playing in the sandbox for security

Sounds like Adobe is planning to take action to make Reader a less attractive target for hackers.  According to a report out today, the maker of the ubiquitous document rendering software will release a new version of Reader which “sandboxes” PDF documents in a restricted environment while they are read.  This will mean that if the file contains malicious code, that code will be trapped in a virtual jail and will be unable to access the underlying operating system for its nefarious purposes.  Similar technology is used in Google’s Chrome browser (my personal favorite) and Microsoft Office 2010.  The first version will just block writes to the host computer, but later versions will also control other operations from PDFs.  While this is not a cure-all, it sounds like a great step forward and will provide another layer of defense from evil PDFs.

In other sandbox news, Dell’s KACE systems management division released a free tool which combines Mozilla Firefox browser with Adobe Flash and Acrobat Reader into a virtualized package which allows web browsing to take place within a sandbox isolated from the rest of the Windows environment.  They also offer a management appliance (not free) which will allow enterprises to deploy and manage Secure Browsers on hundreds or thousands of computers.  I have not yet had a chance to play with this tool, but it looks promising.

Leave a Reply