Slashdot Mirror
Adobe Putting PDF Reader In a Sandbox
Captain Eloquence writes "The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks. The initial sandbox implementation will isolate all 'write' calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Adobe security chief Brad Arkin believes this will mitigate the risk of exploits seeking to install malware on the user's computer or otherwise change the computer's file system or registry. In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information from the user's computer."
What do we use PDFs for which involves writes?
Malware installation.
Probably editing and note taking. I draw on PDFs all the time, and I'm glad I'm able to save the edits.
Many people need it. There are plugins and workflows that use Acrobat in many different businesses, and most small/medium businesses couldn't afford to have alternatives written for them, and have to stick to the commercial offerings. For me specifically, I send clients PDF proofs of printing orders, and any reader other than Acrobat can't be relied upon to be accurate enough for proofing purposes: they usually mess up transparencies, fonts, and other critical information.
Sounds suspiciously Apple-like. iPhone apps do this very thing.
No shit Sherlock: sandboxing, emulation, memory and hardware virtualization, CPU ring modes are all Apple inventions from 1970s and Windows 7 you're browsing from right now has its code base from Apple Lisa of that era.
It seems that Microsoft already went through this 15 years ago with Word macros. It's kind of scary that these companies that are producing software for looking at / creating documents would enable this sort of functionality in their file formats. I realize that there are a handful of applications where it's beneficial to have a document be able to write to the filesystem, but for 99.99% of documents, what business do they have reading or writing anything?
It would be like if you bought a book, sat it down on your desk, and when you pick it up later, you find that the book was doodling on your desk the whole time.
Sure there are free pdf readers that work on Linux and 64 bit, but I find that none of them are as flexible with regards to printing options as Acrobat is.
And the last time I installed multi-libraries on my system supporting both 32 and 64 bit, primarily just so I could use Acrobat, I started having some stability issues that I would just as soon not repeat.
File under 'M' for 'Manic ranting'
"I don't use Adobe Reader, so why would anyone else need to? Why can't everyone just change to something else?"
Sorry, but the vast majority of users have Adobe Reader installed to view PDF files, and they will not know why or how they should change to something else. Add to that the fact that the security of shitty-but-popular popular affects us all by proxy, and these things really do matter.
It's like saying, "Well, I don't care about malicious JavaScript and ActiveX in Internet Explorer, because I use Firefox on Linux. Who needs that other crap?" Most other people are just going to use default garbage, and the entire Internet is impacted by this.
Still, there are always Slashdot posts in the vein, "I don't use software X, I use software Y, so it doesn't matter." It's a naive and self-centered view of the world that unrealistically assumes that because a particular geeky reader found a way around a problem, that it has ceased to become a problem, or that the entire world should then follow this in emulation. Wake up, the world is bigger than the basement you inhabit.
Systemd: the PulseAudio of init systems
No, don't worry. Because of how bloated Acrobat Reader already is, Adobe was able to fit a re-skinned copy of virtualbox, containing a minimal linux image running Evince, in a package smaller than the prior download.
This is how they managed to get a "sandboxed" PDF reader out in less than the usual absolutely glacial Adobe development timeframe...
YEAH! And Microsoft WORD should only let you use WORDS...not crappy images and all that.
Don't take life so seriously. No one makes it out alive.