Adobe has introduced this new security feature in Adobe X, the latest version of the Adobe Reader. This feature helps prevent exploits seeking to install malware and/or change the registry. This should help reduce the web-based attacks with malicious PDF, which had skyrocketed in the past year or so. According to Symantec, it accounted for 49% of web-based attacks in 2009.
Protected Mode is a sandboxing technology based on Microsoft's Practical Windows Sandboxing technique. All operations required by Adobe Reader to display the PDF file to the user are run in a very restricted manner inside a confined environment, the "sandbox." Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user's temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a "broker process," which has a strict set of policies (ACLs) for what is allowed and disallowed to prevent access to dangerous functionality.
This option is enabled by default for all "write" calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Of course, the effectiveness depends on the ACLs and what action is permitted and denied.
Adobe Reader X is available here.
No comments:
Post a Comment