The never ending saga of Adobe products that have security issues might be coming to an end with the news that Adobe is going to sandbox their products starting with Acrobat Reader X. What is sandboxing? A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. So if something “evil” is inside a PDF, it won’t take over your system. Sounds perfect for Acrobat to me. What does Adobe have to say about this? Here’s what Brad Arkin, Adobe’s senior director of product security and privacy said in this blog entry.
“While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks,”
True, and it’s a hell of a lot better than what they have right now which is no security. Though Adobe had to get some help with this from some of their friends:
Over the last few months, the Adobe Reader engineering team together with the Adobe Secure Software Engineering Team, partners in the software development community such as the Microsoft Office security team and the Chrome team at Google, as well as customers, third-party consultancies in the security community, and other external stakeholders were hard at work to help ensure the sandbox implementation was as robust as possible.
I guess nobody in house could get this done. Now this sandboxing feature is only going to be available for the Windows version of Acrobat Reader X, which means Mac users among others will wonder if this feature will migrate to them.
If you want to take advantage of this, download Acrobat Reader here.
Adobe To Sandbox Acrobat Reader… May Actually Be Secure
Posted in Commentary with tags Acrobat, Adobe on November 21, 2010 by itnerdThe never ending saga of Adobe products that have security issues might be coming to an end with the news that Adobe is going to sandbox their products starting with Acrobat Reader X. What is sandboxing? A sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. So if something “evil” is inside a PDF, it won’t take over your system. Sounds perfect for Acrobat to me. What does Adobe have to say about this? Here’s what Brad Arkin, Adobe’s senior director of product security and privacy said in this blog entry.
“While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks,”
True, and it’s a hell of a lot better than what they have right now which is no security. Though Adobe had to get some help with this from some of their friends:
Over the last few months, the Adobe Reader engineering team together with the Adobe Secure Software Engineering Team, partners in the software development community such as the Microsoft Office security team and the Chrome team at Google, as well as customers, third-party consultancies in the security community, and other external stakeholders were hard at work to help ensure the sandbox implementation was as robust as possible.
I guess nobody in house could get this done. Now this sandboxing feature is only going to be available for the Windows version of Acrobat Reader X, which means Mac users among others will wonder if this feature will migrate to them.
If you want to take advantage of this, download Acrobat Reader here.
Leave a comment »