Security lessons from Adobe Reader

Security lessons from Adobe Reader

Summary: Adobe announced another security improvement to Adobe Reader last week: a "sandbox" for the Windows version that will help prevent malicious PDFs taking over users' computers.

SHARE:

Adobe announced another security improvement to Adobe Reader last week: a "sandbox" for the Windows version that will help prevent malicious PDFs taking over users' computers.

On Patch Monday this week Brad Arkin, Adobe's head of product security and privacy, explains why the company chose to implement a sandbox, what threats it will and won't counter, and how the company went about this massive programming task.

The sandbox is yet another result of Adobe adopting a process based on Microsoft's Security Development Lifecycle (SDL). David Ladd, who leads the team at Microsoft that developed the SDL, introduces us to the Simplified Implementation of the Microsoft SDL, a free 17-page guide that any developer can use — whether they're large or small, and whether they're developing for Windows or another platform.

Patch Monday also includes Stilgherrian's random look at some of the week's IT news headlines.

To leave an audio comment for Patch Monday, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 26 minutes, 8 seconds

Stilgherrian spoke with David Ladd at Microsoft's Trustworthy Computing Tour. He travelled to Redmond, Washington, as a guest of Microsoft.

Topics: Security, Software Development

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Correction: At one point I say the next version release of Acrobat Reader will be in August. It will actually be "later this year", not August. Brain-fade on my part.

    I also tongue-slip at one point and mention "Acrobat for Windows" when I mean "Reader for Windows". I think that's just showing my age: the reader-only product was originally called "Acrobat Reader".
    stilgherrian