Adobe Launches Sandboxed Reader X

CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."

Fortunately, the slow download of Adobe Reader

[thewils]

Gives you ample time to uninstall the McAfee Security Scan Plus that gets installed without your permission.

Re:The OS should provide the option to sandbox too

[mevets]

Windows New Technology => WNT

(V+1)(M+1)(S+1) == WNT

Cutler didn't even pretend it was new.

NeXT figured it out ~18 years ago

[SteeldrivingJon]

Back in the day, it was realized that Display Postscript could be exploited. This was demonstrated in an amusing way with encapsulated postscript files which, when NeXTSTEP's Mail program tried to render them in-line in a message, executed code that would cause your screen to "melt", or would grab all the windows on your screen and spin them around until you clicked the mouse.

Unfortunately, Postscript could also operate on files...

So NeXT added a default "secure DPS context" in which Postscript would execute with the problematic instructions disabled.