Although Microsoft intended to add support for saving documents in the PDF file format to Office 2007, it was forced to backtrack when Adobe balked. Instead, Microsoft built a "Save as PDF" add-on that it made available free of charge. After Adobe submitted the PDF/A specification to the ISO (International Organization for Standardization) in 2008, Microsoft added "Save As PDF" support to its suite with the release of Office 2007 Service Pack 2 (SP2) a year ago. The same feature is available in Office 2010.
Office cannot open PDF documents without third-party software or add-ons, however. Windows 7 's and Windows Vista's preview feature also won't display PDFs. Instead, Microsoft has promoted, with little success, a substitute for PDF dubbed XPS (XML Paper Specification); an XPS viewer is bundled with Windows 7, for example.
"The PDF specification has been completely royalty-free since 2006," said Sullivan, noting that Microsoft would not have to pay Adobe if it did craft a viewer of its own. "There's no reason why it can't create a native PDF viewer. It could even let users toggle it on and off, if it [were] worried about antitrust [issues]."
Several times, Sullivan compared his vision of a Windows PDF viewer to Preview, the application that Apple includes with Mac OS X. But Preview is not bug free: In March, researcher Charlie Miller said he'd found more than 60 PDF files on the Web that could be used to crash and likely exploit Preview .
Even so, Sullivan argued that Microsoft, or failing that, Adobe itself, should develop a stripped-down PDF viewer that omitted the functionality and features hackers have exploited. "I wish Adobe would create two different versions of Reader, one maybe 'Reader Lite' that's really just a viewer," he said.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His email address is email@example.com .
Read more about security in Computerworld's Security Knowledge Center.