Adobe sandbox will protect files and technology from malware

Security release prevents write and read-only calls from cyber attackers

Sandbox is being used to protect files

It is hoped that a new security release from Adobe is will put an end to a spate of malicious attacks on PDF files, which are often used as a way of gaining access to the operating system.

The new layer of security, which will be available some time this year and for all versions of Windows, but not for Mac OS, uses a “sandbox” to protect files – technology already used in both Microsoft Office 2010 and Google Chrome.

By default, the Reader will be in “protected mode”, which means that all PDF processing will take place in the sandbox. Brad Arkin, Adobe’s senior director of product security and privacy, said: “Even if an attacker is able to find a vulnerability in the next version of Reader, they would be prevented from taking action such as installing software, creating files, deleting files and tampering with the Registry.”

The one limitation of the protected mode is that it will not work with assistive technologies, such as screen readers, in Windows XP. Users will be able to turn off the protected mode if they need to.

Sometimes Adobe Reader will need to carry out an action, such as writing to the user’s temporary folder, which is not permitted in the sandbox environment. Those requests are channelled through a broker process, which uses strict policies for determining which requests are allowed. Adobe has made these policies configurable by users, though it expects the vast majority will have no reason to change them.

“The sandbox in the initial phase will prevent any exploitation of that application from making ‘write’ calls – calls an attacker would rely on to install malicious software that would allow them to retain control of the computer,” said Arkin.

The prevention of ‘write’ calls was a priority, he added, but a later, incremental release would tackle the much smaller problem of attackers making ‘read-only’ calls: “Theoretically it is possible that an exploit could compromise the software by reading files and sending them to the command and control centre for that attack.These attacks are much more sophisticated and difficult to carry out.”

Arkin was confident that the sandbox would offer a very strong protection against malicious attacks: “Once we get both the ‘write’ and the ‘read’ sandbox implemented, that will effectively defend against 100 per cent of the real-world attacks that we’ve seen against Reader in the past couple of years.”