Members
Stats
  • Total Posts: 28531
  • Total Topics: 8240
  • Online Today: 963
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Adobe plans more secure version for the end of 2010. (Adobe Reader 10)  (Read 1601 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Adobe Systems plans to release a major security upgrade by year's end to its Reader product, which has been under siege from attackers.

Reader 10 will have a sandbox feature that will seal off the application from attacks intended to tamper with, for example, a computer's registry or file system, said Brad Arkin, Adobe's director for product security and privacy, during an interview on Tuesday at the RSA security conference in London.

Reader 10 will mark a major upgrade to the application, capping off more than 18 months of development. Like many other Windows applications, Reader has been increasingly probed in order to infect computers with malware. Adobe has had much trouble with attackers finding vulnerabilities in its products. Often, those flaws are exploited by manipulating PDF (Portable Document Format) documents.

The sandbox will be on by default. If an exploit -- which is a mechanism developed by an attacker in order to deliver malicious software to a computer -- attacks the application, it won't be able to get out of the sandbox, Arkin said.

The sandbox method has been used by both Microsoft and Google in their applications, and Adobe worked with both of those companies in developing the system for Reader.

"The amount of attack surface is very, very small," Arkin said.

The sandbox, however, also has to allow regular functions such as saving a file. In that scenario, the sandbox can talk to the file system, but that communication goes through a broker. The broker uses a set of very restrictive policies to see if the particular action is allowed.

Essentially, Adobe has created a two-stage attack requirement, where an attacker would also have to bypass the policy restrictions. Arkin said Reader 10 represents a dramatic increase in defense such that none of the attacks against Reader known up until now will work in the same way against the application.

But "bad guys and researchers won't give up because this is an exciting challenge," Arkin said. "The reward for finding out a flaw is quite high. We think there is going to be lots of attention here."

Although Adobe has subjected it to rigorous testing "it is still possible that someone may be able to find something," he said.

(PCW)

Samker's Computer Forum - SCforum.info





amitraina

  • SCF Member
  • **
  • Posts: 86
  • KARMA: 14
thnks for inf

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising