Adobe aims to get Reader out of the firing line
Adobe has reacted to the continuing attacks on Adobe Reader. The next version – which will likely be called Adobe Reader 10 – will include a sandbox which will, according to Brad Arkin, responsible for security of all Adobe software products, make Reader a less attractive target for attackers. However, Arkin did not want to commit to a date for releasing the new technology, officially dubbed Adobe Reader "Protected Mode".
Technically, Adobe's sandbox is based on a Microsoft technology known as Microsoft Office Isolated Conversion Environment (MOICE) which is already in use in Office 2010. A broker process processes all write queries from the sandbox and decides whether or not they are legitimate based on a defined set of rules. Adobe states that the broker process and sandbox code has been kept very lean and has been tested by external penetration testers. Arkin has confirmed that Adobe is also considering using the sandbox to trap read access and thus block access to sensitive data on the system.
Adobe does not see the sandbox as a panacea. It will not, for example, block phishing, clickjacking, weak encryption in signed documents or unauthorised network access. There may also be issues for users using assistive technologies such as screen readers under Windows XP and Windows Server 2003.
The vendor is promising the ability to disable protected mode or to use registry entries to add new rules in the event of problems. Company administrators will be able to implement these easily using group policies.
(Uli Ries / crve)