Adobe Strengthens Its PDF Reader


computer training

In the course of daily computer utilization whether it is on a professional or personal level, many users routinely forget or bypass upgrading various software applications on their systems. Sometimes users can get away with this without incurring malware on their systems. But there are many users who aren't so fortunate. These are the cases that are exploited by flaws in the software. One of the favorite and frequent exploitations has been in Adobe's PDF viewer and reader.

Adobe has stated the next release of their Reader will contain a technology called sandboxing. This technique involves separating and isolating various processes from each other and the system it runs on, thereby keeping malicious code from leaving one application to create mischief in another application or the system that resides in. Security experts have believed for quite some time the sandboxing procedure would be a very good move by Adobe. Adobe has had problems in keeping their PDF reader free from vulnerabilities that could be exploited. Adobe's director of security and privacy, Brad Arkin, noted sandboxing will be in addition to the next Windows upgrade to the PDF program. This would appear to be version ten and would seem to occur by the end of the year. Arkin said, “Using the sandboxing technique, those who experience a malware PDF file will discover the successful breach is contained in the sandboxed region.”

Microsoft already uses this technique in their Internet Explorer versions seven and eight and in Office 2010. In the event and exploitation or attack does succeed a second exploitation will be necessary to allow the attacker to move their malware infestation outside of the sandbox in order to do damage. The browser plug-in for reader uses the Protected Mode of Internet Explorer versions seven and eight and the isolation functionality in Google's Chrome browser. This technique will also lend protection to users of the Firefox browser and to users who execute the PDF viewer stand alone version. In the beginning the Reader will have the ability to sandbox calls for writing by the program, which will prevent any attempt by malware to insert malicious code, and a minor release provided later in the future will extend the sandboxing to read-only processes as well, for instance procedures directed towards scouring the system of sensitive information including credit card numbers and various passwords.

“In the first release, anything that needs to be rendered in a PDF file will occur in the sandbox,” Arkin stated. The processes involved will include PDF document parsing along with the images in the execution of JavaScript, which is bad and very attractive way to exploit any vulnerabilities within the reader. By default sandboxing technique will be turned on and rendered as Protected Mode. Adobe first started working on this procedure over a year ago, with a decision of which reader functions would be able to operate outside of the sandbox, for instance being able to write to a disk, or launching a particular attachment or executable file from within Reader.

In the past year Adobe has also taken on a new process in development named the Secure Product Lifecycle which is very much like Microsoft's Software Development Lifecycle. Both processes include a number of security specific procedures in order for developers to create applications with a less number of bugs and vulnerabilities. Adobe is also taken up the practice of releasing quarterly security patches and fixes in order to remain up to date and repairing any flaws in their software. Adobe's Reader and their Acrobat PDF software has been hit many times in the past year and a half, with the count of vulnerabilities increasing. Vendors of antivirus solutions including McAfee, Symantec, and Secunia have noticed hacking attempts and exploits against Reader have increased as much as sixty five percent in the first part of 2010 compared with the entire year of 2009 and the majority of bugs and exploits Windows users have had to face retrace back to third-party software applications including those from Adobe.

Adobe will also instantly a new an automated update procedure to sharply migrate users from the older and more vulnerable software versions to the newer Reader ten and the sandboxing procedures. Arkin said, “We will accept various feedback in terms of how it works in the field, but main concern will to be move users as soon as we can using the updater.” At a date yet to be determined in the future, Adobe will begin to prompt users of versions seven and eight to upgrade to Reader version ten.

CISSP online training in addition to keeping up to date with the latest security fixes and exploits is the best combination possible to protecting your valuable computer systems, networks, and critical data. The K Alliance training in the area of information security and certification training should be instituted in enterprises and organizations seeking to strengthen their defenses.

About Us: Training Click is an online resource of CBT training courses, online training videos, and IT certification boot camps. Project management training courses and PMP certification training that follows the project management book of knowledge is available, bringing a globally proven process and procedure of delivering successful projects. Instructor led training in all formats contain graphic presentations and demonstrations, hands-on lab work, quiz assessments, and more. Training Click Is a Superior Resource And Location to Satisfy Your Training Requirements.