security – PDF Blog – Topics from the makers of Win2PDF

Win2PDF Pro Enhancements for Adding Watermarks and Security Changes to Existing PDFs

Our latest 10.0.132 update to Win2PDF Pro adds two new features to the Win2PDF Desktop app – the ability to modify an existing PDF file to either set (or change) security settings, and the ability to apply a background or watermark to an existing PDF.

Win2PDF Desktop File Menu Options — Win2PDF Desktop PDF Security & PDF Watermark File Menu Options

PDF Security…

The first added feature allows you to apply or change security options to an existing PDF file. Previously, if a user wanted to add encryption to a PDF file, set a password, or change security options to limit printing or copying text and images, they would have to re-print the PDF and make these changes in the Win2PDF Pro Options. Now, they can simply open the existing PDF file in Win2PDF Desktop and make these changes directly without having to reprint.

PDF Watermark…

The second added feature allows you to add a watermark or background to an existing PDF file. Again, instead of having to re-print the existing PDF, you can now just open the file in Win2PDF Desktop and apply the watermark or background directly to the existing file.

The Win2PDF Desktop interface and available options for setting security and watermarks are the same options that are available in the Win2PDF Pro printer options.

Both of these features are only available in the Win2PDF Pro version of the software. If you do not currently have Win2PDF Pro but would like to trial these features, please request a Win2PDF Pro trial license. (Make sure you specify you want the Win2PDF Pro trial license in your request).

The PDF Pro Tip That Could Have Saved Paul Manafort’s Lawyers From Regret

We just released a free update to Win2PDF (version 10.0.40) that has a new feature that could have been useful for Paul Manafort’s lawyers, as this Wired article explains.

“The latest reminder came this week, when [Paul Manafort’s] defense lawyers failed to sufficiently redact portions of a court filing submitted on Tuesday, responding to Robert Mueller’s claims that Manafort violated his plea agreement with the special counsel by lying to prosecutors.”

What is the new feature? Well, it’s a enhancement to our Win2PDF Desktop app that allows you to extract all of the text from a PDF file and then save the results to a simple TEXT file. All you need to do is drop the PDF file on the Win2PDF Desktop icon and then select ‘Extract Text‘ from the pop-up menu shown below.

extract_text

This would have turned the following redacted Manafort court document (shown as a PDF file):

manafort1

into this TEXT file:

manafort2

You can see that the redacted text in the PDF file converted completely to readable text in the text file.

This feature, obviously, wasn’t created for the purpose of exposing redacted text, but it does exemplify a case where it would have been useful. We’ve had many other customers who were looking for an easy way to convert PDF documents into TEXT files for other business purposes.

You can download the latest update (free for licensed Win2PDF 7 or Win2PDF 10 users) from our support download page.

New Win2PDF 10.0.39 Update – available now!

We just release a new updated version of Win2PDF and Win2PDF Pro (version 10.0.39) that includes bug fixes and stability improvements as well as a couple of new features.

First, for both Win2PDF and Win2PDF Pro, the new version will support JPG2000 compression. When the “Optimize Image File Size using JPEG2000” option is enabled, color images in the PDF are compressed using the JPEG 2000 format. This can result in significant reductions in file size, but it can also reduce the quality of some types of color images and can slow the conversion process. The option is disabled by default.

JPG2000 file sizes — PDF files created with Win2PDF’s JPG2000 compression can be significantly smaller than the default file size.

Win2PDF 10.0.39 also improves text quality for the “PDF Image Only – monochrome” format.

Second, for Win2PDF Pro, the new version supports the strongest level of 256-bit AES encryption available for PDF encryption. Previously, Win2PDF only supported 128-bit AES encryption. [Note: The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001, and has been adopted by the U.S. government and is used worldwide.]

The 256 bit AES encryption is compatible with Adobe Reader 9.0 and above. For best security, the 256 bit encryption option is recommended.

The Win2PDF 10.0.39 release is a free update to registered Win2PDF users (versions 7 and higher). You can download this free update from our web pages here:

https://www.win2pdf.com/download/download.htm

Standard Win2PDF users should only download and install using the “Download Win2PDF” button. Win2PDF Pro users should only download and install using the “Download Win2PDF Pro Service Pack” button.

If you have any questions or encounter any issues with this new version, please contact us through our support page.

Is your PDF Reader up-to-date?

Just a reminder to anyone receiving or opening PDF files: keep your PDF Readers up-to-date with new patches. Adobe Reader announced an update to address 86 security vulnerabilities. Similarly, Foxit Reader announced an update to address 118 vulnerabilities.

adobepdficon

As this article from ZDNet explains,

“Adobe’s scheduled October update for its Acrobat and Reader PDF software addresses 85 vulnerabilities, including dozens of critical flaws that allow arbitrary code execution … Users and admins nonetheless should install fixed versions, according to Adobe…”

Halloween is still almost a month away, so make sure you keep the scary stuff away from your computer until then.

Adobe’s security bulletin (with link to update).

Foxit Reader security bulletin (with link to update).

What’s up with all of the revised privacy policies I’m getting these days?

Have you been getting a lot of email notices for updated privacy policies? Well, it’s not a coincidence. Many companies are updating or clarifying their online privacy policies to be compliant with the new European Union (EU) General Data Protection Regulation (GDPR) which will technically take effect on May 25, 2018.

What is the GDPR?

GDPR was designed to harmonize data privacy laws across Europe, protect EU citizens’ data privacy, and to regulate the way organizations approach data privacy. There are a total of 99 articles that the regulation covers and you can read more about the details of this regulation through the EU GDPR Portal.

In essence, these are a series of regulations that control what information a company can collect about an individual (who reside in the EU), what they can do and how they store that information, and penalties for those companies if they violate the regulations.

Who is affected by GDPR?

From a user perspective, the protections cover any resident of the EU. Although, many companies are voluntarily extending their changes and privacy policies to include all users for simplicity.

From a company perspective, it applies to any organization who collects data on EU residents.

What should you know about GDPR, encryption, and your PDF files?

There are many more thorough sources of information on this topic (just Google ‘GDPR’), but one thing that may concern our Win2PDF customers is that the regulation restricts sending personal information unsecured. Encryption isn’t explicitly mandated by the regulations, but it is suggested several times as being part of the the compliance solution. For example, as this article points out:

…of the 261 pages of GDPR, the word ‘Encryption‘ appears just 4 times;

“…implement measures to mitigate those risks, such as encryption.” (P51. (83))
“…appropriate safeguards, which may include encryption” (P121 (4.e))
“…including inter alias as appropriate: (a) the pseudonymisation and encryption of personal data.” (P160 (1a))
“…unintelligible to any person who is not authorised to access it, such as encryption” (P163 (3a))

Does the term ‘may’, ‘such as’ and ‘as appropriate’ indicate that Encryption is mandated by GDRP, as some are suggesting? I don’t believe it does.

Do these terms suggest that Encryption is an OPTION and a good idea? Then yes, it does.

If you are sending a customer’s personal information in a PDF file, you should seriously consider encrypting the PDF.

What can you do to being compliant with GDPR?

First, here is a 12-point PDF available that gives a broad 12-step overview to achieving compliance with the GDPR.

Second, you may wish to review your current processes involving customer data that may be included in PDF files that you generate. How are they disseminated? Is the data secured? If you do not currently encrypt PDF files, now may be a good time to do so.

Our Win2PDF Pro software has strong encryption included, and it is available as an upgrade if you currently have standard edition licenses.

Dark Patterns – More on “Free” software

At my lemonade stand I used to give the first glass away free and charge five dollars for the second glass. The refill contained the antidote.

— Emo Phillips

As a follow up to our last post on the high cost of free software, it’s probably worth discussing the related topic of dark patterns in the user interface of software products and web sites. Essentially, dark patterns refer to the intentional use of user interface elements that are designed to you “trick” you into doing something you probably didn’t intend to do.

And why would a web site or software publisher want do this? Most often, it’s to get you to click on a link for a paid advertisement.

For example, many “free” download sites serve ads that look like real download buttons, but actually download software that have nothing to do with what you were searching for. Here’s a real screen shot showing what comes up for a search for “Adobe Reader”:

Many users would logically just click on either of the “Free Download” buttons (which also use the label “Start Download”). After all, all 3 buttons on the page look the same – same size and shape, same green color, a little download arrow on the left… But one is different. The two “Free Download” buttons take you to an advertiser’s site so that you can download their products, not Adobe Reader. And the site hosting the “free” software gets paid a commission for this link – even though it didn’t do what you though it would. Only if you look closely and find the link that says “Visit Site” are you directed to the read Adobe Reader download.

This example shows a web site doing this type of dark pattern interface, but it can also be embedded within the interface of a “free download” product. If you’re curious to see other examples, go to the Dark Patterns web site and browse the different examples that other users have submitted. And if you need to download a product like Adobe Reader, it is always safest to go directly to the publisher’s web site to obtain the download.

Just another reminder why “free” sometimes isn’t free. And why companies like ours only charge you for the lemonade, not the antidote…

The High Cost of “Free” Software

Adware. Spyware. Malware. Bloatware. [Link goes to another good blog post on this subject]. These are all names for software that are secretly installed on your computer when you download so-called ‘free’ software programs. Our recommendation?

Be aware and beware! Just look at this example of an Internet Explorer window riddled with toolbars that have been included with other software downloads.

Example of Internet Explorer overwhelmed with extra tool bars, often loaded by 'free' software — Example of Internet Explorer overwhelmed with extra tool bars, often loaded by ‘free’ software

It may look extreme, but if you’ve seen these types of toolbars or unwanted pop-up windows appear on your computer, it’s quite likely that they piggy-backed on some other ‘free’ software that you downloaded.

As a developer of commercial Windows software, we get offers and inquiries almost weekly from other companies who wish to include their software bundled into our installer. While we always decline such arrangements (Win2PDF is 100% free of any adware/spyware), this is a typical model that many providers of ‘free’ software use to make money. After all, it costs money to develop, support, and host software applications: Web hosting, security, development and version control software, live chat and other technical support software all have costs. As does having to maintain multiple computers with different operating systems and servers for testing. And staff. Let’s not forget about actually having real people in place to create, test, and support the software. Even a lone programmer working in their own basement needs some revenue to create and make their software available.

Google Search for 'PDF Writer'

If you perform a Google search of “PDF Writer” (see image to the right), the top result is for a “100% Free!” solution.

This is actually an Ad Supported download wrapper for the CutePDF software program, which is also Ad Supported. If you follow the link to download, you’ll end up with at least 5 extra programs on your PC. Do you know what these programs do? Will they slow down your PC, or make it unstable? Will it collect and transmit any personal information about you or your browsing history?

If you don’t know, is it still worth it for the ‘free’ software?

Idealware.org posted a useful article on many of these same issues, along with questions to ask yourself when considering these free or low-cost software options. For example,

If it’s truly ‘free’, how does the company afford to advertise it on Google or Bing? Or pay to host the downloads?
Do the companies who make these downloads available even produce their own software, or are they just bundling other ‘free’ solutions?
Are you downloading directly from the publisher’s web site, or though a 3rd party site? 3rd parties often add downloaders that can add spyware. Hint: It’s safer to download directly from the publisher!
Will it work in future versions of Windows, or with new service packs or updates? Who do you contact if you have a problem or question?
How trustworthy is the publisher?
Do they offer independent reviews [Win2PDF example] on their products?
Do they list company information [Win2PDF example] on their web site?
Are they a member of the Better Business Bureau, and if so, what is their rating [Win2PDF example]?

Here’s a review of www.pdflite.com, one of the other companies that advertises on Google for the search word ‘PDF Writer’. By contrast, here’s the review of www.win2pdf.com. Can you guess which one is ‘free’?

Our company does not make ‘free’ software. We charge for our products, and guarantee our products with a full 60-day return policy. This allows us to say No to 3rd party spyware/adware publishers, and it provides the revenue we need to continue developing, supporting, and enhancing our products for the future. We have a loyal customer base and we’ve been able to operate a successful business since 2000.

So, it’s up to you to decide what’s best for your needs. Just know that there usually isn’t such a thing as ‘free’ software. There’s usually a cost somewhere – just know what that cost is before installing it on your PC.

And always remember, be careful what you download.

Can I prevent the copying of an ebook by saving it as a security-enabled PDF?

I’m writing an ebook and I want to protect the document from being copied. Can I do this by creating a security-enabled PDF?

This is a question we get periodically and the short answer is No. At least not with the standard PDF format.

There are security features that can be enabled in a PDF document, but none of these features will prevent the file from being digitally copied. To restrict a document or ebook’s access in terms of copying, you would need a more advanced form of Digital Rights Management (DRM).

The advantage of using PDF to secure documents is that files can be opened easily with any compatible PDF viewer (like Adobe Reader), which is widely available on most computers. Advanced DRM solutions typically require another piece of hardware or software to open the file. For example, consider the Amazon Kindle ebook format (which is different than PDF). This file format utilizes DRM, but it also requires a Kindle (hardware) or Kindle Reader application (software) to open and view the file. It’s good at controlling the distribution of the file, but it’s not as universally accessible.

So, what security features can you enable in a PDF file?

First, to use any PDF security features you must first set an encryption level — how strong is the protection — when creating the PDF file. The encryption level for PDF files can be set to either 40-bit or 128-bit. The 128-bit encryption is stronger, but it requires Adobe Reader 4.x or higher to view the file. The 40-bit encryption isn’t as strong, but it can be opened with older versions of PDF viewers. If you want the greatest security, 128-bit is best choice and shouldn’t be a problem for most users.

After the encryption level has been set, you can set permissions within the PDF file. Permissions control what can be done within the file. The following options can be disabled in PDF:

modifying the PDF,
printing the PDF, or
copy text or images from the PDF file.

Additionally, you can set 2 levels of passwords — a required Master Password (which can be used to unlock an encrypted PDF file for editing) and an optional User Password (which is needed to open and view a PDF file).

Applying security to a PDF file is a great way to prevent sensitive information from being copied, or viewed by unauthorized users, or being printed. It will not, however, prevent someone from emailing or redistributing the PDF file.

If controlling the distribution of an ebook is most important, you may want to consider an advanced DRM solution. Or, then again, you may not. The music industry struggled with different DRM formatted music files only to abandom them for unencrypted MP3 files, and now the publishing industry is testing the same waters. But some authors are bucking the trend and releasing their books DRM-free — even popular ebooks like Harry Potter.

If it is more important to control the content of an ebook, then a secure PDF file may work best.

Here’s a YouTube video that shows how the security features are enabled using our Win2PDF Pro product.

And, if you’re considering publishing to an established eBook format other than PDF, you might want to check out this list of eBook formats for reference.