Adobe takes a page from Microsoft with new sandbox protection on Adobe Reader
Adobe’s software products may not have a very good track record as far as security flaws and exploits are concerned, but the company seems to be taking steps that ensure that its programs will be more hardened against the constantly-evolving nature of malware. And first on its list is a layer of protection over its widely-used Adobe Reader software.
Read on to find out more.
When it comes to security, Adobe probably shares the same position with Microsoft over the severity of zero-day exploits and security holes. However, while Microsoft had made great improvements in securing and harderning their software for malicious attacks, Adobe generally took a longer time to patch known vulnerabilities, thus creating the impression that it is not taking security as seriously as the former.
However, that impression is set to change now that Adobe has announced a new layer of protection for Adobe Reader, its solution for opening and viewing PDF files. More interestingly, it seemed that Adobe had some outside help from Microsoft in writing that added protection layer.
According to a blog post by Brad Arkin of Adobe’s Secure Software Engineering Team (ASSET), Adobe is currently working on a Protected Mode for Adobe Reader, which he claims is based on Microsoft’s Practical Windows Sandboxing Technique, and that the team had been working very closely with Microsoft to implement the feature in Adobe Reader.
“Adobe Reader Protected Mode represents an exciting new advancement in attack mitigation. Even if an exploitable security vulnerability is found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files, changing registry keys or installing malware on potential victims’ computers,” he wrote in the post.
He goes on to state that Protected Mode will be turned on by default when Adobe Reader is installed, while explaining that the protection works by making Adobe Reader work in “a very restricted manner inside a confined environment”, or sandbox. And in the event that the application needs to make calls to various parts of the operating system due to circumstances such as writing to a temp folder opening an external attachment, these calls will be intercepted and passed through a series of policies to ensure that the application does not become an unsuspecting centre for malware distribution.
In other words, its implementation and execution is very similar to Windows’ much-maligned UAC. And this brings with it its own problem: there is nothing to stop a user from turning off Protected Mode and exposing Adobe Reader to a whole wave of malware waiting to break into the application.
But on the bright side, at least we can sleep easy knowing that Adobe is taking steps to harden its software against more security flaws.
Source: Adobe ASSET Blog