Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Launches Sandboxed Reader X

Posted by Soulskill on from the barn-doors-and-horses dept.

CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."

12 of 201 comments (clear)

  1. The OS should provide the option to sandbox too by the_humeister · · Score: 5, Insightful

    Any program I run should be have the option of being sandboxed by the the OS if I so choose.

  2. Re:Great Idea: Will it work? by Pieroxy · · Score: 4, Insightful

    This is pathetic. This program is a "Reader", just that! How hard can it be to fix all of those buffer overflows? Is the source code so horrendously broken that only a sandbox can fix it? What's next? Sandboxing vi ? ls? /dev/null?

    --
    Write boring code, not shiny code!
  3. Re:Air taggs along. by ShakingSpirit · · Score: 5, Informative

    Though it's not linked anywhere, cut-down installs of Adobe Reader can always be obtained from http://get.adobe.com/uk/reader/enterprise/

  4. Re:Great Idea: Will it work? by humphrm · · Score: 5, Insightful

    Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.

    Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  5. FTP Links by Anonymous Coward · · Score: 4, Informative

    ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/

    A few language options available, and EXE or MSI format.

  6. Re:Adobe Reader, now even slower! by Spad · · Score: 4, Informative

    and so far hasn't been subject to any major attacks/flaws.

    Sadly not true; it was vulnerable to the /launch "vulnerability/feature" as well as a couple of others. Even Sumatra has had one.

  7. Re:Adobe Reader, now even slower! by Menacer · · Score: 4, Insightful

    Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.

    You're incorrect that Foxit reader has not been subject to attacks or flaws. This article from last year, for instance, describes in-the-wild attacks of Foxit. A Google search for "foxit reader buffer overflow" brings up a number of known (though patched by now) exploits.

    Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure. That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms. They may be more secure when compared to Windows, but there's nothing in their underlying architecture that prevents them from being exploited with enough effort.

  8. Re:Not sure I like this idea by mcgrew · · Score: 5, Funny

    The sandbox is to prevent the cats from shitting in your laundry basket.

    --
    Free Martian Whores!
  9. Re:soon by SLot · · Score: 4, Funny

    Adobe emacs?

  10. Fortunately, the slow download of Adobe Reader by thewils · · Score: 4, Interesting

    Gives you ample time to uninstall the McAfee Security Scan Plus that gets installed without your permission.

    --
    Once I was a four stone apology. Now I am two separate gorillas.
    1. Re:Fortunately, the slow download of Adobe Reader by jack2000 · · Score: 4, Insightful

      What is up with adobe and bullshit installs, really it pisses me off. getPluswhatever downloader that installs as a plugin JUST to download an exe? Wait what? The browser can install things perfectly. Firefox even comes with an automated system that requires no input from the user while updating/installing plugins.
      But noooo, adobe has to be all annoying about it. Just install the thing i told you to don't fuck with me.
      And what is up with things wanting to install toolbars all over the place? What is this the browser wars again?
      At least there are silent installers with no frills one click interfaces otherwise reinstalling apps while maintaining pcs would be a huge pain.

  11. Desktop Icon by dingen · · Score: 5, Funny

    Does the Windows installer still place a shortcut to the application on your desktop? Amazingly useful for people who would like to open the reader without any document in it, so you can stare at a grey window, right there on your desktop!

    --
    Pretty good is actually pretty bad.