Adobe Reader's security woes a boon for up-and-coming rival Foxit

Speed, security have lifted Foxit Reader's user base to 70 million as Adobe Reader has been plagued with numerous nasty bugs

Foxit Reader, a free PDF-reading knockoff of Adobe Systems' free Adobe Reader, has won what its maker estimates is 70 million users worldwide because of its speed and light weight.

The latest version of Foxit Reader 3.0 for Windows is a svelte 3MB download, compared with Adobe Reader 9.1 for Windows, which tips the scales at 25MB.

[ Related: "Adobe confirms Flash zero-day bug in PDF docs." | See also: "Adobe to patch Flash vulnerabilities for three platforms" and "Adobe flaw has been used in attacks since early January" | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

And Foxit now has something else going for it: better security.

For the past year and a half, Adobe Reader has been plagued with numerous nasty bugs, including zero-day vulnerabilities that, if unleashed by an unwitting enterprise employee, could have devastating consequences.

Facing criticism, Adobe is aiming to release security patches more quickly.

But it's not fast enough for many companies, says one anonymous security researcher at the Black Hat conference, who told CNET this week: "As a result of the number of zero-day attacks on PDFs this year, large banks hate Adobe."

First released in 2004, Foxit Reader's downloads have been growing about 10 percent each month this year, to almost 4 million a month, says Erik Bryant, director of sales for Foxit Software.

"We're not only getting more downloads, but also more inquiries from large corporations who want to replace Adobe Reader for as many as hundreds of thousands of employees," Bryant told Computerworld on Thursday.

For one, Foxit is talking to an unnamed American bank about replacing Adobe Reader for all 300,000 of its workers, as well all related Adobe tools, such as Adobe Acrobat, Bryant said.

Tools such as Acrobat are key. While Foxit offers enterprise-supported versions of the Foxit Reader at a low per-seat price, it makes most of its money from tools such as its PDF software development kit, which is sold to software developers, and enterprise tools such as the PDF Creator, which can replace the more expensive Adobe Acrobat.

Sales at Foxit are on track to double over last year, said Bryant, who would only say the 150-employee company's annual revenues are in the range of between $5 million and 20 million.

Though often recommended by security researchers as a good alternative to Adobe Reader, Foxit Reader isn't invulnerable. Foxit's site freely lists the security bulletins on its product, but they are far fewer than those for Adobe Reader.

"We develop our code from scratch, so 99 percent of the time we don't share the same vulnerabilities as Adobe Reader," Bryant said.

Also, Foxit, by necessity lacks some of Adobe Reader's features, such as the ability to display 3-D images in CAD-created PDFs, said Bryant. But he said that most of the missing features were for niche users.

The company is very close to releasing two enterprise products. One is called Foxit Phantom, an all-in-one suite that includes a PDF creator, editor and more. That is meant to compete with Adobe's various Acrobat suites.

The second is the Foxit Security Suite, which helps companies implement Digital Rights Management (DRM) on PDFs using permissions managed by Microsoft Corp.'s Active Directory technology. This, said Bryant, will also be cheaper than Adobe's current server software.

Despite having nipped at Adobe's heels for the past half-decade, Bryant maintains that the firms have a good relationship.

"We've never been contacted by them. They've never said they were pissed, or tried to buy us out," he said. "They probably appreciate that we help make PDF more popular."

This story, "Adobe Reader's security woes a boon for up-and-coming rival Foxit" was originally published by Computerworld.

Copyright © 2009 IDG Communications, Inc.

How to choose a low-code development platform