The Inquirer-Home

Adobe cages its PDF reader

Pokes it with a big stick
Wed Jul 21 2010, 12:11

APPLE OF STEVE JOBS' EYE Adobe has introduced a protected mode for its Reader software.

The popular application, used to view portable document format (PDF) files has, according to the firm, "attracted increasing attention from attackers looking to target the largest possible number of users for maximum gain." A year after it started mulling the idea of increasing security, Adobe has come up with the idea to 'jail' the application, limiting its ability to run amuck.

Adobe, for reasons known only to itself, decided to proudly announce that it had worked with the industry's benchmark of insecure software, Microsoft, to come up with its solution.

Those worried that Adobe will have picked up bad habits from the Vole can rest easy as the firm said it also consulted other software outfits including Google.

The protected mode will mean that "all operations required by Adobe Reader to display the PDF file to the user are run in a very restricted manner inside a confined environment, the 'sandbox'."

Adobe claims that if the Reader program wants to carry out any operation that is not permitted in the restricted environment, then a 'broker process' is consulted. Depending on the policy rules, it determines whether or not to allow the operation.

The firm says that initially the policy will disable all write commands outside the protected environment. This move, according to Adobe will "mitigate the risk of exploits seeking to install malware on the user's computer or otherwise change the computer's file system or registry." The policy will be tweaked in future releases of Reader to address other security problems that may arise.

The firm has slated its protected environment for inclusion in the next "major release" of Reader, though Adobe did not mention when that would be. In the meantime, Adobe's software has free rein to do whatever it likes. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Internet of Things at Christmas poll

Which smart device are you hoping Santa brings?