madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks

By | July 20, 2010, 8:43am PDT

Summary: The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks

The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.

The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.

In an interview, Arkin said the sandbox is scheduled for release before the end of this year and is based on Microsoft’s Practical Windows Sandboxing technique.  The sandbox will be turned on by default and will display all operations in a PDF file in a very restricted manner.follow Ryan Naraine on twitter

“Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality,” Arkin explained.

[ SEE: ZoneAlarm ForceField puts browser in a sandbox ]

The first sandbox implementation will isolate all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003.  Arkin believes this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.

The sandbox will not be backported to older versions of Adobe Reader.

In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information on the user’s computer.

“This will help us protect against most of the attacks we’re seeing today.  The attacker will end up in a sandbox and will need a second attack to escape to do [dangerous things].” Arkin said.

Arkin made it clear that sandboxes are not guaranteed bulletproof perfect.  It will not protect users against all types of security attacks such as phishing, clickjacking, weak cryptography or unauthorized network access.

However, this is a significant defense-in-depth addition that makes it much harder (and expensive) for an attacker to successfully launch attacks using vulnerabilities in Adobe Reader.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Attacker, Adobe PDF, Adobe Acrobat Reader, Sandbox, Attack, Brad Arkin, Microsoft Windows, Security, Productivity, Operating Systems, Software, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 29 Talkback(s)

  • Any sign of when Adobe disappears
    ...and we won't need Adobe reader or yet another useless "broker process" running in the background wasting resources? Total trash.
    ZDNet Gravatar
    croberts
    20th Jul 2010
  • The broker process...
    .@croberts

    ...would only run when Adobe was running. As it uses so much memory at the moment I doubt people will notice the difference!
    ZDNet Gravatar
    DevJonny
    21st Jul 2010
  • Not even that
    @DevJonny
    The broker process will (if anything like IEs broker process) only run when it is needed. On top of that (if designed correctly) it's functionality will be severely limited - something like saving/retrieving files, so it will be small.
    ZDNet Gravatar
    honeymonster
    21st Jul 2010
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    @croberts

    Why is it total trash when it's rather lightweight and designed to protect you from getting viruses? I don't get it. I think it's a great idea.

    no nonsense muscle building download
    ZDNet Gravatar
    todd_b17
    21st Sep
  • Wasn't it one of Adobe's broker processes that allowed Vista to fall...
    ...during PWN2OWN. I believe it was related to Flash.
    ZDNet Gravatar
    ye
    20th Jul 2010
  • Yes
    @ye
    Yes, Flash is sandboxed (when running in IE - not in Firefox or Chrome). But for whatever reason Adobe had designed their own broker process (instead of using the IE supplied one) - which furthermore had the capability to launch arbitrary programs. Go figure. A bug in this broker process combined with a Java bug was what was used in pwn2own.
    ZDNet Gravatar
    honeymonster
    21st Jul 2010
  • The real shame
    is that companies are now routinely driven to such measures just to thwart off scum. It'd be one thing if it was a matter of tightening up loose code and unforeseen holes, or implementing a new security feature set or two, and then the job was done. But instead there never seems to be a beginning to the end in this everlasting story that equates to an elaborate and forlorn tail chase.

    It's too bad were incapable of handing out more severe retributive measures against punks and criminals rings involved in netcrime and malware distribution. The seminal days of such acts being relatively benign and mostly for bragging rights are long over. A mailed fist needs to descend on these criminal enterprises, but as a collective were too soft and globally unorganized to do what is necessary.

    In the meantime, this never ending story continues with everyone wasting time, hard earned money and shrinking assets so the growing miscreant base can noodle and extort to their heart's content.
    ZDNet Gravatar
    klumper
    20th Jul 2010
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    @klumper Research Paper Help
    Term Paper Help
    Essay Help
    ZDNet Gravatar
    rainnwilson94
    8th Sep
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    @klumper Thesis Help
    Dissertation Help
    ZDNet Gravatar
    rainnwilson94
    8th Sep
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    Isn't the Reader bloated enough?
    ZDNet Gravatar
    markbyrn
    20th Jul 2010
  • Bloated? What do you mean bloated?

    You know very well that RAM memory and hard disk space is cheap. Also, if you don't own a 16 core PC with 10 PetaBytes of DDR10 RAM and a 100 ExaBytes SSD HDD by now, you are a giant looser.
    ZDNet Gravatar
    wackoae
    20th Jul 2010
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    @markbyrn
    It is. I stopped using it the moment I found Foxit Reader. And I do have a quad core and 9 gig of RAM to "waste", but chose not to.
    I also stopped using ZA (paid version) back in 2005 when the program totally locked me out of the web, and I rec'd no help whatsoever on that from ZA tech support. There are plenty of alternative (and very good) programs to put the bloatware to shame, and I'm happy we do have these options.
    ZDNet Gravatar
    jedikitty@...
    21st Jul 2010
  • I Sandboxie my whole firefox stack
    @jedikitty@...
    Foxit Reader is nice. I use it too, but still run everything under Sandboxie. I get the best of all worlds.
    ZDNet Gravatar
    BrooklynPennyPincher
    21st Jul 2010
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    @markbyrn

    I think a lot of the programs now are... It's to protect us from all these fraudulent programs/scripts running rampant in the web. If you just want basic functionality, then i'd guess you're better off with the very first release and foregoing all the security benefits of all the "bloated" ones.

    buy pull your ex back
    ZDNet Gravatar
    kristyhutchins
    10th Oct
  • RE: Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks
    We, some of us, are not pros; we just use hand-me-downs; e.g. windows 95, 98, 2000, me, etc.. What about us. Does MS, Linux, Apple, etc. lead Adobe around by the nose? Why doesn't Adobe help us poor folk, too? Sure I can see why they need to cowtow to OS upgrades but...we have to use them too.
    ZDNet Gravatar
    Gpa's
    22nd Jul 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here