Printer recommendation please

Jerry jerry at
Tue Apr 3 12:40:09 UTC 2012

On Tue, 03 Apr 2012 11:22:24 -0700
perryh at articulated:

> Jerry <jerry at> wrote:
> > Obviously you are not aware of the latest trend towards the
> > movement to standardize PDF as the standard print format. I would
> > recommend you start by reading the documentation located at:
> > <>
> > and continue on from there.
> That page seems to be concerned with using PDF, rather than PS, as
> a common intermediate print language in CUPS.  I see nothing there
> relevant to sending PDF directly to a printer.

PDF is slowly, but surely, becoming the default printing format on
several operating systems. A relatively quick check will reveal that
more and more manufacturers are now starting to natively support this
print format.

> > While there might be some rational for your security concerns on
> > a business network in regards to wireless networks, they are not
> > really relevant on a home networks. The simple ease of use that a
> > wireless network gives a user on a home network far outweigh any
> > pseudo claims of espionage.
> Following that line of reasoning to its logical conclusion would
> lead one to believe that home networks have no need of any malware
> protection, e.g. anti-virus.  Any ISP which has had to deal with
> incidents precipitated by customers' infected machines -- including
> but likely not limited to DDoS and spambots -- would likely disagree.

Your line of reasoning has somehow gotten totally sidetracked. At no
point did I state that NO security measures were ever need. Obviously,
everyone needs to establish a certain security baseline for his/her
system. Whether or not that system is wireless or hard wired makes
absolutely no difference. In fact, I might make a case that it is
easier to navigate a hard wired system as opposed to a wireless one
since most hard wired systems do not require passwords or certificates
to access various components of said system. You stated further on that
you have no password or certificate protection on your system. One
grenade and you all die.

> > Furthermore, there are means of encrypting print data ...
> Utterly irrelevant to the topic under discussion, which is
> the additional malware exposure that a PDF-accepting printer
> has relative to a printer that accepts only PCL and/or PS.

"All the more reason to avoid wireless.  (I had been thinking more
along the lines of someone intercepting sensitive print files, e.g.
tax returns, as they were being sent to the printer.)"

I again restate my original statement that there exists means of
encrypting data sent to a printer. Whether or not you choose to employ
them is your business. Requiring security certificates to access the
printer offers even greater protection.

> I maintain that an attacker can more easily trick a less-than-
> paranoid user into sending a malware "print file" to a PDF-accepting
> printer than to a non-PDF-accepting printer, simply because PDF
> is such a commonly used distribution format.  If someone prints a
> malware "PDF" file that they have downloaded, and the process of
> printing it does not require that it be transformed in any way (such
> as conversion to PS) before being sent to the printer, their only
> protection from disaster is whatever validation may be built into
> the printer itself.  (Keep in mind that what started the malware
> discussion was Poly's link to a report stating that some printers
> do not sufficiently validate an "update firmware" job.)

And some do. It is a constantly moving target. You make a better mouse
trap, they make a better mouse. It is the degree of paranoia that you
are willing to live with. If the user spends his/her time visiting
porno sites, then they can reasonably expect to be infected with a
malignant file. It is virtually impossible to protect someone from
their own bad habits. Please, don't waste your time with the, "I caught
it from a toilet seat" explanation. While you could get infected
spending a day in the Smithsonian Institution, your odds greatly
increase if you spend it in a whore house.

> Granted the identical exposure exists for a PS printer if the
> downloaded malware file is identified as a PS file, however the
> risk is much less in practice because distribution of PS files
> is sufficiently uncommon that most unsophisticated users would
> have no idea what to do with one if they were to come across it.

By your own words, the problem exists. The question here is the degree
of exposure.

> > By the way, since you seem so concerned over your printers security,
> > I assume that you all ready have it at least password protected.
> No need.  I have no wireless at all -- everything is hardwired --
> and I trust my firewall.  There's no way for anyone to either sniff
> or inject anything from outside (i.e. without physical access to
> the network on the secure side of the firewall).

"Don't worry Captain Smith, this ship can't sink."

On a serous note, I have spent the last 12 hours, more or less,
checking with my friends and business associates. Not a single one has
ever had or knows of a single incident of anyone actually ever being
infected or having suffered any negative reaction to having printed a
PDF file. Most, but not all of these friends / associates are Microsoft
users; however, that should not invalidate the statistics. In fact, the
FOSS society claims MS is more vulnerable to infections/hijacking
then they are. Therefore, if Microsoft is not being vigorously attacked
by this phantom menace, perhaps, just perhaps, it is being blown way
out of proportion.

The original PDF code was written years ago. Since about 2006 hackers
have started finding vulnerabilities in it. There was one that attacked
scanned documents in MS Office. That problems was fixed over two years
ago. Virtually all PDF attacks now target Web Browsers. A case can be
made that viewing PDF files in a Web Browser is far more likely to
infect a machine than printing such document ever could.

Whether or not you choose to print a PDF file, embrace wireless
technology, etcetera means a rat's ass to me. However, spreading FUD is
another matter.

Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.

More information about the freebsd-questions mailing list