UBlock Origin is a great ad blocking extension.
It can be argued that loading and running ads in one’s browser is more or less remote code execution (RCE). If malvertising teaches us anything, it’s that trusting ad networks and ad delivery networks is ill-advised.
Use a different (better) browser and PDF reader
How does this fit into the subject of third party software? Well, it’s because I’m going to recommend you have your users use Mozilla Firefox or Google Chrome as primary web browsers for Internet activity.
Of course, there are always going to be those terrible intranet applications–that your enterprise inevitably standardizes on–which only open in Internet Explorer. Therefore, you can never truly be rid of it. In any case, both Firefox and Chrome have group policy profiles that can be used to manage their configuration settings via GPO, and there are guides available for pushing Adblock extensions automatically as well.
Adobe Reader Versus Foxit
To compare, I pulled down the latest version of Adobe Reader, called Adobe Reader DC and compared it to my daily driver PDF reader: Foxit Reader. Adobe weighs in at 90+ MB, while Foxit is nearly half of that.
Where is all that extra space going? According to other researchers, it’s going into features your everyday user will likely never use. I often like to joke that email is a perfect example of scope creep, but I think Adobe Reader has them beat.
According to research, Adobe Reader can embed audio, video, and 3D drawings (CAD), supports DRM, document tracking/management, and a whole host of other features. Your standard user likely only needs a PDF reader to be able to do two or three things: Open PDF Files (which interestingly enough, both Mozilla Firefox AND Google Chrome can handle natively), allow the user to fill out forms in the PDF (including digital signatures), and print the PDF. There are exceptions to the rule, but by and large any functionality beyond these core features are often moot.
Get rid of unused apps to reduce attack surface
One of the basic tenants of computer security is reducing attack surface as much as you can. So, if you don’t use an application, feature, or service, turn it off or disable it.
In addition to reducing attack surface, there’s another well-known methodology: KISS (Keep It Simple, Stupid). Adobe Reader does none of these things. You can’t disable the extra features Adobe helpfully jams into Reader (regardless of whether or not you want /or/ need them), and of course, this makes Adobe Reader anything but simple.
As code complexity in a project increases, the likelihood of bugs also increase. As you might imagine, bugs could mean vulnerabilities, exploits, and attacks on your users. You now probably have an inkling as to why Adobe Reader seems to be constantly getting hit with updates and security bulletins. These exploits end up in targeted attacks, exploit kits, etc. The thing about them is, for the exploit to be successful, you have to be running the vulnerable application. If you’re using a third party application for similar functionality, you’re reducing your risk of attack, but you are /not/ eliminating it.
Let me be clear on that.
When you use an alternative or third party application, you’re trading one set of vulnerabilities for another. In the case of Sumatra, Foxit, etc. they have a smaller feature set and codebase–they’ll likely have vulnerabilities, but perhaps not as many due to the smaller codebase. They are also less likely to have exploits adversaries are using in the wild, again, due to the smaller user base.
Take the path less traveled to make yourself a harder target
Adversaries make assumptions that enterprises run Windows, Internet Explorer, Adobe Flash/Reader, and utilize the Microsoft Office suite when they craft their exploits and/or payloads. If you change some of these things, or modify their default settings, then you make your enterprise and your users a harder target.
The attackers are looking for the most widely used software, that will have the biggest installation footprint, which allows them to attack the most victims with the least amount of effort. Make yourself a more challenging target and chances are the bad guys will move on to others that are easier to attack.
Check out Ninite to make yourself aware of free and/or alternative applications.