Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Launches Sandboxed Reader X

Posted by Soulskill on from the barn-doors-and-horses dept.

CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."

42 of 201 comments (clear)

  1. Not sure I like this idea by Anonymous Coward · · Score: 2, Funny

    This is a terrible idea. The neighborhood cats are constantly shitting in my sandbox.

    1. Re:Not sure I like this idea by mcgrew · · Score: 5, Funny

      The sandbox is to prevent the cats from shitting in your laundry basket.

      --
      Free Martian Whores!
  2. Does this one work with Chrome? by BadAnalogyGuy · · Score: 2, Interesting

    Acrobat Reader does this stupid thing where it opens the Reader application to show me an error message then shuts that down and opens the document in the browser. During this, any other Acrobat Reader instances opened will be automatically closed and it's a 50/50 shot whether the current document actually shows up properly in the browser.

    1. Re:Does this one work with Chrome? by revlayle · · Score: 2, Interesting

      Might be moot, ver 8 (which is in beta) series of Chrome has a built-in PDF reader - not sure how complete or how secure it is however. That being said, Adobe Reader runs in ver 7 (current stable version) series just fine.

  3. The OS should provide the option to sandbox too by the_humeister · · Score: 5, Insightful

    Any program I run should be have the option of being sandboxed by the the OS if I so choose.

    1. Re:The OS should provide the option to sandbox too by humphrm · · Score: 2, Informative

      There are security / firewall products out there for Windows that do just that, sandbox applications. I won't shill any, but there are free (as in beer) products too.

      I only mention Windows because it's trivially easy to sandbox apps in just about any other OS.

      --
      -- "In order to have power, I must be taken seriously." -Mojo Jojo
    2. Re:The OS should provide the option to sandbox too by hairyfeet · · Score: 2, Insightful

      I ahhhh hate to break the news to ya McGrew, but actually repairing Windows PCs for a living I can tell you the vast majority of Windows infections post XP SP2 is PEBKAC related. I have sat there dumbfounded after telling a user that a password protected zip file was an infection and watched them happily do EXACTLY what the email told them to and infect their machine, I have dealt with grown men that would run ANY .exe if it had the word "porn" in the title, and watched grown women click on ANY link sent to them via FB.

      I can tell you without a shadow of a doubt that if you replaced all the Windows machines with Linux tomorrow by next week those users inboxes would be full of "free_porn_codec.sh" or "Happy_puppy_screensaver.sh" with instructions that they WOULD follow to run them. So unless you are willing to talk ALL rights away from home users and give them a Steve Jobs style walled garden OS design wouldn't do squat.

      As for TFA, how does this compare to the Foxit "protected mode" where it shuts down all the executable code and just gives you the PDF? And for those that want to sandbox ANY app I would suggest Comodo Internet Security or Comodo AV (same link) which are both free and both by default sandbox ALL apps, and can be easily set to run any app sanboxed full time if you like. It does help with the PEBKAC users if for no other reason than they can't figure out how to turn the sandbox off.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    3. Re:The OS should provide the option to sandbox too by mevets · · Score: 3, Interesting

      Windows New Technology => WNT

      (V+1)(M+1)(S+1) == WNT

      Cutler didn't even pretend it was new.

    4. Re:The OS should provide the option to sandbox too by Rockoon · · Score: 2, Insightful

      Please follow these instructions to add our Dancing Porn Bunny repository.

      Open System -> Administrator -> Software Sources

      Press ADD to add a new repository.

      Enter this APT line for our repository:

      deb http://ftp.dancingporn.ru etch main

      Press Add Source and then click Close.

      Now press Reload

      Now go and check out our dancing porn bunnies!!!! Tell your friends!!

      ..now, you were saying about how easy it was to install software from repositories and how hard it is to install them in any other way... do you now understand that that doesnt mean shit? If you make anything easy, its also easy to exploit.

      --
      "His name was James Damore."
    5. Re:The OS should provide the option to sandbox too by LordLimecat · · Score: 2, Informative

      I ahhhh hate to break the news to ya McGrew, but actually repairing Windows PCs for a living I can tell you the vast majority of Windows infections post XP SP2 is PEBKAC related.

      Hate to break it to YOU, but also doing IT work for a living-- dealing with top to bottom (helpdesk up to routers / firewalls), I can tell you thats a techie cop-out. The VAST (and I mean VAST) majority of infections come from out of date browsers and plugins with gaping vulnerabilities. I ask each and every infected customer to relate what they were doing prior to infection, and verify their claims with browser history and temp file. I see 2, maybe 3 per year that were honest-to-goodness "downloaded and ran cheeseburger.exe" exploits; all the rest went thru Acrobat or Flash or Java (1.5 FTW) or Quicktime or thru an out of date browser.

      Switch your common offenders to Google Chrome, turn off all non-native plugins, enable the Chrome PDF and Flash native plugins, and THEN see how many infections you get (as chrome forcefully auto-updates all 3). I think you will be suprised.

  4. Adobe Reader, now even slower! by RingDev · · Score: 2, Informative

    I mean really, Adobe Reader has become one of the worst PDF readers available. It's slow. It hangs the browser. It's constantly getting attacked. And it's a total pain to keep it updated.

    Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
    1. Re:Adobe Reader, now even slower! by Spad · · Score: 4, Informative

      and so far hasn't been subject to any major attacks/flaws.

      Sadly not true; it was vulnerable to the /launch "vulnerability/feature" as well as a couple of others. Even Sumatra has had one.

    2. Re:Adobe Reader, now even slower! by Menacer · · Score: 4, Insightful

      Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.

      You're incorrect that Foxit reader has not been subject to attacks or flaws. This article from last year, for instance, describes in-the-wild attacks of Foxit. A Google search for "foxit reader buffer overflow" brings up a number of known (though patched by now) exploits.

      Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure. That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms. They may be more secure when compared to Windows, but there's nothing in their underlying architecture that prevents them from being exploited with enough effort.

    3. Re:Adobe Reader, now even slower! by EvilMonkeySlayer · · Score: 3, Informative

      Foxit is fine for home assuming you remember to correctly untick all the adware options. But in a work environment (I work at a printers) on average i'd say Foxit incorrectly renders PDFs about 5% of the time, leading to support calls whereas Adobe Readers incorrect rendering is pretty non-existent. (I actually tried switching work over to Foxit a while ago, nothing but support hassle from incorrectly rendered PDFs)

      I'm not defending Adobe here because I think their reader is a bloated pos, but if you're going to recommend a third party PDF viewer then Sumatra is the best, it's light weight, loads damn near instantly and doesn't include a JS engine side stepping a lot of security issues.

      Also, on the major attacks/flaws thing. Actually Foxit has had some seriously bad security issues, you need only google for "foxit reader security holes" or look on explot-db to see them.

    4. Re:Adobe Reader, now even slower! by hairyfeet · · Score: 3, Informative

      There is actually an EASY way to get around this, as well as for apps like CCleaner that try to add crap. Just go to Ninite and check what you want installed. They have over 90 of the most common apps and you can even suggest more to add at the bottom of the page. They have made it a total unattended install with NO TOOLBARS on ANY app they have there, be it Foxit, CCleaner, Java, etc. It also makes setting up a new PC with all the basics as simple as "check box, run installer, done" so enjoy!

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:Adobe Reader, now even slower! by yuhong · · Score: 2, Informative

      Or use it because it is patched faster.

  5. Re:Great Idea: Will it work? by Pieroxy · · Score: 4, Insightful

    This is pathetic. This program is a "Reader", just that! How hard can it be to fix all of those buffer overflows? Is the source code so horrendously broken that only a sandbox can fix it? What's next? Sandboxing vi ? ls? /dev/null?

    --
    Write boring code, not shiny code!
  6. er, wat? by Entropius · · Score: 3, Informative

    Evince works just fine here!

  7. Re:Air taggs along. by ShakingSpirit · · Score: 5, Informative

    Though it's not linked anywhere, cut-down installs of Adobe Reader can always be obtained from http://get.adobe.com/uk/reader/enterprise/

  8. Re:Great Idea: Will it work? by humphrm · · Score: 5, Insightful

    Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.

    Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  9. FTP Links by Anonymous Coward · · Score: 4, Informative

    ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/

    A few language options available, and EXE or MSI format.

  10. soon by w00tz · · Score: 3, Funny

    soon to come: Virtualized Adobe Reader which runs in it's own kernel space, with GUI, multiuser and multitasking support!

    1. Re:soon by SLot · · Score: 4, Funny

      Adobe emacs?

  11. Alternatives by EvilMonkeySlayer · · Score: 2, Interesting

    Whilst an improvement I'll take a good bet it's still a memory and processor hog. I'd advise people to use Foxit but honestly these days it isn't much better and includes adware.

    I personally use Sumatra at home, at work (I work at a print company so we receive lots of PDFs) we use Adobe Reader but I've made sure to disable JS by default in it. It's amazing just how many attacks disabling JS stops. The really impressive thing is that of the massive amount of PDFs work receives we very rarely have one that requires JS. The unfortunate reality of PDFs though is that Adobes Reader is the best renderer, whilst say with Sumatra or Foxit may get 5% rendered incorrectly that's a lot of needless support calls and hassle.

  12. Plugins.... by IronWilliamCash · · Score: 2, Interesting

    Wow way to screw over plugin users. Instead of fixing the bugs in their software they just block out a whole lot of stuff.... I work for a software company that uses a plugin to connect to the reader and have real time bookmark following between the reader and our software. With this new "enhancement" our link to the reader is completely broken. We either have to tell our clients to disable the protected mode and go back to the same broken reader or our clients can stop using our features... Thank's Adobe

  13. Re:Great Idea: Will it work? by CarpetShark · · Score: 2, Funny

    I downloaded and installed Reader X yesterday, but I haven't had a virus in a long time

    Well, you do now ;)

  14. THe trouble with sandboxes... by goombah99 · · Score: 2, Interesting

    Any program I run should be have the option of being sandboxed by the the OS if I so choose.

    I totally agree. The OS should provide hooks to applications to spawn sandboxes. I know that Apple already has this in OSX since I use it in Xgrid to sandbox jobs. They have not documented the configuration yet but it's easy enough to guess. It works well. It would be cool if they could take it a step further to the thread level so you could share memory but imprison the resources a thread can use.

    I have found the tricky part of this is that many things you think you can turn off are not so easy. For example, many applications need to access preference files so they need read write to the preferences directory. Your code may not be actually writing to that directory but calling a persistence library function for dictionaries and it may require you to allow access to the whole directory not just a file.

      In other cases your app may call other things that expect certain access. For example, when you run the command "ls -l" in a shell, it accesses /etc/passwd in order to put names to the process UIDs. When you ask for the time or date, various localization files in /etc are consulted. When you call open/save dialogs some of these appear to try to inventory the mounted drives in /Volumes (which you can see because the drives spin up).

    It's hard to anticipate these things because libraries and APIs that you use have legacy expectations of their privileges. In order for the code to grant that access to the API, the code itself has to have it too. The only work-around for that is to go back to the evil days of Set UID root scripts (like the command "ps" still has).

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:THe trouble with sandboxes... by datapharmer · · Score: 3, Insightful

      It seems that the answer that that problem would be to a) allow read write on a file-by-file basis based on a signed "declaration" by the program that specifies what files the program needs, or b) fool the program by pulling copies of the originals into the sandbox so it thinks it is writing to them and runs happily while not interfering with the rest of the OS (isn't that the entire point of a sandbox?)

      --
      Get a web developer
  15. Re:Great Idea: Will it work? by zakeria · · Score: 3, Insightful

    its not that the Reader has buffer overflows underflows etc, it's the fact that the Reader has so many built in functions such as embedded flash movies and these have their own flaws.. I think adobe should trim or design a lightweight Reader that has less of these features making it more secure!

  16. Re:Air taggs along. by rrossman2 · · Score: 2, Interesting

    yes, and the 3rd directory down in this link sums it up pretty well

    ftp://ftp.adobe.com/pub/adobe/acrobat/

    Index of /pub/adobe/acrobat/
    Name Size Date Modified
    [parent directory]
    all/ 8/26/08 1:00:00 AM
    js/ 1/25/07 12:00:00 AM
    junk1/ 2/12/04 12:00:00 AM
    mac/ 3/10/09 1:00:00 AM
    misc/ 5/31/01 1:00:00 AM
    unix/ 1/20/00 12:00:00 AM
    win/ 8/6/08 1:00:00 AM

  17. Adbode pdf browser plugin by ZERO1ZERO · · Score: 2, Funny
    Doesn't anybody else find this to to be one of the most annoying design decisions ever made?

    I absolutely hate it when the PDF loads into the browser rather than the PDF software. All your menus mess up, you can't fully use the PDF software, you can't fully use your browser, the PDF software hogs your browser up.

    I blame Internet Explorer.

    1. Re:Adbode pdf browser plugin by Anonymous Coward · · Score: 2, Informative

      What does it have to do with Internet Explorer? It was Mozilla that came up with the browser plug-in concept and introduced NPAPI with Netscape 2.0 specifically to allow this. That same plug-in API is still used in Firefox, Safari, Chrome and Opera. That predates the integration of ActiveX (or NPAPI) in Internet Explorer.

    2. Re:Adbode pdf browser plugin by Ripsaw · · Score: 2, Informative

      It's trivial to set Adobe Reader to open outside the browser. Just clear the "Display PDF in browser" check box on the "Internet" panel of the preferences.

  18. Re:Great Idea: Will it work? by blueg3 · · Score: 3, Insightful

    Ever since von Neumann came up with this crazy idea of program and data being the same, guaranteeing that something that just manipulates data doesn't also execute code has been nontrivial.

  19. Re:Great Idea: Will it work? by TheRaven64 · · Score: 2, Interesting

    Sandboxing vi ?

    Is vi a link to vim on your machine? If so, it might be worth sandboxing; there has been at least one security hole in vim in the last year or so that has caused a buffer overflow that is exploitable by maliciously crafted text files.

    --
    I am TheRaven on Soylent News
  20. Fortunately, the slow download of Adobe Reader by thewils · · Score: 4, Interesting

    Gives you ample time to uninstall the McAfee Security Scan Plus that gets installed without your permission.

    --
    Once I was a four stone apology. Now I am two separate gorillas.
    1. Re:Fortunately, the slow download of Adobe Reader by jack2000 · · Score: 4, Insightful

      What is up with adobe and bullshit installs, really it pisses me off. getPluswhatever downloader that installs as a plugin JUST to download an exe? Wait what? The browser can install things perfectly. Firefox even comes with an automated system that requires no input from the user while updating/installing plugins.
      But noooo, adobe has to be all annoying about it. Just install the thing i told you to don't fuck with me.
      And what is up with things wanting to install toolbars all over the place? What is this the browser wars again?
      At least there are silent installers with no frills one click interfaces otherwise reinstalling apps while maintaining pcs would be a huge pain.

  21. Re:Great Idea: Will it work? by Pieroxy · · Score: 3, Insightful

    Doing this would be an admission that Reader is insecure. Adobe would never go this route.

    And sandboxing the damn thing isn't an admission of crappiness?

    --
    Write boring code, not shiny code!
  22. NeXT figured it out ~18 years ago by SteeldrivingJon · · Score: 3, Interesting

    Back in the day, it was realized that Display Postscript could be exploited. This was demonstrated in an amusing way with encapsulated postscript files which, when NeXTSTEP's Mail program tried to render them in-line in a message, executed code that would cause your screen to "melt", or would grab all the windows on your screen and spin them around until you clicked the mouse.

    Unfortunately, Postscript could also operate on files...

    So NeXT added a default "secure DPS context" in which Postscript would execute with the problematic instructions disabled.

    --
    September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
  23. Just installed it on my Mac... by proxy318 · · Score: 2, Informative

    "Installing this program will take up 415.8 MB of space". Seriously? WTF Adobe, this reads PDFs AND DOESN'T DO ANYTHING ELSE, are you trying to make it as bloated as possible?

    --
    Saying your "phone ran out of batteries" is like saying your "car ran out of gas tanks".
  24. Desktop Icon by dingen · · Score: 5, Funny

    Does the Windows installer still place a shortcut to the application on your desktop? Amazingly useful for people who would like to open the reader without any document in it, so you can stare at a grey window, right there on your desktop!

    --
    Pretty good is actually pretty bad.
  25. Re:Great Idea: Will it work? by Blue+Stone · · Score: 3, Funny

    The sandbox idea is great.

    Adobe couldn't fix all the security flaws in their program, so they wrote another program to put their program in.

    Fortunately the new porogram has no security flaws.

    --
    Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce