Adobe has fleshed out its plans to offer sandboxing as a mechanism to limit the impact of attacks against its ubiquitous Adobe Reader PDF reader application. Available from November, Adobe Reader X will incorporate virtual sandboxing technology that will place controls on the application's ability to modify the registry or …
So we should uninstall Java, a technology that demonstrates that sandboxing isn't a security panacea, while trusting Adobe as they sandbox their notoriously buggy apps?
The biggest problem with normal JREs is that they're a pain to update. Are there any outstanding security holes? I thought all the known ones had been patched and that the problem was that no-one applied them.
Making a buggy, bloated product more complicated..
Making a buggy, bloated product more complicated is hardly likely to fix it. Acrobat Reader is a piece of crap, although as the article says.. Java is an even bigger piece of crap.
I would recommend a look at http://www.pdfreaders.org/ which is produced by the FSF, it has several alternative PDF readers you can use on different platforms.
How many people who don't read El Reg...
... actually have the slightest idea what "Sandboxing" is?
Will this be the default mode or as the phrase "offer sandboxing" suggests, something that can be switched on? If so, how many people will actually turn it on if they don't understand it?
Java vs PDF
Java tries to run code in a sandbox, which it does pretty well. Recent security failures involved bitmap handling or similar. But here is a nice thing about Java: you can turn it off from your browser. I do.
I have a sandbox for PDF, it's called evince, and by leaving out half these features, works very well.
How about a simplified version
"PDF files that contain an even wider variety of content types, including drawings, email messages, spreadsheets, videos, and other multimedia elements"
How about offering a version that only reads PDF files that contain text and pictures, which is what 99% of the world use PDF files for?
Here's a thought...
Both Java and Adobe (and, hell, plenty others to boot) wouldn't be such rattling garbage-cans of vulnerability if they took their updating routines seriously. I spent time over the weekend updating both for my mum because when they'd tried to do so automatically, they'd both failed (or had been too complicated for her, and she is not below-average in comp lit terms).
The paradigm for all of these apps should be: check for updates once a week (or whatever fits the app's typical update cycle); make sure to play catch-up if the PC wasn't on when you were meant to check; if there's an update, apply it -- silently -- and tell the user when you're done. When it comes to browser plugins, kill the browser when necessary -- but do offer a grace period in the tens of minutes. Do all of this at system level, but make sure unprivileged users are aware of it too. Of course, offer the option of deferment to administrators who don't wish to be caught unawares.
Windows Update has it pretty much bang-on on this one, and shows that it can be done. Why isn't it?
C and C++ are crap and so many simple programs have more vulnerabilities than lines of code. Although often bloated (because it's so easy to integrate with external modules) common java apps are no nearly as buggy as the general C app.
What about the bunch of PHP/Perl/python/the likes? Well they have much more limited usage and in my experience don't show any better security.
sandboxed apps still have to be able to speak through their little wall and talk to the OS and interfaced applications. The number of available connections can be restricted, but lets face it sandboxing is a technology that needs a hell of a lot of work to actually do what it purports to say it does on the tin. If the sandbox restricts to a small number of API connections, then that narrows down the effort for attempting to find and exploit vulns.
Hope it works...
...because otherwise, I fear that Adobe Reader is software that is completely out of control. I dimly remember examining the software with a Win32 resource viewer and seeing messages pertaining to Standard Mode operation in Windows not being supported. And just how long has *that* been the case?
Therefore I postulate that even Adobe doesn't know what's in there any longer...
A little word to Oracle and the Sun that came before them...please, please, PLEASE stop pimping browser toolbars with your software updates. That's crossing the line. Do Not Want in the biggest possible way. (Don't tell me I can uncheck the box. I know that. It's the average user that doesn't know, doesn't read and doesn't care until they realize something new has appeared in their browser that they don't care for. And yes, I know about that too...)