Adobe Systems, the originators of the widely used Portable Document Format (now an ISO standard), and makers of the Adobe Acrobat and Reader software, today announced a new family of products, including Adobe Reader X and Acrobat X. This new series of software, which Adobe says will be available sometime in November, will incorporate numerous new features and capabilities; the Acrobat product, used to create PDF documents, will include improved integration capabilities with Microsoft’s SharePoint and other applications, to facilitate collaborative work.
For most users, though, the potentially more important news is that the new Reader X package will include the “Protected Mode” operation that Adobe first announced publicly in July of this year. This will put all the processing of a PDF document in a “sandbox”, much as the Google Chrome or Mozilla Firefox browsers do with plugins. This means that, if a PDF document contains an attempt to write to the user’s disk, or launch an external application, the request will be intercepted and scrutinized before it is allowed to proceed.
Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality.
This approach, assuming it is implemented correctly, has the potential to limit the use of attacks popular with malware developers.
This, in turn, should be welcome news for users. Because it is a cross-platform application, and because it is so widely deployed, Adobe Reader has been a target of choice for the Bad Guys. Making their job harder is a good thing for everyone else.
The ThreatPost blog from Kaspersky Labs also has an article on this announcement.