Talk about broad brushes...
"At more than 41MB, it's more than five times as big as competing PDF reader Foxit, and that means there's five times the attack surface to exploit."
That's a bit of a crude measure, don't you think? How much of that 41MB is image files and other ancilliary data?
Quantifying "attack surface" is pretty much impossible to do, but you could at least start with measuring the quantity of executable code in the two products? Or somehow measuring the relative number of features (on the assumption that there is a relationship between features and bugs as well as bugs and security holes)?
Why do we assume Foxit is more secure? Because it has fewer publicly-disclosed vulnerabilities? That's a bit naiive...
Calling it more secure because there is a lower chance that you'll get compromised due to the larger number of exploits targeting Acrobat vs Foxit I could potentially buy, but I'm not sure that "less likely to be compromised" is the same as "more secure" in a general sense.
I would be very surprised if Foxit stood up to the same level of scrutiny that Adobe Reader/Acrobat is getting without having as many holes found.
Unfortunately, we aren't likely to find out - I can't see Foxit commanding enough of an installed base to cause the crackers to switch targets.
Adobe's sandbox idea is alright I guess, but why is this not a feature of the operating system? Applications need to operate on a minimum-rights principle, whereby they only have permission to do what they need to do. Unfortunately, configuring such a setup, whilst possible with Windows is just too difficult to be practical.
It's not helped by applications which require more permissions than they actually need, due to there being no historical reason for them to be careful about what they do. There are still tons of Windows apps out there (I can count several at work) which need to be able to write to their program directory when run as a normal user!
IT bods don't like what Apple do with iOS apps, and the restrictions when it comes to data-sharing between different apps I believe are quite annoying (I don't have an iOS device, so may be wrong here), but I hear very little about security holes in iOS apps. Privacy holes, user tracking, brokenness yes, but not security holes.
OK, that's the "rant" part of my Saturday todo list done. What's next...