At long last, Adobe Systems has added a new security protection to Windows versions of its ubiquitous document reader that's designed to lock down one of the world's most exploited applications. The so-called sandbox, isolates Reader from sensitive Windows operations, such as the changing of operating system registry settings …
No responses so far at the time of writing?
Weekend? Or no-one left using Adobe products?
All they have to do now is sort the others and keep them all secure for a while.
About frickin' time... sheesh.
What took 'em so long? Well, kudos for finally doin' it, anyway.
Wont this break most PDF applications?
I mean if a PDF file cannot change registry settings it'll have to be rewritten to use the new method of doing so. This will cause lots of old unsupported PDF applications to break.
Man, that just sounds sooooo wrong.
Call me dumb, but why does a document need to change my registry?
"Adding the technology to an existing piece of software is a monumental task,"
No doubt, but deleting 95% of the source tree and leaving a proper, simple, secure PDF viewer could be done in a day by the tea-lady.
Enabled by default
which is good, but should it even be an option? I can't immediately think of any situation where you'd need to turn it off, so why not have it permanently enabled? I doubt it will be too long before someone finds an exploit that lets them turn off the sandbox.
But how much extra size will Adobe X be compared to 9? How much extra junk is included?
$5 says root exploit in the wild within a week
This *is* Adobe Reader we're talking about, after all.
So.... even more bloat??? No thanks I'll stick with Foxit! Smaller and seems less prone to the issues that plague Adobe - Like Microsoft - they need to accept that this tired old pile of code needs a ground up re-write to remove the bloat and improve security
Um... It's already out
From Adobe's website: (http://kb2.adobe.com/cps/837/cpsid_83708.html)
Acrobat and Reader X products
Latest release: Acrobat Pro and Standard X for English, French, German, and Japanese, November 15 2010, Reader X November 18.
Date Ver. Type Focus
Nov 2010 10.0 Major A major release with new and improved features. Reader and support for other languages have a phased rollout. Acrobat EFGJ: Nov 15, Reader EFGJ: Nov 18, Acrobat and Reader for all other languages: Mid December.
All I had to do is click on the help menu and then select Check for updates...
Firefox IS Already Sandboxed. Also Is Evince. Also Is Apache
Because Linux does have a generic solution called AppArmor. Apply it to whatever software you choose.
Oh, you want to run on Windows ? My condolences.
Sandboxing on Windows
Windows also has a generic solution, through the "Protect my PC" check-box in the RunAs dialog. It certainly breaks apps that expect to be able to write to the user's own profile (file system and registry) but I've never seen a precise description.
Of course, the problem is that your average user *wants* some random PDF to be able to "do whatever it needs to do" to their system. There's no protection against that.
Evince - pity it doesn't work
I tried to make Evince the default .PDF handler here. It worked nicely until people tried to print the PDF files created by out document scanner. It turns out that Evince won't reliably print images in documents.
Just why they want to make a paper copy of a document that we had scanned so that we could get rid of the paper copy (or at least put it in cold storage) is a conversation for another day. Today's conversation is about that "crappy open source software that IT are trying to force us to use".
Too little too late.
I've always been pro-Adobe reader, even if it was bloated.
But since 9.x, it's beyond a joke. Even by my jokey standards.
And I haven't even started on Adobe DLM. What the hell were they thinking?
Google it, not one freaking bloody good word about it.
Thanks Adobe, for making my choice that much easier by stopping me from getting it in the first place.
And no, I don't use FoxIt. Tried it, vomited, and kept looking.
You may want to try Sumatra PDF. Fast and simple, does one thing only: displays pdfs.
find foxit is better, less likely to cause me hassles :)
Yes, sure, sandbox the bloatware!
That's really a nice idea. First, create a reader that works. Then, add bloat. Then, more bloat. Then, download manager, toolbars, spyware, and so on. Then, a little more bloat.
In the end, add even more bloat to keep the bugs inside.
I use Linux, so I don't care. But when I have to use Windows, I use something else to read PDF files.
Re: Too little too late
"And no, I don't use FoxIt. Tried it, vomited, and kept looking."
In my experience, FoxIT displays the text and diagrams of any PDF you feed it and I can't think of anything else I'd *want* an application to do with a PDF.
What is it that you want your PDF viewer to do, the absence of which is sufficiently nauseating that you throw up? I'm genuinely curious.
Oh happy fucking day
yet another pile of cr4p from Adobe I get to update all the computers in the house with.
Adobe, prepare for a boot in your bum -- you're about to leave my building -- you're no better than MSFT and equally virus ridden.
My feeling is that MS is actually much better than Adobe, despite the fact that MS is vastly inferior to Linux.
Just have a look a the Adobe Flash Manager, which lets you choose update checking intervals. The shortest time interval is SEVEN days. MS and Linux can push a patch in a matter of hours, Adobe needs at least a week.
Certainly enough time for the bad guys to distribute a Flash virus via Doubleclick et al.
Sandboxing, worse icons, and flogging online services
Well one out of three isn't bad...
Reader X - 33% extra free!
AdbeRdr940_en_US.exe [Sep 23 12:42] 27634824
AdbeRdr1000_en_US.exe [Nov 11 00:43] 36791704
- One HUNDRED FAMOUS LADIES exposed NUDE online
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64