Security Sandbox Improved Malware Protection In Adobe’s Reader Software


Nearly one week ago, M86 reported Adobe’s ActionScript and JavaScript Languages Navigate Around Traditional Anti-virus Platforms, Adobe on Tuesday previewed forthcoming security technology in the next major release of its Reader software, Adobe is taking to help protect users from attacks in a rapidly evolving threat landscape: Adobe Reader Protected Mode, –the name was borrowed from the security feature in Microsoft Internet Explorer.



Not only Flash Player, but also Adobe Reader and Acrobat are widely installed applications for reading and creating PDF files. Over the past 18 months, Adobe Reader users have been repeatedly hammered by hackers pushing attack code that targets un-patched security bugs in the application. The sandbox architecture called “Protected Mode” to defend the system can against vulnerability exploits in Adobe Reader, and the processes such as JavaScript and image parsing, 3D rendering in separate areas will be confined to prevent malicious.

Scheduled for inclusion in the next major version release of Adobe Reader, Protected Mode is a sandboxing technology based on Microsoft’s Practical Windows Sandboxing technique. It is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode.

Brad Arkin, Adobe’s senior director of product security and privacy said:

“With Adobe Reader Protected Mode enabled (it will be by default), all operations required by Adobe Reader to display the PDF file to the user are run in a very restricted manner inside a confined environment, the ’sandbox,’”


Reader and all plugins code will run in the sandbox. The actions such as writing to a user’s temporary folder are not permitted. Malicious code sneaks onto a computer by successfully exploiting a hole in Adobe reader be contained within the sandbox. Arkin said,

“Even if an attacker is able to take over Adobe Reader you’ll be protected,”

Because the vast majority of Adobe Reader downloads and exploits are on Windows, Adobe’s sandbox is Windows-only and will initially be limited to blocking write operations, there are no plans to add this feature to the version for Mac.

The sandboxing approaches that Microsoft has pioneered in Office, including the sandbox for its search subsystem, the MOICE sandbox, and Protected View, are there to improve the overall state of security on Windows. Adobe has been working closely with the Microsoft Office security team — Microsoft’s and Adobe’s products compete on many fronts, but it makes sense for Redmond to help its partners in the area of security.


Of course, it won’t be effective for users who don’t upgrade even if Adobe is successful in developing a rock-solid sandbox for Reader, so automatic updating is considered to promote better security than manual updating.

In fact, it has been understood for a long time now that allowing remote code execution is dangerous, Adobe Reader, Acrobat and Flash are all known to create additional vulnerabilities when you install them on your system. If you don’t want to wait for the Adobe Protected Mode, the products such as FoxIt Reader and Nuance PDF Reader with similar security contorls are available for windows users.

Anyway, as what Arkin said:

“It’s an exciting new step, but it’s not the security cure-all that will fix all problems forevermore,”