Feeds

back to article Adobe (finally) adds security sandbox to Reader

At long last, Adobe Systems has added a new security protection to Windows versions of its ubiquitous document reader that's designed to lock down one of the world's most exploited applications. The so-called sandbox, isolates Reader from sensitive Windows operations, such as the changing of operating system registry settings …

COMMENTS

This topic is closed for new posts.

Strange?

No responses so far at the time of writing?

Weekend? Or no-one left using Adobe products?

All they have to do now is sort the others and keep them all secure for a while.

Any bets?

0
0
Anonymous Coward

About frickin' time... sheesh.

What took 'em so long? Well, kudos for finally doin' it, anyway.

0
0
Silver badge

Wont this break most PDF applications?

I mean if a PDF file cannot change registry settings it'll have to be rewritten to use the new method of doing so. This will cause lots of old unsupported PDF applications to break.

0
3
Silver badge
FAIL

PDF applications?

Man, that just sounds sooooo wrong.

1
0
Silver badge
WTF?

U

Call me dumb, but why does a document need to change my registry?

2
0
FAIL

Monumental? Complex?

"Adding the technology to an existing piece of software is a monumental task,"

No doubt, but deleting 95% of the source tree and leaving a proper, simple, secure PDF viewer could be done in a day by the tea-lady.

7
1

Enabled by default

which is good, but should it even be an option? I can't immediately think of any situation where you'd need to turn it off, so why not have it permanently enabled? I doubt it will be too long before someone finds an exploit that lets them turn off the sandbox.

1
1
Grenade

How big?

But how much extra size will Adobe X be compared to 9? How much extra junk is included?

0
0

$5 says root exploit in the wild within a week

This *is* Adobe Reader we're talking about, after all.

3
0
FAIL

Sumo Software.

So.... even more bloat??? No thanks I'll stick with Foxit! Smaller and seems less prone to the issues that plague Adobe - Like Microsoft - they need to accept that this tired old pile of code needs a ground up re-write to remove the bloat and improve security

4
0

chroot

That's all.

0
0
FAIL

Um... It's already out

From Adobe's website: (http://kb2.adobe.com/cps/837/cpsid_83708.html)

Acrobat and Reader X products

Latest release: Acrobat Pro and Standard X for English, French, German, and Japanese, November 15 2010, Reader X November 18.

Date Ver. Type Focus

Nov 2010 10.0 Major A major release with new and improved features. Reader and support for other languages have a phased rollout. Acrobat EFGJ: Nov 15, Reader EFGJ: Nov 18, Acrobat and Reader for all other languages: Mid December.

All I had to do is click on the help menu and then select Check for updates...

0
0

This post has been deleted by its author

Grenade

Firefox IS Already Sandboxed. Also Is Evince. Also Is Apache

Because Linux does have a generic solution called AppArmor. Apply it to whatever software you choose.

http://en.wikipedia.org/wiki/AppArmor

Oh, you want to run on Windows ? My condolences.

2
0
Gold badge

Sandboxing on Windows

Windows also has a generic solution, through the "Protect my PC" check-box in the RunAs dialog. It certainly breaks apps that expect to be able to write to the user's own profile (file system and registry) but I've never seen a precise description.

Of course, the problem is that your average user *wants* some random PDF to be able to "do whatever it needs to do" to their system. There's no protection against that.

0
0

Evince - pity it doesn't work

I tried to make Evince the default .PDF handler here. It worked nicely until people tried to print the PDF files created by out document scanner. It turns out that Evince won't reliably print images in documents.

Just why they want to make a paper copy of a document that we had scanned so that we could get rid of the paper copy (or at least put it in cold storage) is a conversation for another day. Today's conversation is about that "crappy open source software that IT are trying to force us to use".

0
0
Silver badge
Thumb Down

Too little too late.

I've always been pro-Adobe reader, even if it was bloated.

But since 9.x, it's beyond a joke. Even by my jokey standards.

And I haven't even started on Adobe DLM. What the hell were they thinking?

Google it, not one freaking bloody good word about it.

Thanks Adobe, for making my choice that much easier by stopping me from getting it in the first place.

And no, I don't use FoxIt. Tried it, vomited, and kept looking.

1
1
Heart

Sumatra pdf

@John Tserkezis

You may want to try Sumatra PDF. Fast and simple, does one thing only: displays pdfs.

0
0
Happy

foxit works

find foxit is better, less likely to cause me hassles :)

0
0
FAIL

Yes, sure, sandbox the bloatware!

That's really a nice idea. First, create a reader that works. Then, add bloat. Then, more bloat. Then, download manager, toolbars, spyware, and so on. Then, a little more bloat.

In the end, add even more bloat to keep the bugs inside.

TOTAL FAILURE!

I use Linux, so I don't care. But when I have to use Windows, I use something else to read PDF files.

0
0
Gold badge
WTF?

Re: Too little too late

"And no, I don't use FoxIt. Tried it, vomited, and kept looking."

In my experience, FoxIT displays the text and diagrams of any PDF you feed it and I can't think of anything else I'd *want* an application to do with a PDF.

What is it that you want your PDF viewer to do, the absence of which is sufficiently nauseating that you throw up? I'm genuinely curious.

1
0
FAIL

Oh happy fucking day

yet another pile of cr4p from Adobe I get to update all the computers in the house with.

Adobe, prepare for a boot in your bum -- you're about to leave my building -- you're no better than MSFT and equally virus ridden.

0
0
Stop

@s.pam

My feeling is that MS is actually much better than Adobe, despite the fact that MS is vastly inferior to Linux.

Just have a look a the Adobe Flash Manager, which lets you choose update checking intervals. The shortest time interval is SEVEN days. MS and Linux can push a patch in a matter of hours, Adobe needs at least a week.

Certainly enough time for the bad guys to distribute a Flash virus via Doubleclick et al.

0
0
Silver badge
Thumb Down

Sandboxing, worse icons, and flogging online services

Well one out of three isn't bad...

0
0

Reader X - 33% extra free!

AdbeRdr940_en_US.exe [Sep 23 12:42] 27634824

AdbeRdr1000_en_US.exe [Nov 11 00:43] 36791704

0
0
This topic is closed for new posts.