Adobe puts PDF reader in quarantine

This isolation of the Adobe's client software for viewing PDF documents will be available for the Windows version, running on XP, Vista and 7

Adobe provides its beleaguered PDF reader with sandbox technology to thwart exploits. "This is coming out in the next major release", reveals Brad Arkin, head of security at Adobe, to Webwereld.

The software maker has developed collaboration with Microsoft and Google. Specifically the development teams of Office 2010 and Chrome. This office suite and browser makes any isolation techniques also known as sandboxing, from Arkin explains. "We have the entire implementation or myself. For Adobe called the Protected Mode."

Intermediate layer

The sandboxing of Adobe Reader is turned on by default. It should stop almost all current exploits. "For example, it refuses write access to the registry, and writes in the file system of the computer." However if a write permission is needed, as might be the case for legitimate PDF documents, this is done through a new intermediate layer. "The sandbox process must request permission from the broker process. This is a small, newly created piece of software."Arkin is not worried that the new broker might be a new weakness. It will probably be a new attack target. But it will be a line of defence that malware creators have to conquer after they've successfully abused a hole in Adobe's PDF software. The latter has been done before, Arkin notes dryly. The PDF reader from Adobe has since last year been increasingly under attack from malware authors, who find and exploit holes in it.

Not a silver bullet

Adobe does not claim that this puts a stop to all security problems for it's PDF-reader. "It is exciting new technology, but not a silver bullet." This protection does not work against social engineering or some phishing attacks. It does help against malicious PDF files."

Tests in Adobe's security labs have proven the effectiveness of the sandboxing. But those exploits are aimed at the currect situation, the current Adobe Reader. "The malware authors will respond," Arkin acknowledges.Yet he is optimistic: "This will remain an effective protection. The bad guys now have to do a two-stage attack. First they have to hijack the PDF Reader process, and then get through the broker-process." That new intermediate layer functions based on policies: what application component may under which circumstances write where outside of the Reader software, for example in the Windows registry.

For Windows

This isolation of the Adobe's client software for viewing PDF documents will be available for the Windows version, running on XP, Vista and 7. It will be delivered in the next "major release" of Reader, but Arkin can not yet say when that will be. "To clarify: Adobe Reader 8 and 9 will not have the Protected Mode."He stressed that the development of that protection was quite a job: "Adobe Reader is a large, complex application. This was not a matter of 'just sandbox it'." One of the stumbling blocks was the printing functionality, for an existing PDF document and for transforming another document to a PDF by using a virtual PDF-printer. Printing requires a lot interaction, including writing activities, wit the operating system.

'No user impact'

"Adobe Reader will be running in a sandbox, which will include all activities for the viewing of a document, including streams, embedded videos and JavaScript." The isolation covers the application as a whole, but is not applied per PDF document. According to Arkinm the average user will not notice the new security technology. "There is no impact on performance.""There are some cases where there is an impact. For example, users on Windows XP who use 'assisted reading'." The functioning of applications that read text for blind people is not compatible with the upcoming isolation of the PDF reader. "The user will hear a message and instructions how to disable Protected Mode."

Next steps

Initially, the Protected Mode in Adobe Reader only stops write access. That protection will be extended by a smaller update following the next major version containing the sandboxing. That so-called .1 release will deliver sandboxing for read operations.Adobe currently has no plans to implement the sandbox approach into it's professional PDF product Acrobat. That choice is also motivated by the large number of users worldwide of the free PDF-reading application. "But the new PDF Reader can run besides Acrobat and we change the default action for reading PDF files. Reader or its browser plug-in, opens PDFs, not Acrobat."Arkin says that Acrobat is not necessarily excluded, but that Adobe will first wait how the new security measure works out. Basically, it will watch for the response of malware creators. "Maybe we will bring the Protected Mode next to Adobe Reader on Unix, or Mac OS X."

More about: Adobe, Google, Microsoft

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe Systems, applications, pdf bug, security, software
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/21/clamwin-free-antivirus/

ClamWin Free Antivirus

ClamWin Free Antivirus is an open source GPL virus scanner for Microsoft Windows 7 / Vista / XP / Me / 2000 / 98 and ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia