TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

07-11-2007, 11:44 PM

kurt wismer wrote:

> > I've never seen PDF content being auto-rendered either as it's
> > own page or as a component of page unlike other components of
> > a typical web page (ie like html code, java script, JPG or
> > GIF images, etc).
> >
> > In my experience, PDF material (PDF files) are always
> > presented only as links that require the user to click on
>> them in order to view them.
> >
> > What browser has the option of rendering PDF files
> > "in-line" ?
>
> again, round and round we go... the acrobat reader includes a
> browser plugin that allows you to read pdf files right in your
> browser...

Why are you incapable of understanding a simple concept?

I'm trying to point out to you that PDF code or PDF files are not
automatically rendered in-line as a component of a web page and that
they must be clicked on by the user in order to be rendered. That
they can THEN be rendered within the browser by a plugin is
irrelavent.

I'll try to make this simple for you.

If I view a web page that contains code to display a graphic bitmap
(say, a jpeg or gif file) I will see the bitmap when I view the web
page. I will NOT see a link to the bitmap that requires me to click
on it to see it (unless that's how the web-author wants it to work).

In contrast, PDF files are never rendered "in-line", automatically, as
part of webpage content like a gif or jpeg bitmap.

> so you choose to believe that spam 'users' are less likely to
> be pdf 'users' to a significant enough degree to make this
> distinction worth pursuing...

The home PC is common enough to be used by a wide range of people for
a wide range of reasons. When we dissect and analyze things at this
level, in the absense of other information, if I just had something as
basic as the presence or absense of an installed pdf reader, if I had
to form an opinion as to who is more likely to be spam-friendly, I
would say it's the people without a PDF reader installed.

> somehow spam 'users' don't need government forms or product
> documentation or any of those other things that require a
> pdf viewer...

Perhaps those people are kids or teenagers with PC's in their
bedrooms. Perhaps they're senior citizens who have their kids do
their taxes for them. I would expect (more often than not) both
groups to not have PDF readers installed on their computers (unless it
came pre-installed on them anyways). I would expect both groups to be
more naive when it comes to spam as opposed to other groups - more
likely to at least open and read it.

> i think you're reading too much into the fact that they
> respond to spam... i see no reason why they should be
> significantly different from the average user as far as
> pdf reader deployment goes...

If the lack of an installed PDF reader on a system is an indication of
a new or novice computer user, then that demographic is also more
likely to be unfamiliar with spam in all it's forms and appearances,
and will (over time) presumably install a PDF reader on their system,
and just as likely over time to recognize and ignore spam.

Again, it's not like I'm saying that the presence or absense of a PDF
reader on a given system is "the gold standard" reference for who will
be a spam reader/responder.

I think we agree that resorting to the PDF format may be better (in
the short term) for spammers to get their spam through to end users,
but it's not a desirable format to insure they actually see the
payload.

I'm going an extra step by saying that systems with PDF readers on
them are more likely to be owned and operated by those that are (even
slightly) more likely to recognize and delete spam without even
reading it.

> > Arguably Google has played a role in making the PDF
> > format more common and exposing it to more people by
> > presenting PDF material in it's search results.
>
> true, but it generally allows the user to 'view as html'
> and as such doesn't necessarily drive people to install
> pdf readers...

I guess you like to argue with everything I say?

Fine. Here's a counter-argument.

The "view as html" is a very poor substitute vs viewing the original
PDF document, so I wouldn't expect a given user to persistently view
PDF files as html for very long before deciding to install a PDF
reader.

> the fact that it is a common format for many useful or
> important documents means that many people are going to
> be users...

So what are you saying?

That the number of systems currently without an installed PDF reader
is zero?

> the fact that it has such a wide variety of uses means
> that it will have a broad pool of users

You're now arguing that a PDF reader is likely to be installed on the
majority of systems. I'm not disputing that. I would tend to agree,
and the fact that it comes pre-installed by some large vendors
certainly helps that argument.

But I'm betting that there are systems out there that don't have it
installed.

If you know of any hard stats on this, then post them here. Here's
one:

http://www.planetpdf.com/forumarchive/86169.asp

> > Clearly this conversation pertains to situations (or the
> > implications) of a PDF reader NOT being pre-installed by
> > a vendor,
>
> no, clearly this conversation pertains to how *insignificant*
> those situations are to the spammer...

Isin't that an implication of whether or not a PDF reader is installed
(by the vendor)? Which is what I said above, to which you answered
"no" ?

> the spammer chooses a format that will get his message into
> as many inboxes as possible ...

That, and the rest of that paragraph, is mostly obvious.

I don't buy the argument that PDF spam has a "clickability" advantage
that makes it (even slightly) more likely for the average reader to
open it just because it's a pdf. If that were true, we would be
seeing more executable attachments masquerading as PDF attachments.

07-11-2007, 11:44 PM	#30
Virus Guy Guest Posts: n/a	Re: New .PDF malware (?) kurt wismer wrote: > > I've never seen PDF content being auto-rendered either as it's > > own page or as a component of page unlike other components of > > a typical web page (ie like html code, java script, JPG or > > GIF images, etc). > > > > In my experience, PDF material (PDF files) are always > > presented only as links that require the user to click on >> them in order to view them. > > > > What browser has the option of rendering PDF files > > "in-line" ? > > again, round and round we go... the acrobat reader includes a > browser plugin that allows you to read pdf files right in your > browser... Why are you incapable of understanding a simple concept? I'm trying to point out to you that PDF code or PDF files are not automatically rendered in-line as a component of a web page and that they must be clicked on by the user in order to be rendered. That they can THEN be rendered within the browser by a plugin is irrelavent. I'll try to make this simple for you. If I view a web page that contains code to display a graphic bitmap (say, a jpeg or gif file) I will see the bitmap when I view the web page. I will NOT see a link to the bitmap that requires me to click on it to see it (unless that's how the web-author wants it to work). In contrast, PDF files are never rendered "in-line", automatically, as part of webpage content like a gif or jpeg bitmap. > so you choose to believe that spam 'users' are less likely to > be pdf 'users' to a significant enough degree to make this > distinction worth pursuing... The home PC is common enough to be used by a wide range of people for a wide range of reasons. When we dissect and analyze things at this level, in the absense of other information, if I just had something as basic as the presence or absense of an installed pdf reader, if I had to form an opinion as to who is more likely to be spam-friendly, I would say it's the people without a PDF reader installed. > somehow spam 'users' don't need government forms or product > documentation or any of those other things that require a > pdf viewer... Perhaps those people are kids or teenagers with PC's in their bedrooms. Perhaps they're senior citizens who have their kids do their taxes for them. I would expect (more often than not) both groups to not have PDF readers installed on their computers (unless it came pre-installed on them anyways). I would expect both groups to be more naive when it comes to spam as opposed to other groups - more likely to at least open and read it. > i think you're reading too much into the fact that they > respond to spam... i see no reason why they should be > significantly different from the average user as far as > pdf reader deployment goes... If the lack of an installed PDF reader on a system is an indication of a new or novice computer user, then that demographic is also more likely to be unfamiliar with spam in all it's forms and appearances, and will (over time) presumably install a PDF reader on their system, and just as likely over time to recognize and ignore spam. Again, it's not like I'm saying that the presence or absense of a PDF reader on a given system is "the gold standard" reference for who will be a spam reader/responder. I think we agree that resorting to the PDF format may be better (in the short term) for spammers to get their spam through to end users, but it's not a desirable format to insure they actually see the payload. I'm going an extra step by saying that systems with PDF readers on them are more likely to be owned and operated by those that are (even slightly) more likely to recognize and delete spam without even reading it. > > Arguably Google has played a role in making the PDF > > format more common and exposing it to more people by > > presenting PDF material in it's search results. > > true, but it generally allows the user to 'view as html' > and as such doesn't necessarily drive people to install > pdf readers... I guess you like to argue with everything I say? Fine. Here's a counter-argument. The "view as html" is a very poor substitute vs viewing the original PDF document, so I wouldn't expect a given user to persistently view PDF files as html for very long before deciding to install a PDF reader. > the fact that it is a common format for many useful or > important documents means that many people are going to > be users... So what are you saying? That the number of systems currently without an installed PDF reader is zero? > the fact that it has such a wide variety of uses means > that it will have a broad pool of users You're now arguing that a PDF reader is likely to be installed on the majority of systems. I'm not disputing that. I would tend to agree, and the fact that it comes pre-installed by some large vendors certainly helps that argument. But I'm betting that there are systems out there that don't have it installed. If you know of any hard stats on this, then post them here. Here's one: http://www.planetpdf.com/forumarchive/86169.asp > > Clearly this conversation pertains to situations (or the > > implications) of a PDF reader NOT being pre-installed by > > a vendor, > > no, clearly this conversation pertains to how insignificant > those situations are to the spammer... Isin't that an implication of whether or not a PDF reader is installed (by the vendor)? Which is what I said above, to which you answered "no" ? > the spammer chooses a format that will get his message into > as many inboxes as possible ... That, and the rest of that paragraph, is mostly obvious. I don't buy the argument that PDF spam has a "clickability" advantage that makes it (even slightly) more likely for the average reader to open it just because it's a pdf. If that were true, we would be seeing more executable attachments masquerading as PDF attachments.