Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Software IT

Adobe Launches Sandboxed Reader X 201

CWmike writes "Adobe on Wednesday released Reader X, the next version of its popular software that includes a 'sandbox' designed to protect users from PDF attacks. Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Calling the sandbox a 'new advancement' in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help. 'Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers,' Arkin said in a post to a company blog late on Thursday."
This discussion has been archived. No new comments can be posted.

Adobe Launches Sandboxed Reader X

Comments Filter:
  • I love the idea of it being sandboxed. I downloaded and installed Reader X yesterday, but I haven't had a virus in a long time so we'll see how it goes. However I've got a customer who gets the virus of the week almost on schedule... I'll have him try it out.

    • by Pieroxy ( 222434 ) on Friday November 19, 2010 @10:25AM (#34281810) Homepage

      This is pathetic. This program is a "Reader", just that! How hard can it be to fix all of those buffer overflows? Is the source code so horrendously broken that only a sandbox can fix it? What's next? Sandboxing vi ? ls? /dev/null?

      • by humphrm ( 18130 ) on Friday November 19, 2010 @10:30AM (#34281856) Homepage

        Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.

        Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.

        • by micheas ( 231635 )

          Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.

          Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.

          Although vim keeps adding new features, and nvi has had a security vulnerability as recently as 2008.

      • Re: (Score:3, Insightful)

        by zakeria ( 1031430 )
        its not that the Reader has buffer overflows underflows etc, it's the fact that the Reader has so many built in functions such as embedded flash movies and these have their own flaws.. I think adobe should trim or design a lightweight Reader that has less of these features making it more secure!
      • by gtall ( 79522 )

        It isn't just the buffer overflows and it isn't just a reader. It now as active content which means it is essentially a vehicle for mobile code...even if the mobile code is somewhat restricted.

      • by blueg3 ( 192743 ) on Friday November 19, 2010 @11:53AM (#34282812)

        Ever since von Neumann came up with this crazy idea of program and data being the same, guaranteeing that something that just manipulates data doesn't also execute code has been nontrivial.

        • by TheLink ( 130905 )
          There's also the "unhygienic" habit of pushing data onto a stack that is also used to tell the CPU what address to run from when it does a "return".
          • by blueg3 ( 192743 )

            Right, that's an aspect of the highly general nature of our von Neumann machines. Not only is code a kind of data, but our program flow control is mixed up with our other data and is barely constrained (that is, you're not limited to, say, returning to where you came from or jumping to the beginning of a function).

      • Re: (Score:3, Interesting)

        by TheRaven64 ( 641858 )

        Sandboxing vi ?

        Is vi a link to vim on your machine? If so, it might be worth sandboxing; there has been at least one security hole in vim in the last year or so that has caused a buffer overflow that is exploitable by maliciously crafted text files.

      • by Myopic ( 18616 )

        Seriously. Especially after 17 years of development.

      • A lot of the vulnerabilities that affect "Reader" also affect (or have affected) web "Browsers".

    • Did you check his Java? Java is the most exploited app right now. If he doesn't need it you should just uninstall it. If he needs it for a local app then disable the browser plugin and just make sure he keeps up with the updates. By default it sets to check monthly for updates. You should change that to weekly or daily.

    • Re: (Score:3, Funny)

      by CarpetShark ( 865376 )

      I downloaded and installed Reader X yesterday, but I haven't had a virus in a long time

      Well, you do now ;)

    • You can just use Sandboxie [sandboxie.com] it'll do that for pretty much any program you wish.
    • Also have him disable automatically opening PDFs in his browser. This is how a lot of PDF exploits can easily find a way into a system - because it opens in the browser, a hidden iframe can allow malicious content in. Update the browser settings to ALWAYS save them to disk.
    • by Blue Stone ( 582566 ) on Friday November 19, 2010 @02:29PM (#34284512) Homepage Journal

      The sandbox idea is great.

      Adobe couldn't fix all the security flaws in their program, so they wrote another program to put their program in.

      Fortunately the new porogram has no security flaws.

  • by Anonymous Coward
    This is a terrible idea. The neighborhood cats are constantly shitting in my sandbox.
  • Acrobat Reader does this stupid thing where it opens the Reader application to show me an error message then shuts that down and opens the document in the browser. During this, any other Acrobat Reader instances opened will be automatically closed and it's a 50/50 shot whether the current document actually shows up properly in the browser.

    • Re: (Score:2, Interesting)

      by revlayle ( 964221 )
      Might be moot, ver 8 (which is in beta) series of Chrome has a built-in PDF reader - not sure how complete or how secure it is however. That being said, Adobe Reader runs in ver 7 (current stable version) series just fine.
  • by the_humeister ( 922869 ) on Friday November 19, 2010 @10:20AM (#34281746)

    Any program I run should be have the option of being sandboxed by the the OS if I so choose.

    • by Pieroxy ( 222434 )

      Any program I run should be have the option of being sandboxed by the the OS if I so choose.

      I guess you mean that every OS should propose that option. I mean, every modern OS, not this unix clone that is based on technologies from the 70s right?

      • Wait, are you talking about Linux, Windows, or Mac? Pretty sure theyre all "unix clones" in some sense of the word, and pretty sure theyre all based on SOME technologies from the 70s...
        • by Pieroxy ( 222434 )

          But only one of them is a unix clone.

      • Ah yes... I have yet to get hit with a virus or worm on my Minix box!

    • Re: (Score:3, Informative)

      by humphrm ( 18130 )

      There are security / firewall products out there for Windows that do just that, sandbox applications. I won't shill any, but there are free (as in beer) products too.

      I only mention Windows because it's trivially easy to sandbox apps in just about any other OS.

      • by Nimey ( 114278 )

        Sandboxie is the first one I can think of. Free as in beer, but it'll delay launch for a few seconds once so many days have passed unless you buy the registered version.

    • by Spad ( 470073 )

      Vista/Win 7 does allow you programs to be executed with Low Integrity Level so that it is essentially sandboxed. However, apps have to be written to take advantage of this functionality otherwise there's a good chance they'll break if run with a Low Integrity Level. Some specific PDF Reader-related info here [didierstevens.com]

      • That's not the same thing. You should be able to run the programs both at low integrity level and in a sandbox. The point of the sandbox is to keep the program segregated from the rest of the programs in case somebody manages to find an exploit to elevate privileges. They'd have root, but they'd have root in the sandbox and would have to then break out of the sandbox to do much.
    • AppArmor ("Application Armor") is a security module for the Linux kernel, released under the GNU General Public License. From 2005 through September 2007, AppArmor was maintained by Novell. AppArmor allows the system administrator to associate with each program a security profile that restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included as of the 2.6.36 version of the mainline Lin

    • Any program I run should be have the option of being sandboxed by the the OS if I so choose.

      I totally agree. The OS should provide hooks to applications to spawn sandboxes. I know that Apple already has this in OSX since I use it in Xgrid to sandbox jobs. They have not documented the configuration yet but it's easy enough to guess. It works well. It would be cool if they could take it a step further to the thread level so you could share memory but imprison the resources a thread can use.

      I have found the tricky part of this is that many things you think you can turn off are not so easy. For

      • by datapharmer ( 1099455 ) on Friday November 19, 2010 @11:24AM (#34282454) Homepage
        It seems that the answer that that problem would be to a) allow read write on a file-by-file basis based on a signed "declaration" by the program that specifies what files the program needs, or b) fool the program by pulling copies of the originals into the sandbox so it thinks it is writing to them and runs happily while not interfering with the rest of the OS (isn't that the entire point of a sandbox?)
  • The ONLY way I can feel safe is to run Adobe Reader Protected Mode in Windows Safe Mode. Then, and only then, I will be safe.
    • Adobe reader is kind of a challenge. With Java that's easy. If I really want to be safe, I go down to the local Starbucks with a thermometer and measure the temperature before I move it. I have yet to get burned by hot coffee when doing it like that.
  • I mean really, Adobe Reader has become one of the worst PDF readers available. It's slow. It hangs the browser. It's constantly getting attacked. And it's a total pain to keep it updated.

    Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.

    -Rick

    • by Spad ( 470073 ) <slashdot@ s p a d . co.uk> on Friday November 19, 2010 @10:46AM (#34282002) Homepage

      and so far hasn't been subject to any major attacks/flaws.

      Sadly not true; it was vulnerable to the /launch "vulnerability/feature" as well as a couple [secunia.com] of others [secunia.com]. Even Sumatra has had one [secunia.com].

    • if you use foxit, install the gdi+ module. It change the rendering so it's snappy and fast.

    • It does have a major flaw-- its insistence on installing that awful toolbar unless you choose "custom mode"-- regardless of whether or not you uncheck the "please install toolbar" box. STILL not fixed after what, 3 versions? Starting to think they have some kind of motivation for forcing this thing on people.
    • by Menacer ( 222952 ) on Friday November 19, 2010 @10:50AM (#34282068)

      Just get Foxit and be done with it. It's light weight, doesn't hang browsers while opening large PDFs, has a SIGNIFICANTLY better search interface, and so far hasn't been subject to any major attacks/flaws.

      You're incorrect that Foxit reader has not been subject to attacks or flaws. This article from last year [zdnet.com], for instance, describes in-the-wild attacks of Foxit. A Google search for "foxit reader buffer overflow" brings up a number of known (though patched by now) exploits.

      Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure. That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms. They may be more secure when compared to Windows, but there's nothing in their underlying architecture that prevents them from being exploited with enough effort.

      • by Nimey ( 114278 )

        On the gripping hand, Foxit is lighter, meaning fewer lines of code, which means in theory that it's easier to maintain and there should be overall fewer bugs.

        Not going to make it unbreakable, but overall tighter.

      • Re: (Score:3, Informative)

        by yuhong ( 1378501 )

        Or use it because it is patched faster.

      • by Sleepy ( 4551 )

        I was with you through this part:

        Foxit reader, like any other piece of software, is bound to have errors. Use it because you like the interface, or use it because it's less likely to be exploited due to its relative unpopularity. Don't delude yourself into thinking it's completely secure.

        That's the same fallacious argument that some OSX and Linux users make when saying that their operating systems are immune from viruses or worms.

        OK, now you have made a strawman argument. You can make ANY false argument with "some" and "may", and you shift the burden of truth.
        Your argument is false.

        UNIX design actually assumes that nearly -everything- is insecure, and so all possible vectors of attack will have some constraints to limit the damage. It is a proactive design to dictate that you will NOT get more permissions than needed, because there WILL be exploits. If you exploit the browser or PDF reader, that code still can not touch the OS. Now you would need BOTH an application exploit AND a kernel exploit executed in serial for the app to compromise the system.

        This onion model of security was worked out DECADES ago on multi-user UNIX system, where you had serious work and pranksters all sharing the same hardware. By the time we got *BSD (OS X) and Linux... it was a model that engineers didn't need to think about much. (And it's not perfect, although AppArmor is a great step forward vs. permission bits). Except for a Windows PC at work, I have not needed to deal with a virus scanner in 15 years.

        Windows just needs to be better than the last version. Security in Windows still is not proactive - each version responds to specific attacks maybe, but it still is not real security. Just plug in a USB cheap picture frame and watch it disable your anti-virus....

        • by Sleepy ( 4551 )

          Damn, I forgot to close the quote tag just before my reply, starting with "OK,".

    • by EvilMonkeySlayer ( 826044 ) on Friday November 19, 2010 @10:54AM (#34282118) Journal
      Foxit is fine for home assuming you remember to correctly untick all the adware options. But in a work environment (I work at a printers) on average i'd say Foxit incorrectly renders PDFs about 5% of the time, leading to support calls whereas Adobe Readers incorrect rendering is pretty non-existent. (I actually tried switching work over to Foxit a while ago, nothing but support hassle from incorrectly rendered PDFs)

      I'm not defending Adobe here because I think their reader is a bloated pos, but if you're going to recommend a third party PDF viewer then Sumatra is the best, it's light weight, loads damn near instantly and doesn't include a JS engine side stepping a lot of security issues.

      Also, on the major attacks/flaws thing. Actually Foxit has had some seriously bad security issues, you need only google for "foxit reader security holes" or look on explot-db [exploit-db.com] to see them.
      • by b0bby ( 201198 )

        But in a work environment (I work at a printers) on average i'd say Foxit incorrectly renders PDFs about 5% of the time, leading to support calls whereas Adobe Readers incorrect rendering is pretty non-existent. (I actually tried switching work over to Foxit a while ago, nothing but support hassle from incorrectly rendered PDFs)

        Yeah, I hate Acrobat & Reader too, but my trials with Foxit in the work environment were even worse. Maybe it's better now, but a couple of years ago it didn't cut it.

    • Sadly, I have Acrobat Pro, and it is just about as bad too. I suspect I will not spend the $$$ to upgrade to Acrobat X this go around. It used to be great, then bloat, and collaboration ware seemed to appear, and its actual value has plummeted.

      I guess I shouldn't be surprised.

    • by suv4x4 ( 956391 )

      Adobe Reader, now even slower!

      Really? How did you find out. Did you install it?

      I did. Here is what I found:

      It seems significantly snappier than Reader 9, except for the very first startup after install, where it copies some first use files and pops up a license agreement.

      It starts instantly every time, but it has added "Adobe Reader SpeedLauncher" to my autorun items. I didn't notice slower Windows boot or noticable RAM loss due to it, however.

      The UI has been simplified, it looks decent, and the after-install base is 111MB, from 140MB f

    • Foxit has it's own share of vulnerabilities [google.com], and was impacted worse than Adobe Reader by the launch exploit [threatpost.com].

      The problem isn't just the readers (all of which have various vulnerabilities), but the PDF spec itself which allows for shit like javascript embedding and external program execution.

      The PDF spec needs to be revised to split off potentially malicious functionality into a seperate format that has a different name so basic reader functions can be kept (ie, layout, fonts, attachments, outlining) while th

  • er, wat? (Score:4, Informative)

    by Entropius ( 188861 ) on Friday November 19, 2010 @10:28AM (#34281844)

    Evince works just fine here!

  • FTP Links (Score:4, Informative)

    by Anonymous Coward on Friday November 19, 2010 @10:31AM (#34281862)

    ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/ [adobe.com]

    A few language options available, and EXE or MSI format.

  • soon (Score:3, Funny)

    by w00tz ( 1943770 ) on Friday November 19, 2010 @10:36AM (#34281904)
    soon to come: Virtualized Adobe Reader which runs in it's own kernel space, with GUI, multiuser and multitasking support!
  • Run acrobat as another user using sudo.  This will contain future exploits to "lamer's" home directory instead of relying on Adobe to protect you.   I fully expect Adobe's sandbox implementation to be as dismal as their security track-record.
    • Why run it at all? There are some nice PDF readers for Unix(-like) systems.

    • by Herve5 ( 879674 )

      Will this allow you to copy-paste bits from the acro doct to your session?

    • Eh, then all you need is a local privilege exploit and you're hosed. And there's no shortage of those on Linux, that's for sure.

      • by 0123456 ( 636235 )

        Eh, then all you need is a local privilege exploit and you're hosed. And there's no shortage of those on Linux, that's for sure.

        No, you need:

        1. A hole in the PDF reader that can be exploited.
        2. Simultaneously, a local privilege exploit.
        3. An actual exploitable file which can exploit that on your particular brand of Linux.
        4. Not to be running an Appamor or SELinux configuration which prevents Adobe software from doing anything bad.

        #1 is common, #2 is rare and usually my machines have installed patches for me before I even hear about the exploit, #3 is unlikely and #4 should block many exploits before they happen (some exploits have b

        • #1 is common, #2 is rare

          Bullshit. Seriously, I have nothing else to say. That's just flat out *wrong*. Hell, a quick google search for "ubuntu local privilege exploit" gave me this gem for 10.04 from late September: http://www.exploit-db.com/exploits/15074/ [exploit-db.com]

          And that was the *first hit*.

  • Alternatives (Score:3, Interesting)

    by EvilMonkeySlayer ( 826044 ) on Friday November 19, 2010 @10:46AM (#34282026) Journal
    Whilst an improvement I'll take a good bet it's still a memory and processor hog. I'd advise people to use Foxit but honestly these days it isn't much better and includes adware.

    I personally use Sumatra at home, at work (I work at a print company so we receive lots of PDFs) we use Adobe Reader but I've made sure to disable JS by default in it. It's amazing just how many attacks disabling JS stops. The really impressive thing is that of the massive amount of PDFs work receives we very rarely have one that requires JS. The unfortunate reality of PDFs though is that Adobes Reader is the best renderer, whilst say with Sumatra or Foxit may get 5% rendered incorrectly that's a lot of needless support calls and hassle.
  • Plugins.... (Score:2, Interesting)

    Wow way to screw over plugin users. Instead of fixing the bugs in their software they just block out a whole lot of stuff.... I work for a software company that uses a plugin to connect to the reader and have real time bookmark following between the reader and our software. With this new "enhancement" our link to the reader is completely broken. We either have to tell our clients to disable the protected mode and go back to the same broken reader or our clients can stop using our features... Thank's Adobe
    • by thewils ( 463314 )

      Without a specific agreement between your company and Adobe you can't really complain too much if they switch things around on you. Not really Adobe's fault that they break your plugin.

  • Debloat it?

    Honestly, I use an alternative pdf reader that will not play Mpeg4, launch my CAd program, etc.. and it works perfectly.

    Adobe; cut out all the useless crap and make the thing once again RENDER A PDF FILE AND ONLY A PDF FILE.

    I will not use Acrobat Reader, it's slow, bloated and because of the really stupid design of allowing it to launch an external app to render encoded data, it's a major security risk.

  • by ZERO1ZERO ( 948669 ) on Friday November 19, 2010 @11:33AM (#34282558)
    Doesn't anybody else find this to to be one of the most annoying design decisions ever made?

    I absolutely hate it when the PDF loads into the browser rather than the PDF software. All your menus mess up, you can't fully use the PDF software, you can't fully use your browser, the PDF software hogs your browser up.

    I blame Internet Explorer.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      What does it have to do with Internet Explorer? It was Mozilla that came up with the browser plug-in concept and introduced NPAPI with Netscape 2.0 specifically to allow this. That same plug-in API is still used in Firefox, Safari, Chrome and Opera. That predates the integration of ActiveX (or NPAPI) in Internet Explorer.

    • Re: (Score:2, Informative)

      by Ripsaw ( 216357 )
      It's trivial to set Adobe Reader to open outside the browser. Just clear the "Display PDF in browser" check box on the "Internet" panel of the preferences.
  • by thewils ( 463314 ) on Friday November 19, 2010 @12:01PM (#34282906) Journal

    Gives you ample time to uninstall the McAfee Security Scan Plus that gets installed without your permission.

    • by jack2000 ( 1178961 ) on Friday November 19, 2010 @01:17PM (#34283610)
      What is up with adobe and bullshit installs, really it pisses me off. getPluswhatever downloader that installs as a plugin JUST to download an exe? Wait what? The browser can install things perfectly. Firefox even comes with an automated system that requires no input from the user while updating/installing plugins.
      But noooo, adobe has to be all annoying about it. Just install the thing i told you to don't fuck with me.
      And what is up with things wanting to install toolbars all over the place? What is this the browser wars again?
      At least there are silent installers with no frills one click interfaces otherwise reinstalling apps while maintaining pcs would be a huge pain.
  • Not only does the make 'select default PDF handler' option bizarrely trigger an msi installer to run which is frankly a mind boggling way to get it to work if you ask me...

    it doesn't actually work! it's not replacing the (default) registry string foxit and other PDF readers set!

    Other than that pain, it's the first version of adobe reader I've decided to use since viable alternatives were available, as with any luck this new sandboxing should actually be worth while.

  • I think it makes sense to have the OS centrally manage application rights. All of them.
    • Execution
    • Granular Network Access
    • FS Read/Write (like limit to directory or file)
    • Mutability/Updates
    • Hardware/Driver Access
    • Execute other programs
    • etc etc etc...

    It just seems like kind of a no-brainer. Why does my browser need anything more than read/write on the cache folder and write for Downloads? Why shouldn't acrobat not be able to execute other programs by default (handled by the OS). Why does a game need access to

    • by Myopic ( 18616 )

      Why does my browser need anything more than read/write on the cache folder and write for Downloads?

      For uploads, I imagine. Also, for loading html files on the local filesystem.

      I only spent three seconds thinking about it, there may be other reasons.

    • I think it makes sense to have the OS centrally manage application rights. All of them.

      • Execution
      • Granular Network Access
      • FS Read/Write (like limit to directory or file)
      • Mutability/Updates
      • Hardware/Driver Access
      • Execute other programs
      • etc etc etc...

      It just seems like kind of a no-brainer. Why does my browser need anything more than read/write on the cache folder and write for Downloads?

      Well, the ability to apply restrictions with that level of granularity to individual programs when run hasn't traditionally existed in most OSes. Adding it isn't a trivial task, and since the implementation pretty much* has to be part of the kernel, the importance of finely-grained security features has to be weighed against the performance impact of inserting security checks into the various syscalls. I believe all major platforms are headed in this direction, however, giving the OS more selective control

  • by SteeldrivingJon ( 842919 ) on Friday November 19, 2010 @12:51PM (#34283366) Homepage Journal

    Back in the day, it was realized that Display Postscript could be exploited. This was demonstrated in an amusing way with encapsulated postscript files which, when NeXTSTEP's Mail program tried to render them in-line in a message, executed code that would cause your screen to "melt", or would grab all the windows on your screen and spin them around until you clicked the mouse.

    Unfortunately, Postscript could also operate on files...

    So NeXT added a default "secure DPS context" in which Postscript would execute with the problematic instructions disabled.

  • "Installing this program will take up 415.8 MB of space". Seriously? WTF Adobe, this reads PDFs AND DOESN'T DO ANYTHING ELSE, are you trying to make it as bloated as possible?
  • by dingen ( 958134 ) on Friday November 19, 2010 @01:29PM (#34283774)
    Does the Windows installer still place a shortcut to the application on your desktop? Amazingly useful for people who would like to open the reader without any document in it, so you can stare at a grey window, right there on your desktop!
  • Unknown to Speed, Reader X is actually Rex Reader, his estranged older brother in disguise!

Genius is ten percent inspiration and fifty percent capital gains.

Working...