure, or will not create weaknesses in the system.
- Plugin writers can forge signatures so that their plug-ins run in certified mode where they are given special privileges which can harm the system.
Plugins need Admin rights to install
Companies selling plugin solutions will claim they are easier for users to install. This is not true.
- They require the same Administrator rights as installing any other software.
- They are often more complex to install since they can clash with other plugins already installed – this can cause them to fail to install, or install incorrectly (i.e. they won’t work at all or as expected).
And unlike application software they can create a gateway for other applications or malware to enter, decreasing the overall security of the application they are plugged in to.

Why Locklizard for PDF Protection?

Locklizard PDF Security – Total PDF DRM Security without Plugins or Passwords

Locklizard document security cannot be compromised by plugins because we prevent all plug-ins from loading so that no vulnerabilities can be introduced.

Locklizard takes your document protection seriously. We provide total PDF protection with US Gov strength AES encryption, public key technology, DRM and licensing controls, to ensure your PDF files remain protected no matter where they reside.

Our DRM PDF Security products enable you to share documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls.
We use our own Secure Viewers to prevent plugins loading – so your document security cannot be compromised and continues to work even after updates have been applied.
Unlike Adobe Permissions which can be easily removed, our DRM controls persistently protect your PDF files and enable you to revoke PDFs at any time regardless of location.
No keys are exposed to users or interfaces and documents are only ever decrypted in memory – see our DRM technology.
Your PDF files always remain under your control – no uploading of unprotected files to the cloud.
Our easy to use adminsitration system provides simple user and document management and unlike passwords, keys are transparently and securely managed for you.

See our customer testimonials or read our case studies to see why thousands of organizations use Locklizard PDF security to securely share and sell their documents.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.

Try Safeguard today

Start protecting your PDF files and documents from sharing & piracy

PRICING

Purchase & Pricing
Instant Quote

RESOURCES

FAQs
Locklizard Blog
Knowledgebase
Security Guides
White Papers
Viewer Demo
Videos

DOWNLOADS

Secure Viewers

Writers
Product Manuals
FREE Trial

ABOUT US

About Us

Our DRM Technology

What is DRM?

Customers

Locklizard vs Competitors

Secure Data Rooms

Company Brochure

CONTACT

sales@locklizard.com
support@locklizard.com

Business Hours:
Mon – Fri: 8AM to 5PM EST
Tel (US): +1 800 707 4492
Tel (UK): +44 (0)1292 430290

	Adobe Acrobat Security
	PDF Encryption & Password Security
	PDF DRM Security
	PDF Watermarking security
	Adobe LiveCycle Rights Management
	Creating Secure PDF files
	PDF Plugin Security

	Security Learning Center
	Document Security Papers
	Information Security Glossary
	Regulatory Compliance
	Intellectual Property Theft
	Adobe PDF Security Issues
	PDF Plug-in Vulnerabilities
	Adobe Flash Security Issues
	DRM Security Issues

PDF DRM Plugins

PDF Plugins for document DRM security & PDF protection

Free Trial & Demo

Trusted by:

The issues of PDF plug-ins – conflicts, updates, and malware

Why use Plugins for PDF DRM Security?

Plugins and conflicts, admin rights, malware and updates

Plugins and document security

Adobe Acrobat Plugins and certified mode

Why plugins are useless for document security

Plugins can be overruled

Plugins can put your system at risk

Plugins can be easily broken

Anyone can write a plugin for Acrobat

Plugins need Admin rights to install

Why Locklizard for PDF Protection?

Locklizard PDF Security – Total PDF DRM Security without Plugins or Passwords

Customer Testimonials

Try Safeguard today

PDF DRM Plugins

PDF Plugins for document DRM security & PDF protection

Free Trial & Demo

Trusted by:

The issues of PDF plug-ins – conflicts, updates, and malware

Why use Plugins for PDF DRM Security?

Plugins and conflicts, admin rights, malware and updates

<img decoding="async" style="vertical-align: middle;" src="/Images/pdf-shield.png" alt="" width="90" height="90" /> Plugins and document security

Adobe Acrobat Plugins and certified mode

Why plugins are useless for document security

Why Locklizard for PDF Protection?

Locklizard PDF Security – Total PDF DRM Security without Plugins or Passwords

Customer Testimonials

Try Safeguard today

Plugins and document security