Adobe Reader X With Sandbox Due In November

Trailrunner7 writes "Adobe will finally release the new version of its Reader software — which will include the much-anticipated Protected Mode security feature — next month. Adobe Reader X will include a number of other new features in addition to the sandbox feature. Adobe officials have been discussing Protected Mode for several months now and said early on that it would be included in the next version of Reader, but had never set a time line for the release of Reader X. Now, the company says the new version will be available in November, although no specific date was announced."

At Last!

[WrongSizeGlass]

At last ... the malware writers will have a new challenge, and just in time for those long holiday weekends. I'm betting they find a way around Adobe's "sandbox" before the end of the year. Adobe used to make very good software - now they make very exploitable software.

Re:At Last!

[ByOhTek]

The big question is... Which will be released first?

The new version, or the exploits for the new version.

Re:At Last!

[MoonBuggy]

Adobe used to make very good software - now they make very exploitable software.

They still can make good software, which they proceed to sell for very large quantities of cash. What I don't really understand is why they ever updated PDF beyond being a simple document format - it introduced all of these vulnerabilities, and gave them a lot more work to do on their free reader software, for little real value. What was wrong with just keeping it as a simple extension of postscript?

Re:At Last!

[arth1]

It's called "feeping creaturitis". You have to come out with new versions in order to sell, and new versions need something new. It's easy for things that absolutely don't belong to creep in, when you've run out of good ideas.

Remember Lett's Law: "All programs evolve until they can send email."
(And my corollary: "Except Exchange")

Re:At Last!

[JonySuede]

postscript is already turing complete...

Re:At Last!

[neumayr]

Acrobat isn't replaced by "Print to PDF". Not by a long shot.
If all this extra functionality is actually needed, I do not know. But making PDF popular is part of what lets them sell their ADEPT DRM solution, and I'm sure that's making them a pretty penny.

Re:At Last!

[Skuld-Chan]

Having worked on Adobe Acrobat (and Reader) for the last 8 or so years (my name is in a good chunk of all the release credits since version 5 or 6) the feature to add form support was added in version 3 (which came out in the mid 90's) as an addon.

It was added for the same reason a lot of features were added - to extend the product compete in a specific marketplace - specifically places where forms are displayed. Same reason a lot of features in a lot of products are added - to make more money in another market.

Where I work now they use a development kit from Datatel called Colleague - most of what it does is display forms from a pick database and read or save these fields (it has scheduling, accounting/ap/ar etc as well built in). You could in fact use Acrobat to display these same forms. And if your migrating from a paper based workflow - you can in fact scan all these forms in, add a bunch of fields with whatever logic JS provides (and in turn hook that into whatever logic livecycle server provides) and you have an electronic version of the paper form you used to file away.

That was in fact (as I recall it was a while back) the marketing pitch.

It does work too - there's even support for SAP. At one point the IRS had grand visions of filing all your taxes electronically with it (but since we can't have nice things in this country that got canned) - so it does have a lot of potential. Since something like 90% of all PC's have some version of Reader - it's an excellent target platform if you want to display paper like forms on the net.

But like ANYTHING that has any kind of outside connectivity it's vulnerable to attack. People on here always herald other technologies as they would save us from whatever we use now, but its just a matter of what is and isn't the target. Acrobat 4 and 5 had massive vulnerabilities, but no-one ever complained about rogue pdf files because it wasn't a target. I remember the first big vulnerability on Acrobat 7 - it wasn't sanitizing inputs (it does now!) and allowed a PDF to execute commands on the PC (very similar to the bobby tables comic). After that exploit - the blood was in the water and everyone and their sister wanted to poke away at the code to find new ones (and being a very old product it has plenty of them...).

Re:At Last!

[pclminion]

PDF is not an extension of PostScript. There is a superficial similarity between the PDF content stream format and PostScript, and although this was done deliberately to make printing PDFs to PostScript devices simpler, it is not a real derivative of PostScript. For instance, there is no operand stack, and there are no control flow or looping constructions.

A PDF file is essentially an object-oriented database. Some of the contents of this database are graphics operator streams which are syntactically similar to PostScript. That is where the similarity begins and where it ends.

Re:At Last!

So why is it that Acrobat reader is 200mb and takes forever to install, and installs several other adobe products with it and then requires admin rights to install updates so it always gets outdated and becomes vulnerable?... it's because it has become bloatware. Just like Quickbooks, it just keeps getting slower and slower and slower, and contains more features that 90% of users wont ever use.

SumatraPDF is like 1.5MB and installs in less than 5 seconds and opens instantly

Perhaps there should be a Lite version of Adobe Acrobat for people who just want to view PDF files... we could call it "Adobe Acrobat Reader"

Re:At Last!

[ByOhTek]

Do you define the species of an egg by what produced it, or what came out of it?

If the former, the chicken. If the latter, the egg.

Re:At Last!

[RDW]

The really irritating thing is that if you do need the full Acrobat package you have to buy an upgrade as soon as your version is EOL'd, even if you're perfectly happy with its features, because there'll be no more security updates to fix whatever gaping vulnerability has been discovered that week. Since they release a new version about every two years, and only support it for 5 years from first release, if you buy a version towards the end of its release period you could have as little as 3 years before the damn thing is too dangerous to have on your system.

Re:At Last!

[pclminion]

It's "based on PostScript" in the same sense that Windows 7 is "based on DOS." The relationship is minor, incidental, and as a matter of fact, not even guaranteed going forward. PDF has a concept of a "ProcSet," a set of macros which are exported to a PostScript device prior to sending a page content stream. These ProcSets used to be mandatory. They are no longer required and are now considered deprecated. What it means is that natural PDF content streams are no longer directly usable by PostScript printers. This divergence will most likely continue.

If you like, I can also present an experiential argument. I have spent a lot of time implementing code which manipulates PostScript, PDF, and several other page description languages. I can say from experience that the supposed similarity between PostScript and PDF is of absolutely no help in implementing either of them. They are completely different things.

It's like saying that Java and C++ are based on each other because their syntax looks similar. It just isn't the case.

Re:At Last!

[Skuld-Chan]

Reader 9 is 90 megs, not 200... The actual viewer itself is about 20 megabytes - the rest are plugins which you don't need to view pdf files.

You could roll your own Adobe Reader lite - all the plugins are windows installer components - you could actually build your own reader lite and roll it out to your own organization - patches will still work like normal.

On my Dell Optiplex 980 - cold start of reader 9 is instantaneous so not sure what to say there. They really do measure start performance of the app in testing. Reader/Acrobat 9 only load the modules they need on the fly - with version 8 and before yes I'd agree it was a startup mess.

Why is it so big? Sumatra PDF just views PDF files - it doesn't support annotations, it doesn't support secure PDF files (windows/mac crypto intergration) it doesn't support 3d annotations, it doesn't support forms (no 3rd party viewer supports XFA forms yet), it doesn't have any connectivity options etc etc etc - I could literally go on for pages.

Yes all these things were at one point customer requirements - some were rather big customers.

I know people want a smaller viewer - you can roll your own easily, but as to why Adobe doesn't do it? No clue - haven't worked there in many years but I suspect it comes down to the amount of testing time. The test matrix for Reader is already 25 languages on well over 60 different platforms (3-4 different versions of linux, every distribution of Windows 32/64 - including server OS's back to Windows 2000, and every version of OSX - including PPC - for 9 since its a hybrid app).

Hmm

Maybe they can make it a more reasonable size? Who needs a 60MB file reader?

This is good but....

[mark-t]

... I'm still waiting on acrobat reader for x86_64 Linux. While there are other PDF readers for Linux, none of them that I've found work properly with documents that use layering features apparently only found in Acrobat.

Gasp!

[Quiet_Desperation]

And little does anyone suspect that Reader X is actually Speed Reader's long lost brother!

Great!

[Local+ID10T]

New Adobe Acrobat Reader X!

Slower and more bloated than ever before!

New holes to exploit*!

(*old holes still included)
...yeah, I'll stick with Foxit Reader.

Re:Great!

[hcpxvi]

Oh so nearly Haiku! Let's try again:

Adobe Reader X
Slow, more bloated than before
New holes to exploit


Darn. You have to pronounce "Adobe" as "A-dob".

A better protected mode

[Dystopian+Rebel]

OS X - built-in Preview app
Linux - Evince, several others
M-Windows - Foxit, Sumatra

The alternatives are so much better than Adobe Acrobat Reader that I think we can now say that the alternatives are the market and Acrobat Reader is the poor alternative.

Re:A better protected mode

[blindbat]

Unless you work in the printing field. If so, all of the programs you list fail miserably at rendering the files. On both Mac and Windows.

Re:when your os...

[afidel]

Windows hasn't done that since 2000 if you know what you are doing.... Even less so for Vista/2008 and up.