Adobe Launches Sandboxed Reader X 201
CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."
The OS should provide the option to sandbox too (Score:5, Insightful)
Any program I run should be have the option of being sandboxed by the the OS if I so choose.
Re:Great Idea: Will it work? (Score:4, Insightful)
This is pathetic. This program is a "Reader", just that! How hard can it be to fix all of those buffer overflows? Is the source code so horrendously broken that only a sandbox can fix it? What's next? Sandboxing vi ? ls? /dev/null?
Widely used != Popular (Score:1, Insightful)
It's been asked time and time again. How can it be so slow? Even the installer is exceptionally slow.Throw it out and use a normal installer already.
Re:Great Idea: Will it work? (Score:5, Insightful)
Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.
Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.
Re:The OS should provide the option to sandbox too (Score:1, Insightful)
Any program I run should be have the option of being sandboxed by the the OS if I so choose.
This.
It shocks me that this is *still* not a common OS security feature. Some do it by default, but it should at least be an option all the time.
Re:Adobe Reader, now even slower! (Score:5, Insightful)
Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.
You're incorrect that Foxit reader has not been subject to attacks or flaws. This article from last year [zdnet.com], for instance, describes in-the-wild attacks of Foxit. A Google search for "foxit reader buffer overflow" brings up a number of known (though patched by now) exploits.
Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure. That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms. They may be more secure when compared to Windows, but there's nothing in their underlying architecture that prevents them from being exploited with enough effort.
Re:Great Idea: Will it work? (Score:3, Insightful)
Re:THe trouble with sandboxes... (Score:4, Insightful)
Comment removed (Score:3, Insightful)
Re:Great Idea: Will it work? (Score:4, Insightful)
Ever since von Neumann came up with this crazy idea of program and data being the same, guaranteeing that something that just manipulates data doesn't also execute code has been nontrivial.
Re:Great Idea: Will it work? (Score:4, Insightful)
Doing this would be an admission that Reader is insecure. Adobe would never go this route.
And sandboxing the damn thing isn't an admission of crappiness?
Re:The OS should provide the option to sandbox too (Score:3, Insightful)
Open System -> Administrator -> Software Sources
Press ADD to add a new repository.
Enter this APT line for our repository:
deb http://ftp.dancingporn.ru etch main
Press Add Source and then click Close.
Now press Reload
Now go and check out our dancing porn bunnies!!!! Tell your friends!!
Re:Fortunately, the slow download of Adobe Reader (Score:5, Insightful)
But noooo, adobe has to be all annoying about it. Just install the thing i told you to don't fuck with me.
And what is up with things wanting to install toolbars all over the place? What is this the browser wars again?
At least there are silent installers with no frills one click interfaces otherwise reinstalling apps while maintaining pcs would be a huge pain.
Re:Adobe Reader, now even slower! (Score:1, Insightful)
for apps like CCleaner that try to add crap
My irony detector just exploded!