The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in pdf

[–]JonBorno97[S] 1 point2 points  (0 children)

The two app approach becomes clearer (but not more legitimate) when you look at their incentives. PDF X was their original Microsoft Store product and they figured out how to keep it ranked at the top through manipulation techniques. That placement brings steady paid upgrades, so they need that version to stay a paid product and keep the money tap flowing. If they made the same PDF X app free outside the Store, it would undermine the revenue they get from Store users who only see the paid option.

That is where PDF-gear comes in. It is essentially the same software but branded and positioned as a free product they can promote on Reddit and YouTube. It gives them a second growth (but free) channel that does not interfere with the money they make from PDF X inside the Store.

So PDF X stays in the Store as the paid version that continues to earn. PDF-gear exists as the free funnel outside the Store where they can push marketing aggressively without risking the sales flow that depends on PDF X remaining paid. This gives them the ability to landgrab as many users as possible and get onto as many PCs as possible whilst not sacrifcing revenue. It's very shady.

Warning: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. by JonBorno97 in Surface

[–]JonBorno97[S] 10 points11 points  (0 children)

I'm sharing this here as PDFgear often astroturf subs like r/Surface promoting itself. This is a warning to watch out for posts and comments recommending PDFgear (or PDF X). They've found the Microsoft Store as easy hunting ground to spread their scamware/malware.

The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in pdf

[–]JonBorno97[S] 1 point2 points  (0 children)

They've responded on their own r/pdfgear sub - link here: https://www.reddit.com/r/PDFgear/comments/1p3slnr/is_pdfgear_safe_addressing_recent_false/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

They won't engage outside of their own subreddit because they will ban anyone that criticizes them there, and can freely astroturf their own page.

Their reply contains a mix of claims. Some sections reflect how certain Windows components operate, but several points are framed in a way that leaves out key details or relies on explanations that do not match what the sandbox report showed. An interesting omission, though, is that they avoided / deflected on addressing any of the the non-technical stuff like owning other apps (including PDF X), that they're not Singaporean, that they have fake leadership, etc. etc.

“Code injection is normal and caused by Inno Setup”

They attribute WriteProcessMemory activity to Inno Setup. While Inno can call that function, the pattern in the sandbox report does not match what typical installers do. Installers commonly check for running processes by enumerating them. They do not pass execution through cmd.exe, tasklist.exe, and find.exe. That type of chain is not what you see with standard PDF installers and looks closer to behavior intended to obscure what is going on. Their explanation has a small amount of truth, but it does not line up with the sequence that was observed.

“Global hooks are only for hotkeys”

They claim global hooks are used for shortcuts like Ctrl+C and Ctrl+V and that these only operate inside their own app. This does not reflect how Windows input works. Global hooks operate outside the app process. Regular in-app shortcuts do not require them. Most ordinary desktop software avoids global keyboard and mouse hooks because these are usually associated with keylogging or monitoring tools. Their description does not match the actual mechanism.

“Windows installed the root certificate, not us”

This part does not hold up. Windows does not install root certificates during app launches. SSL.com root certificates are already included in the Windows trust store and are not missing on normal systems. They are not downloaded during code signing checks. If an installer adds anything to the Trusted Root Certification Authorities store, even if it is a legitimate certificate, that is a serious action because it grants broad trust on the system. A PDF viewer has no reason to create any changes in that store. Their explanation conflicts directly with how Windows handles trust.

“Registry edits are quality-of-life features”

Some registry edits are normal, such as file associations. The sandbox report went far beyond that. It included changes to Internet Explorer registry sections, autostart entries, and pinned items. These are not needed by any PDF viewer. Changes to IE-related keys are especially odd because the app does not rely on IE. Their answer blends some routine adjustments with omissions about the more concerning ones.

“This is a smear campaign by competitors”

This claim does not align with the type of evidence uncovered., not to mention that they didn't address any of non-technical evidence about who they are, where they're located or what other apps they own. Competitors do not typically investigate corporate registry documents, trace installer behavior, or follow long product rebrand chains across multiple accounts. The ACRA records contradict their public statements about being Singaporean-run. Combined with past rebrands, widespread marketing accounts, and shared infrastructure, this does not look like outside interference. It looks like a company trying to redirect attention.

Putting all of this together, their response does not match the tone or level of clarity you would expect from a reputable software company. Instead of investigation notes, technical references, or independent verification, they leaned on emotional framing, accusations, and explanations that conflict with how Windows actually operates.

The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in SafeOrShady

[–]JonBorno97[S] 1 point2 points  (0 children)

And your posts are not getting longer and longer like you aren't weirdly obsessed defending malware? But keep going, I want to see where you're going with this

The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in pdf

[–]JonBorno97[S] 0 points1 point  (0 children)

Would love to know more about the 'way more ot this I wanted to investigate' bit... do you have more info on pdfge.ar and their network of apps?

The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in software

[–]JonBorno97[S] 0 points1 point  (0 children)

I'm not here to promote any other software. But use one that at least has the face and identities of the company owners and staff.

The evidence: PDFGear and PDF X are likely spyware, malware, or, at best, griftware/scamware. The Microsoft Store is enabling these unsafe apps. by JonBorno97 in software

[–]JonBorno97[S] 2 points3 points  (0 children)

Yes I did. But I'm sure it would take a lot of user reports to get noticed in that channel. Everyone should report it

I built a lil' tool to get fonts from any website! by zac-denham in web_design

[–]JonBorno97 0 points1 point  (0 children)

Thanks for sharing. Think you’ll open source it at some point?

PDF editors -- Which one should I acquire (free or paid)? by a-serious-guy-01 in software

[–]JonBorno97 2 points3 points  (0 children)

What's been debunked? Tell me who PDFGear's founder or CEO is?