Microsoft lends a hand with Adobe Reader protected mode

Today, as part of the Adobe Reader and Acrobat security initiative, Adobe announced that Adobe Reader will be available in "protected mode" in the next major release of Adobe Reader.

Protected mode is a technology that's previously been seen in Internet Explorer, Google Chrome and Microsoft Office 2010, which effectively sandboxes the application, and restricts it from performing an action outside of the sandbox without verifying whether or not the action is legitimate, which helps stop illegitimate applications before they can access the system.

Adobe says that they have been working closely with Davic LeBlanc, Dan Jump and "other members of the Office 2010 team", as well as the Google Chrome team and various other third party consultancies utilising their knowledge and experience to learn the best way to integrate the technology.

Adobe Reader's new protected mode is based on Microsoft's Practical Windows Sandboxing technique, and will be enabled by default. Adobe Reader will perform all actions it needs to display the PDF file on the PC in a "very restricted manner" inside the sandbox. If Adobe reader needs to access an external application, such as copying and pasting information out, or opening an attachment in an external application, such as Microsoft Word, the requests are "funneled through a 'broker process'" which checks for allowed and disallowed access, to prevent dangerous behavior, such as that found in malware and viruses.

The technology means that if a new security vulnerability is found in Reader, which happens from time to time, Protected Mode will help stop the attacker "from writing files, changing registry keys or installing malware on targeted computers".

According to Adobe, the first release of "protected mode" will be only the first step in implementing the technology, and will sandbox all "write" calls on Windows 7, Vista, XP, Server 2008 and 2003. In future releases of Adobe Reader, the company plans to extend the implementation of the sandbox further to include read-only activities to "stop attackers seeking to read sensitive information on the user's computer", such as personal files and information.

Report a problem with article
Previous Story

Yahoo begins testing Bing search results, fully powered by September

Next Story

Google Images gets a new look

12 Comments

Commenting is disabled on this article.

PDF Xchange is better than Adobe Reader or Foxit Reader. Comes with a decent subset of editing tools for *free*, and you get the rest for another $50 or so. Essentially, 95% of Acrobat at about 20% of the price.

As with Foxit, they are usually unaffected by Adobe Reader vulnerabilities because of the implementation. (Same principle as using a Mac -- expose yourself to fewer attacks by staying away from the one with 90%+ market share.) But PDF Xchange tends to do a little better on complex PDF files than Foxit. The developers are based in Ukraine, and my impression is that they're pretty hardcore.

Adobe's products have a lot to be desired. Why the Reader product has to be so bloated and buggy just to display a page of text and graphics is a joke. Fox-it reader weighs in at 10 megabytes less than a tenth of the Adobe offering, all in one .exe file. Adobe Reader is yet another detestable programme that deserves to die.

boho said,
Adobe's products have a lot to be desired. Why the Reader product has to be so bloated and buggy just to display a page of text and graphics is a joke. Fox-it reader weighs in at 10 megabytes less than a tenth of the Adobe offering, all in one .exe file. Adobe Reader is yet another detestable programme that deserves to die.

foxit is fast at expense of quality.

"Protected mode is a technology that's previously been seen in Internet Explorer, Google Chrome and Microsoft Office 2010"... Which obviously doesn't really work? Get your own s*** straight first, MS! lol

IntelliMoo said,
"Protected mode is a technology that's previously been seen in Internet Explorer, Google Chrome and Microsoft Office 2010"... Which obviously doesn't really work? Get your own s*** straight first, MS! lol

lol
you obviously don't know what you're talking about!
Internet Explorer's protected mode has never been broken.

if you think it has been broken because IE was owned during the last Pwn2Own contest, you're wrong. The attacker only gained "read only" rights (which is enough to win this security contest). Protected mode successfully stopped the hacker from gaining write rights (thus blocking any malware installation attempt).

Other browsers like safari, opera, firefox (or chrome which is sandboxed but doesn't sandbox flash yet) are much more vulnerable than IE, since there is no sandbox in these browsers to prevent flaws exploitation from gaining write access to the user profile (thus an usermode malware could be installed if there is a flaw in firefox, safari, or flash player/ adobe reader)

All products have their flaws, being a big player with stuff like PDF, flash etc will no doubt paint a target on your head.

The technology means that if a new security vulnerability is found in Reader

"If" is not the word to use here. It's about time that Adobe shows they can actually do something about their products' security!

random_n said,

"If" is not the word to use here. It's about time that Adobe shows they can actually do something about their products' security!

No kidding. Adobe sucks at security when it comes to Flash and Acrobat Reader. Case in point, the latest zero-day exploit, which caused a series of infections in our department. This is a good start and a welcome change, but it seems like a lot of unnecessary features are being added to these two platforms that make them insecure in ways the previous iterations weren't, i.e. playing Flash videos in a PDF. That's a bit like leaving your keys in your already unlocked car and expecting it to be okay.