Articles
Blogs
Kits
Forums
Adobe Reader holds the dubious title of Number One Target For Malware these days. Luckily, Adobe has been hard at work improving Reader to protect its users. PCMag reports that a new feature has been added to the next major version of Reader, presumably version 10, that will introduce a sandbox architecture called Protected Mode. Reader will operate within Protected Mode and will also use it to open plug-ins and downloads, Protected Mode will be enabled by default. Protected Mode provides a restricted area where malware can do far less damage compared to if it had full run of Reader. To see Adobe’s blog about the new feature go here.
PCMag explains how protected mode works:
Code in this sandbox has very limited rights; it cannot, for example, write to the file system or the registry. To perform these tasks it must work through a broker process (see illustration [in PCMag article]) which checks policies before engaging in any activities which could be dangerous.
If an attacker finds a new vulnerability in Reader and exploits it, that exploit code will run in the context of Reader and therefore in the sandbox. In order to get anything of consequence done it will have to find an exploit in the broker process. The broker process is relatively small and simple and heavily scrutinized. Nothing’s perfect, but this should be a formidable barrier to exploit code.
Sandbox modes like this are also used in Google Chrome and Office 2010, Microsoft and Google in fact helped Adobe develop Protected Mode since there isn’t much widespread expertise in this kind of programming.
Protected Mode will not be implemented in Acrobat, at least not initially. Adobe will take a different approach where files will be sent to either Acrobat or Reader depending on a number of factors, including origin. Files from trusted locations will be opened in Acrobat. Office 2010 takes a similar approach, opening files originating from the Internet or other untrusted sources in its own sandbox mode.
Protected Mode is focused on Windows because the Windows version of Reader sees the most attacks and it works better under Vista and 7 due to the better built-in security measures. It can work under XP as well but perhaps not as effectively. Sandboxes such as this have proven to be a solid addition to security, however, benefits from Protected Mode can only be gained if Reader is upgraded when the new version is released. Adobe created an auto-updater a while back to help make the update process easier. When the new version of Reader is ready it will also be immediately available at the get adobe reader site.
I believe Foxit Reader already has this on 4.0 But a useful headsup on those PCs I encounter with Adobe.
I use Foxit Reader. It works just fine for me ;-)
The same goes for FireFox, Thunderbird and OpenOffice, while we are on the subject. Free and Open Source Software rocks!
Yeah, part of our tuneup service is replacing acrobat reader with foxit. My clients are always surprised at how fast pdfs open afterwards.
You have to wonder what was going on at Adobe if it took till version 10 to finally fix this major problem.