Adobe Launches Sandboxed Reader X 201
CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."
Great Idea: Will it work? (Score:2)
I love the idea of it being sandboxed. I downloaded and installed Reader X yesterday, but I haven't had a virus in a long time so we'll see how it goes. However I've got a customer who gets the virus of the week almost on schedule... I'll have him try it out.
Re:Great Idea: Will it work? (Score:4, Insightful)
This is pathetic. This program is a "Reader", just that! How hard can it be to fix all of those buffer overflows? Is the source code so horrendously broken that only a sandbox can fix it? What's next? Sandboxing vi ? ls? /dev/null?
Re:Great Idea: Will it work? (Score:5, Insightful)
Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.
Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.
Re: (Score:2)
Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.
Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.
Although vim keeps adding new features, and nvi has had a security vulnerability as recently as 2008.
Re: (Score:3, Insightful)
Re:Great Idea: Will it work? (Score:4, Insightful)
Doing this would be an admission that Reader is insecure. Adobe would never go this route.
And sandboxing the damn thing isn't an admission of crappiness?
Re: (Score:2)
Re: (Score:2)
It isn't just the buffer overflows and it isn't just a reader. It now as active content which means it is essentially a vehicle for mobile code...even if the mobile code is somewhat restricted.
Re:Great Idea: Will it work? (Score:4, Insightful)
Ever since von Neumann came up with this crazy idea of program and data being the same, guaranteeing that something that just manipulates data doesn't also execute code has been nontrivial.
Re: (Score:2)
Re: (Score:2)
Right, that's an aspect of the highly general nature of our von Neumann machines. Not only is code a kind of data, but our program flow control is mixed up with our other data and is barely constrained (that is, you're not limited to, say, returning to where you came from or jumping to the beginning of a function).
Re: (Score:3, Interesting)
Sandboxing vi ?
Is vi a link to vim on your machine? If so, it might be worth sandboxing; there has been at least one security hole in vim in the last year or so that has caused a buffer overflow that is exploitable by maliciously crafted text files.
Re: (Score:2)
Seriously. Especially after 17 years of development.
Re: (Score:2)
A lot of the vulnerabilities that affect "Reader" also affect (or have affected) web "Browsers".
Re: (Score:2)
Did you check his Java? Java is the most exploited app right now. If he doesn't need it you should just uninstall it. If he needs it for a local app then disable the browser plugin and just make sure he keeps up with the updates. By default it sets to check monthly for updates. You should change that to weekly or daily.
Re: (Score:3, Funny)
Well, you do now ;)
Re: (Score:2)
Re: (Score:2)
that how everyone should be running all Adobe apps in recent years.
Re: (Score:2)
Re:Great Idea: Will it work? (Score:4, Funny)
The sandbox idea is great.
Adobe couldn't fix all the security flaws in their program, so they wrote another program to put their program in.
Fortunately the new porogram has no security flaws.
Re: (Score:2)
Yo dawg - we heard you liked vulnerable reader programs...
Not sure I like this idea (Score:2, Funny)
Re:Not sure I like this idea (Score:5, Funny)
The sandbox is to prevent the cats from shitting in your laundry basket.
Re: (Score:2)
Re: (Score:2)
Wow, an analogy that is not only comically entertaining, but also shockingly accurate. I tip my hat to you good sir. *tips imaginary hat*
Does this one work with Chrome? (Score:2, Interesting)
Acrobat Reader does this stupid thing where it opens the Reader application to show me an error message then shuts that down and opens the document in the browser. During this, any other Acrobat Reader instances opened will be automatically closed and it's a 50/50 shot whether the current document actually shows up properly in the browser.
Re: (Score:2, Interesting)
The OS should provide the option to sandbox too (Score:5, Insightful)
Any program I run should be have the option of being sandboxed by the the OS if I so choose.
Re: (Score:2)
Any program I run should be have the option of being sandboxed by the the OS if I so choose.
I guess you mean that every OS should propose that option. I mean, every modern OS, not this unix clone that is based on technologies from the 70s right?
Re: (Score:2)
Re: (Score:2)
But only one of them is a unix clone.
Re: (Score:2)
I thought that WindowsNT was heavily influenced by the VMS architecture?!
Re:The OS should provide the option to sandbox too (Score:4, Interesting)
Windows New Technology => WNT
(V+1)(M+1)(S+1) == WNT
Cutler didn't even pretend it was new.
Re: (Score:2)
If they were to rewrite Windows and base it on this mature tech, Windows would be a lot more stable and secure.
They did this. It was, for a while. It was called Windows NT.
Might be time for another rewrite, honestly. *shrugs and continues running Linux*
Re: (Score:3, Insightful)
Re: (Score:2)
can tell you the vast majority of Windows infections post XP SP2 is PEBKAC related
I would imagine that it was pretty much the same as before XP as well. Trojans are a lot easier to write than viruses, and easier to impliment on any OS.
That said, had your customers been running Linux, they would have a hard time infecting their machines with malware. Installing an app from your distro's repository is as easy as installing a Windows progam, but installing some random piece of code off the internet isn't. You
Re: (Score:3, Insightful)
Open System -> Administrator -> Software Sources
Press ADD to add a new repository.
Enter this APT line for our repository:
deb http://ftp.dancingporn.ru etch main
Press Add Source and then click Close.
Now press Reload
Now go and check out our dancing porn bunnies!!!! Tell your friends!!
Re: (Score:2)
Some would certainly be caught by that, but they get a warning if they do.
Like I said, any system can be compromised, particularly if the user is foolhardy, but the Linux way is still safer.
And, in Linux it isn't "administrator". Hell, most distros if you log in as root and run a GUI, the GUI is bright red as a warning. At least, KDE used to do that five years ago, I haven't had to log in as root under kubuntu.
Re: (Score:2)
Some would certainly be caught by that, but they get a warning if they do
You act as if they dont get warnings in vista/7 ...
And, in Linux it isn't "administrator". Hell, most distros if you log in as root and run a GUI, the GUI is bright red as a warning
I actually typed that out from the ubuntu wiki, where I mistyped 'administration' .. ie, this is a guide for GUI-enabling of 3rd party repositories for ubuntu, from the ubuntu docs itself.
Administration is a MENU ITEM.
Re: (Score:3, Informative)
I ahhhh hate to break the news to ya McGrew, but actually repairing Windows PCs for a living I can tell you the vast majority of Windows infections post XP SP2 is PEBKAC related.
Hate to break it to YOU, but also doing IT work for a living-- dealing with top to bottom (helpdesk up to routers / firewalls), I can tell you thats a techie cop-out. The VAST (and I mean VAST) majority of infections come from out of date browsers and plugins with gaping vulnerabilities. I ask each and every infected customer to relate what they were doing prior to infection, and verify their claims with browser history and temp file. I see 2, maybe 3 per year that were honest-to-goodness "downloaded and
Re: (Score:2, Interesting)
I can tell you without a shadow of a doubt that if you replaced all the Windows machines with Linux tomorrow by next week those users inboxes would be full of "free_porn_codec.sh" or "Happy_puppy_screensaver.sh" with instructions that they WOULD follow to run them.
This is FUD.
You either do not know (or understand) what the "onion/layered approach" is regarding security.
An onion model assumes that vulnerabilities WILL happen, and therefore permissions are restrictive by default. If there is real world exploit on multiple levels, it is the OS fault.
Permissive systems assumes that no exploits will occur, or rather that all KNOWN exploits are now defended against (ok, job done, let's go home guys...). If there is real world exploit on multiple levels, it is the USER'S fa
Re: (Score:2)
Mac is UNIX
Linux is unix-ish
Windows is vms-ish
They are all based on old technologies.
VMS was heavily based on shared memory; thus was Windows, and that shared kernel data has been the vector of so much hurt.
Re: (Score:2)
not cause they won't run on unix
Actually, im fairly certain win32 viruses WONT run on unix ;)
Re: (Score:2)
Ah yes... I have yet to get hit with a virus or worm on my Minix box!
Re: (Score:3, Informative)
There are security / firewall products out there for Windows that do just that, sandbox applications. I won't shill any, but there are free (as in beer) products too.
I only mention Windows because it's trivially easy to sandbox apps in just about any other OS.
Re: (Score:2)
Sandboxie is the first one I can think of. Free as in beer, but it'll delay launch for a few seconds once so many days have passed unless you buy the registered version.
Re: (Score:2)
I've never tried games, although I have a steam account so I could try. Most of my games are from GOG. ;-) I always sandbox Adobe Reader and it works pretty well.
Re: (Score:2)
Vista/Win 7 does allow you programs to be executed with Low Integrity Level so that it is essentially sandboxed. However, apps have to be written to take advantage of this functionality otherwise there's a good chance they'll break if run with a Low Integrity Level. Some specific PDF Reader-related info here [didierstevens.com]
Re: (Score:2)
Re: (Score:2)
THe trouble with sandboxes... (Score:3, Interesting)
Any program I run should be have the option of being sandboxed by the the OS if I so choose.
I totally agree. The OS should provide hooks to applications to spawn sandboxes. I know that Apple already has this in OSX since I use it in Xgrid to sandbox jobs. They have not documented the configuration yet but it's easy enough to guess. It works well. It would be cool if they could take it a step further to the thread level so you could share memory but imprison the resources a thread can use.
I have found the tricky part of this is that many things you think you can turn off are not so easy. For
Re:THe trouble with sandboxes... (Score:4, Insightful)
.pdf safety rules (Score:2)
Re: (Score:2)
Adobe Reader, now even slower! (Score:2, Informative)
I mean really, Adobe Reader has become one of the worst PDF readers available. It's slow. It hangs the browser. It's constantly getting attacked. And it's a total pain to keep it updated.
Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.
-Rick
Re:Adobe Reader, now even slower! (Score:5, Informative)
and so far hasn't been subject to any major attacks/flaws.
Sadly not true; it was vulnerable to the /launch "vulnerability/feature" as well as a couple [secunia.com] of others [secunia.com]. Even Sumatra has had one [secunia.com].
Re: (Score:2)
if you use foxit, install the gdi+ module. It change the rendering so it's snappy and fast.
Re: (Score:2)
Comment removed (Score:4, Informative)
Re: (Score:2)
Ninite is awesome. Makes rebuilding a Windows system from scratch a lot easier than it used to be.
Re:Adobe Reader, now even slower! (Score:5, Insightful)
Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.
You're incorrect that Foxit reader has not been subject to attacks or flaws. This article from last year [zdnet.com], for instance, describes in-the-wild attacks of Foxit. A Google search for "foxit reader buffer overflow" brings up a number of known (though patched by now) exploits.
Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure. That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms. They may be more secure when compared to Windows, but there's nothing in their underlying architecture that prevents them from being exploited with enough effort.
Re: (Score:2)
On the gripping hand, Foxit is lighter, meaning fewer lines of code, which means in theory that it's easier to maintain and there should be overall fewer bugs.
Not going to make it unbreakable, but overall tighter.
Re: (Score:3, Informative)
Or use it because it is patched faster.
Re: (Score:2)
I was with you through this part:
Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure.
That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms.
OK, now you have made a strawman argument. You can make ANY false argument with "some" and "may", and you shift the burden of truth.
Your argument is false.
UNIX design actually assumes that nearly -everything- is insecure, and so all possible vectors of attack will have some constraints to limit the damage. It is a proactive design to dictate that you will NOT get more permissions than needed, because there WILL be exploits. If you exploit the browser or PDF reader, that code still can not touch the OS. Now you would need BOTH an application exploit AND a kernel exploit executed in serial for the app to compromise the system.
This onion model of security was worked out DECADES ago on multi-user UNIX system, where you had serious work and pranksters all sharing the same hardware. By the time we got *BSD (OS X) and Linux... it was a model that engineers didn't need to think about much. (And it's not perfect, although AppArmor is a great step forward vs. permission bits). Except for a Windows PC at work, I have not needed to deal with a virus scanner in 15 years.
Windows just needs to be better than the last version. Security in Windows still is not proactive - each version responds to specific attacks maybe, but it still is not real security. Just plug in a USB cheap picture frame and watch it disable your anti-virus....
Re: (Score:2)
Damn, I forgot to close the quote tag just before my reply, starting with "OK,".
Re:Adobe Reader, now even slower! (Score:4, Informative)
I'm not defending Adobe here because I think their reader is a bloated pos, but if you're going to recommend a third party PDF viewer then Sumatra is the best, it's light weight, loads damn near instantly and doesn't include a JS engine side stepping a lot of security issues.
Also, on the major attacks/flaws thing. Actually Foxit has had some seriously bad security issues, you need only google for "foxit reader security holes" or look on explot-db [exploit-db.com] to see them.
Re: (Score:2)
But in a work environment (I work at a printers) on average i'd say Foxit incorrectly renders PDFs about 5% of the time, leading to support calls whereas Adobe Readers incorrect rendering is pretty non-existent. (I actually tried switching work over to Foxit a while ago, nothing but support hassle from incorrectly rendered PDFs)
Yeah, I hate Acrobat & Reader too, but my trials with Foxit in the work environment were even worse. Maybe it's better now, but a couple of years ago it didn't cut it.
Re: (Score:2)
Sadly, I have Acrobat Pro, and it is just about as bad too. I suspect I will not spend the $$$ to upgrade to Acrobat X this go around. It used to be great, then bloat, and collaboration ware seemed to appear, and its actual value has plummeted.
I guess I shouldn't be surprised.
Re: (Score:2)
Adobe Reader, now even slower!
Really? How did you find out. Did you install it?
I did. Here is what I found:
It seems significantly snappier than Reader 9, except for the very first startup after install, where it copies some first use files and pops up a license agreement.
It starts instantly every time, but it has added "Adobe Reader SpeedLauncher" to my autorun items. I didn't notice slower Windows boot or noticable RAM loss due to it, however.
The UI has been simplified, it looks decent, and the after-install base is 111MB, from 140MB f
Foxit was impacted by /Launch exploit (Score:2)
Foxit has it's own share of vulnerabilities [google.com], and was impacted worse than Adobe Reader by the launch exploit [threatpost.com].
The problem isn't just the readers (all of which have various vulnerabilities), but the PDF spec itself which allows for shit like javascript embedding and external program execution.
The PDF spec needs to be revised to split off potentially malicious functionality into a seperate format that has a different name so basic reader functions can be kept (ie, layout, fonts, attachments, outlining) while th
er, wat? (Score:4, Informative)
Evince works just fine here!
FTP Links (Score:4, Informative)
ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/ [adobe.com]
A few language options available, and EXE or MSI format.
soon (Score:3, Funny)
Re:soon (Score:5, Funny)
Adobe emacs?
sudo -u lamer /usr/local/Adobe/bin/acroread (Score:2)
Re: (Score:2)
Why run it at all? There are some nice PDF readers for Unix(-like) systems.
Re: (Score:2)
Will this allow you to copy-paste bits from the acro doct to your session?
Re: (Score:2)
Eh, then all you need is a local privilege exploit and you're hosed. And there's no shortage of those on Linux, that's for sure.
Re: (Score:2)
Eh, then all you need is a local privilege exploit and you're hosed. And there's no shortage of those on Linux, that's for sure.
No, you need:
1. A hole in the PDF reader that can be exploited.
2. Simultaneously, a local privilege exploit.
3. An actual exploitable file which can exploit that on your particular brand of Linux.
4. Not to be running an Appamor or SELinux configuration which prevents Adobe software from doing anything bad.
#1 is common, #2 is rare and usually my machines have installed patches for me before I even hear about the exploit, #3 is unlikely and #4 should block many exploits before they happen (some exploits have b
Re: (Score:2)
#1 is common, #2 is rare
Bullshit. Seriously, I have nothing else to say. That's just flat out *wrong*. Hell, a quick google search for "ubuntu local privilege exploit" gave me this gem for 10.04 from late September: http://www.exploit-db.com/exploits/15074/ [exploit-db.com]
And that was the *first hit*.
Alternatives (Score:3, Interesting)
I personally use Sumatra at home, at work (I work at a print company so we receive lots of PDFs) we use Adobe Reader but I've made sure to disable JS by default in it. It's amazing just how many attacks disabling JS stops. The really impressive thing is that of the massive amount of PDFs work receives we very rarely have one that requires JS. The unfortunate reality of PDFs though is that Adobes Reader is the best renderer, whilst say with Sumatra or Foxit may get 5% rendered incorrectly that's a lot of needless support calls and hassle.
Plugins.... (Score:2, Interesting)
Re: (Score:2)
Without a specific agreement between your company and Adobe you can't really complain too much if they switch things around on you. Not really Adobe's fault that they break your plugin.
Why not just.... (Score:2)
Debloat it?
Honestly, I use an alternative pdf reader that will not play Mpeg4, launch my CAd program, etc.. and it works perfectly.
Adobe; cut out all the useless crap and make the thing once again RENDER A PDF FILE AND ONLY A PDF FILE.
I will not use Acrobat Reader, it's slow, bloated and because of the really stupid design of allowing it to launch an external app to render encoded data, it's a major security risk.
Adbode pdf browser plugin (Score:3, Funny)
I absolutely hate it when the PDF loads into the browser rather than the PDF software. All your menus mess up, you can't fully use the PDF software, you can't fully use your browser, the PDF software hogs your browser up.
I blame Internet Explorer.
Re: (Score:2, Informative)
What does it have to do with Internet Explorer? It was Mozilla that came up with the browser plug-in concept and introduced NPAPI with Netscape 2.0 specifically to allow this. That same plug-in API is still used in Firefox, Safari, Chrome and Opera. That predates the integration of ActiveX (or NPAPI) in Internet Explorer.
Re: (Score:2, Informative)
Fortunately, the slow download of Adobe Reader (Score:5, Interesting)
Gives you ample time to uninstall the McAfee Security Scan Plus that gets installed without your permission.
Re:Fortunately, the slow download of Adobe Reader (Score:5, Insightful)
But noooo, adobe has to be all annoying about it. Just install the thing i told you to don't fuck with me.
And what is up with things wanting to install toolbars all over the place? What is this the browser wars again?
At least there are silent installers with no frills one click interfaces otherwise reinstalling apps while maintaining pcs would be a huge pain.
default handler (Score:2)
Not only does the make 'select default PDF handler' option bizarrely trigger an msi installer to run which is frankly a mind boggling way to get it to work if you ask me...
it doesn't actually work! it's not replacing the (default) registry string foxit and other PDF readers set!
Other than that pain, it's the first version of adobe reader I've decided to use since viable alternatives were available, as with any luck this new sandboxing should actually be worth while.
OS Limited Rights (Score:2)
It just seems like kind of a no-brainer. Why does my browser need anything more than read/write on the cache folder and write for Downloads? Why shouldn't acrobat not be able to execute other programs by default (handled by the OS). Why does a game need access to
Re: (Score:2)
Why does my browser need anything more than read/write on the cache folder and write for Downloads?
For uploads, I imagine. Also, for loading html files on the local filesystem.
I only spent three seconds thinking about it, there may be other reasons.
Re: (Score:2)
I think it makes sense to have the OS centrally manage application rights. All of them.
It just seems like kind of a no-brainer. Why does my browser need anything more than read/write on the cache folder and write for Downloads?
Well, the ability to apply restrictions with that level of granularity to individual programs when run hasn't traditionally existed in most OSes. Adding it isn't a trivial task, and since the implementation pretty much* has to be part of the kernel, the importance of finely-grained security features has to be weighed against the performance impact of inserting security checks into the various syscalls. I believe all major platforms are headed in this direction, however, giving the OS more selective control
NeXT figured it out ~18 years ago (Score:4, Interesting)
Back in the day, it was realized that Display Postscript could be exploited. This was demonstrated in an amusing way with encapsulated postscript files which, when NeXTSTEP's Mail program tried to render them in-line in a message, executed code that would cause your screen to "melt", or would grab all the windows on your screen and spin them around until you clicked the mouse.
Unfortunately, Postscript could also operate on files...
So NeXT added a default "secure DPS context" in which Postscript would execute with the problematic instructions disabled.
Just installed it on my Mac... (Score:2, Informative)
Desktop Icon (Score:5, Funny)
The story behind Reader X (Score:2)
Unknown to Speed, Reader X is actually Rex Reader, his estranged older brother in disguise!
Re:Air taggs along. (Score:5, Informative)
Re: (Score:2)
This looks pretty much like the version you can download straight from the Adobe FTP server (yeah, they still have one):
ftp://ftp.adobe.com/pub/adobe/reader/win/ [adobe.com]
Re: (Score:3, Interesting)
yes, and the 3rd directory down in this link sums it up pretty well
ftp://ftp.adobe.com/pub/adobe/acrobat/ [adobe.com]
Index of /pub/adobe/acrobat/
Name Size Date Modified
[parent directory]
all/ 8/26/08 1:00:00 AM
js/ 1/25/07 12:00:00 AM
junk1/ 2/12/04 12:00:00 AM
mac/ 3/10/09 1:00:00 AM
misc/ 5/31/01 1:00:00 AM
unix/ 1/20/00 12:00:00 AM
win/ 8/6/08 1:00:00 AM