Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Putting PDF Reader In a Sandbox

kdawson posted more than 4 years ago | from the and-stay-there dept.

Security 225

Captain Eloquence writes "The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks. The initial sandbox implementation will isolate all 'write' calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Adobe security chief Brad Arkin believes this will mitigate the risk of exploits seeking to install malware on the user's computer or otherwise change the computer's file system or registry. In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information from the user's computer."

Sorry! There are no comments related to the filter you selected.

Who needs it? (4, Interesting)

Animats (122034) | more than 4 years ago | (#32970760)

I have only Sumatra PDF on my Windows 7 machine. I don't have a copy of Adobe's viewer on the machine at all.

Sumatra PDF is dumb, but reasonably secure. It can't do cut and paste, it doesn't do forms, and it doesn't have Javascript.

Re:Who needs it? (1)

mutherhacker (638199) | more than 4 years ago | (#32970870)

True. I also use SumatraPDF. Adobe Reader was uninstalled recently when it started "preparing content". I wish sumatra PDF had odd-even page printing.^^

Re:Who needs it? (3, Interesting)

Peach Rings (1782482) | more than 4 years ago | (#32971118)

You shouldn't be relying on sumatra PDF for printing at all, its printing support is terrible and the author says that it's unlikely to be fixed.

I just use evince. It even has a native Windows installer.

Re:Who needs it? (1)

mutherhacker (638199) | more than 4 years ago | (#32971302)

ic. I'm trying Nitro PDF now so we'll see how that goes.

Re:Who needs it? (5, Informative)

Suicidal Teapot (820232) | more than 4 years ago | (#32970960)

Many people need it. There are plugins and workflows that use Acrobat in many different businesses, and most small/medium businesses couldn't afford to have alternatives written for them, and have to stick to the commercial offerings. For me specifically, I send clients PDF proofs of printing orders, and any reader other than Acrobat can't be relied upon to be accurate enough for proofing purposes: they usually mess up transparencies, fonts, and other critical information.

I need it. (0)

Anonymous Coward | more than 4 years ago | (#32971278)

This.

My customers sends a lot of blueprints as PDF files. I tried the alternatives because I think Acrobat is bloated, but the competitors had issues with printing. One printed everything as raster images and another one couldn't print anything at correct scale.

need vs use (1)

interkin3tic (1469267) | more than 4 years ago | (#32970982)

That's good that you have an alternative that works for you on your home computer, but you're never going to get my whole department to trade some of those features for security, even the ones who -could- install it themselves. Them using an insecure PDF viewer is problematic for me because I have to use the same network. Thus it's a good thing.

Re:Who needs it? (1)

Kenja (541830) | more than 4 years ago | (#32970996)

People who buy house and other things that require usage of e-signatures and other electronic documentation.

Re:Who needs it? (5, Insightful)

plasticsquirrel (637166) | more than 4 years ago | (#32971152)

"I don't use Adobe Reader, so why would anyone else need to? Why can't everyone just change to something else?"

Sorry, but the vast majority of users have Adobe Reader installed to view PDF files, and they will not know why or how they should change to something else. Add to that the fact that the security of shitty-but-popular popular affects us all by proxy, and these things really do matter.

It's like saying, "Well, I don't care about malicious JavaScript and ActiveX in Internet Explorer, because I use Firefox on Linux. Who needs that other crap?" Most other people are just going to use default garbage, and the entire Internet is impacted by this.

Still, there are always Slashdot posts in the vein, "I don't use software X, I use software Y, so it doesn't matter." It's a naive and self-centered view of the world that unrealistically assumes that because a particular geeky reader found a way around a problem, that it has ceased to become a problem, or that the entire world should then follow this in emulation. Wake up, the world is bigger than the basement you inhabit.

Re:Who needs it? (1, Insightful)

bit9 (1702770) | more than 4 years ago | (#32971780)

Sounds like you're overreacting a bit. The OP's comment sounds to me like a reasonable suggestion that would probably fit the needs of a significant percentage of Adobe Reader users. A solution doesn't have to be completely general in order to be useful.

Re:Who needs it? (1)

rsborg (111459) | more than 4 years ago | (#32971906)

I have only Sumatra PDF on my Windows 7 machine.

Adobe Reader/Professional has grown into a sort of "Enterprise" software, since the PDF format is hard to edit properly (even in Adobe Professional). As Enterprise software, it's bloated, has way too many features that most users don't even know about (Javascript Debugger, wtf?), and is a security nightmare... yet those businesses who need it will never give it up (the legal domain is pretty much all about PDFs and TIFFs).

What would be needed to make an drastic improvement is a new document standard that meets the needs that PDF fills without the cruft or security holes... kind of like a PNG to PDF's GIF. I have no idea if anyone is looking at any such effort.

Re:Who needs it? (1)

helix2301 (1105613) | more than 4 years ago | (#32972162)

Small business, non-profits and home users have no idea there is an alternative and have no idea there is a security risk involved. Money is also a big issue when it comes to this to purchase an alternative and train people cost money that most people that do now about the issue cannot afford to spend and will not spend. One thing I have noticed is school districts especially rely heavily on the Adobe products and cannot change because of other school districts. This is a problem abobe can hopefully resolve and make better because this product is not going away.

Sandbox (0)

ceraphis (1611217) | more than 4 years ago | (#32970774)

Sounds suspiciously Apple-like. iPhone apps do this very thing.

Re:Sandbox (5, Funny)

repka (1102731) | more than 4 years ago | (#32970994)

Sounds suspiciously Apple-like. iPhone apps do this very thing.

No shit Sherlock: sandboxing, emulation, memory and hardware virtualization, CPU ring modes are all Apple inventions from 1970s and Windows 7 you're browsing from right now has its code base from Apple Lisa of that era.

Re:Sandbox (0)

Anonymous Coward | more than 4 years ago | (#32971504)

Wrong, try again.

Re:Sandbox (1)

ceraphis (1611217) | more than 4 years ago | (#32971652)

Do most third party applications on PCs put themselves in a sandbox? Is this Adobe adopting the way of the majority or are sandboxed applications rare in a PC environment?

I was under the impression that using a sandbox wasn't standard and the first thing that came to mind was the sandbox limitations Apple is famous for imposing on every third party developer for iDevices.

Re:Sandbox (3, Insightful)

rahvin112 (446269) | more than 4 years ago | (#32971824)

And Apple Stole every aspect from the XEROX PARC development. They guy credited with creating the GUI and Mouse worked for Xerox, not Apple. Xerox let them steal it, no question, but don't give credit where it's not due, PARC is responsible for far more than what you are crediting to Apple. The only thing Apple did was make these software interfaces cost effective by using commodity hardware instead of PARC'a tendency to use specialty hardware.

Re:Sandbox (0)

Anonymous Coward | more than 4 years ago | (#32971154)

So does Java. Does this mean Adobe and Apple are going the way of Sun Microsystems? Gasp!

They should put it in the trashbox (4, Insightful)

Joe Snipe (224958) | more than 4 years ago | (#32970780)

That piece of bloatware should be put on a harsh diet before that.

Re:They should put it in the trashbox (0)

Anonymous Coward | more than 4 years ago | (#32971686)

Agreed. The very idea that a "Reader" or a "Viewer" would need to have all of its "write" operations be sandboxed is a testament to how out-of-control that thing has become.

Re:They should put it in the trashbox (1)

jmerlin (1010641) | more than 4 years ago | (#32972180)

Can someone say "too broke to fix" ?

Finally.. (4, Insightful)

Anonymous Coward | more than 4 years ago | (#32970782)

It appears Adobe finally realized that a document reader shouldn't have access to my entire sysetm.

This is all good but... (0)

Anonymous Coward | more than 4 years ago | (#32970796)

If this adds another 10mb to the download, then forget it, I'll be sticking to Foxit PDF and/or Sumatra PDF.

Re:This is all good but... (0)

Anonymous Coward | more than 4 years ago | (#32971204)

Yeah, an extra two or three seconds worth of download time is surely too much for anybody to consider installing it.

Re:This is all good but... (5, Funny)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32971836)

No, don't worry. Because of how bloated Acrobat Reader already is, Adobe was able to fit a re-skinned copy of virtualbox, containing a minimal linux image running Evince, in a package smaller than the prior download.

This is how they managed to get a "sandboxed" PDF reader out in less than the usual absolutely glacial Adobe development timeframe...

first post (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32970798)

go ahead and mod me down.

Question (4, Insightful)

wonkavader (605434) | more than 4 years ago | (#32970808)

Why does a PDF viewer need to give the document the ability to write at all?

Would ripping some of the crazy features out of the PDF spec solve this more completely and reasonably?

What do we use PDFs for which involves writes?

Re:Question (5, Funny)

Anonymous Coward | more than 4 years ago | (#32970846)

What do we use PDFs for which involves writes?

Malware installation.

Re:Question (5, Informative)

Anonymous Coward | more than 4 years ago | (#32970852)

Probably editing and note taking. I draw on PDFs all the time, and I'm glad I'm able to save the edits.

Re:Question (1)

MoonBuggy (611105) | more than 4 years ago | (#32970880)

It doesn't.
Yes.
Things that a document format is not in any way appropriate for.

Re:Question (1)

CarpetShark (865376) | more than 4 years ago | (#32970898)

Why does a PDF viewer need to give the document the ability to write at all?

Because after unlink() you might want to create some new stuff?

Re:Question (2, Insightful)

sconeu (64226) | more than 4 years ago | (#32971124)

In a PDF Writer, yes. In a PDF *VIEWER*, no.

Re:Question (1, Funny)

Anonymous Coward | more than 4 years ago | (#32971030)

Huh? How the hell are you going to save the top scores for the pacman game embedded on page 23 of the PDF, if you can't write files?

Re:Question (4, Informative)

Kenja (541830) | more than 4 years ago | (#32971100)

Signing documents, adding notes, adding addendum, filling out forms, etc. There is more to PDF's then text.

Re:Question (4, Insightful)

rudy_wayne (414635) | more than 4 years ago | (#32971196)

Signing documents, adding notes, adding addendum, filling out forms, etc. There is more to PDF's then text.

It's called Acrobat READER and it is supposed to be for READING PDF files. It is completely inappropriate for it to be able to WRITE anything. Adding extra crap is the reason that it has so many security flaws.

Re:Question (3, Insightful)

H0p313ss (811249) | more than 4 years ago | (#32971314)

Signing documents, adding notes, adding addendum, filling out forms, etc. There is more to PDF's then text.

It's called Acrobat READER and it is supposed to be for READING PDF files. It is completely inappropriate for it to be able to WRITE anything. Adding extra crap is the reason that it has so many security flaws.

Indeed... the write capabilities should be completely disabled until they are turned on by the user. Even better would be a "Reader Light" with no write capability at all for the 99% of users who will never use Acrobat to complete a form.

Re:Question (2, Informative)

Anonymous Coward | more than 4 years ago | (#32971488)

Even better would be a "Reader Light" with no write capability at all for the 99% of users who will never use Acrobat to complete a form.

A note on PDF form signing with the free Reader: the Reader does not allow electronic signing unless the document itself is signed with a producer key that is issued by Adobe. In other words, you get to sign for free if your users are using the full Adobe suite. If they only have the Reader, you need to pay something like $20000 to Adobe to get a producer key which allows you to embed the signature block which unlocks the e-signing features of the Reader. So, a hacker wanting to exploit the e-signing mechanism would need to cough up $20k to obtain a producer key, or steal one somehow, before he could even get started.

Re:Question (1)

Simon (S2) (600188) | more than 4 years ago | (#32971364)

Adding extra crap is the reason that it has so many security flaws.

Just because you think it's crap doesn't mean it's useless.

Re:Question (1)

blai (1380673) | more than 4 years ago | (#32971452)

Like, not even highlighting? That's a bit mean...

Re:Question (5, Funny)

jim_v2000 (818799) | more than 4 years ago | (#32971884)

YEAH! And Microsoft WORD should only let you use WORDS...not crappy images and all that.

Re:Question (1)

MBCook (132727) | more than 4 years ago | (#32971270)

Why can't that data be stored in a little SQLite database (or some such) in the PDF file? Why does it need to be able to write other files on my filesystem? Why does it need to be able to write to My Documents?

Re:Question (1)

Peach Rings (1782482) | more than 4 years ago | (#32971138)

What spec? All that scripting support is Adobe only.

Re:Question (1)

ksandom (718283) | more than 4 years ago | (#32971252)

Agreed. Although in the mean time it should be a *fairly* effective work around to keep the users who *need* these features happy, while making the malicious code harder to write. If they intend to have these features still working, they will have to punch holes in the sand box, so i have no doubt that there will be ways around it. But I do see this as a positive short term step.

Re:Question (4, Insightful)

nine-times (778537) | more than 4 years ago | (#32971490)

With Acrobat, Adobe has fallen into a particular bloat trap usually reserved for Microsoft and AV vendors. It goes like this:

You release a product, and it does one specific thing well. Lots of people buy it, and you have a success on your hands. You come up with a bunch of fixes and new features, and release version 2. Again, lots of people buy it. Same thing again with Version 3, maybe version 4... and so on. This is the normal ideal for-profit software development model.

However, at some point you start developing what will become... let's say version 5. You start working on it, and you can't think of any good features to add in. Version 4 already does everything you want that software to do, but you can't just stop there-- you wouldn't be able to sell any upgrade anymore. At the same time, you can't just release bug-fixes and improve performance, since you wouldn't be able to justify charging people for a new version that consisted only in bug fixes. You don't want to head in an entirely new direction because it might alienate current users. You don't want to invest in creating a new product instead, because new products are risky. You just want to find a way to continue milking your cash cow.

Eventually you come up with a bunch of flashy-sounding features that you can advertise even if almost no one uses them. You invest in marketing to make people feel like this new version will allow them to do lots of things that they'll probably never actually do. You reorganize the interface, shifting controls around for no reason other than to make things look "new". You discontinue support for older versions. You modify your file formats so that they'll be slightly incompatible with older versions, or at least you make sure your older versions throw up some kind of warning that says, "This document was made with a newer version. Upgrade now!"

You do a whole bunch of that stuff, and sure enough, people buy it. You set out to make version 6, and you find yourself in approximately the same bind. Some people are still happily using version 4 of your software, and you haven't been able to convince them to upgrade. So then you start throwing even more powerful-sounding but useless features at your customers. "This version has SecureBit technology, which will make all of your bits secure. Make sure you upgrade, or all your information will be eaten by hackers!" and "This version has the latest support for the latest AwesomeX technology. Make sure you upgrade, or you'll find out your friends can do cool things that you can't!" Little by little, you push customers to the latest version. This is now your business model.

With each version, you throw in more and more stuff. Maybe some of it's useful. Maybe there are even 2% of your customers that actually make good use of AwesomeX technology. Mostly, though, your software gets more and more bloated with stupid things so that you have an excuse to keep charging money.

Ultimatley PDF have been fine for making print documents for a long time. Acrobat and Acrobat Reader have improved in some ways, but even old versions were adequate for producing static PDFs. Adobe's only hope for continued growth is to push PDF to be used for more and more things that it is not well suited to handle. Adobe has made it so each PDF file can be kind of like its own stand-alone application by using javascript and Flash.

Operating System Feature (4, Interesting)

Anonymous Coward | more than 4 years ago | (#32970834)

Should it be an operating system feature to force all user applications to run in a sandbox by default?

Re:Operating System Feature (0, Offtopic)

Paracelcus (151056) | more than 4 years ago | (#32970984)

Sandboxie, Foxit reader, CutePDF writer.
All Free, solves all your problems.

Re:Operating System Feature (1)

Blue Stone (582566) | more than 4 years ago | (#32971216)

Sandboxie, though excellent is nagware once its 30 day trial expires (a small delay before launching is hardly nagging, but, nevertheless...)

Comodo Firewall has a sandboxing app built into it (along with AV and anti-malware) without any nagging (although you have to remember to un-tick some bundled app (yahoo?) during install.

Re:Operating System Feature (0)

Anonymous Coward | more than 4 years ago | (#32971750)

I own a copy and Sandboxie is well worth the cost. It also has generous licensing terms allowing you to legitimately install it on all your computers and upgrades for life.

Re:Operating System Feature (1)

ksandom (718283) | more than 4 years ago | (#32971322)

Should it be an operating system feature to force all user applications to run in a sandbox by default?

Sandboxie, Foxit reader, CutePDF writer. All Free, solves all your problems.

Yes, but missing the point. If it happens by default at the OS level, everyone does it. If it's an app you have to download, a few do it.

However, there will probably be some interesting issues with a one-size-fits-all approach to sand boxing.

Re:Operating System Feature (1)

repka (1102731) | more than 4 years ago | (#32971128)

It's getting there: as earlier command prompt OS and UI shell earlier were (more) separated, right now hypervisor and OS are individual products. Wait 5 years...

For now you can use UAC/sudo, non-root user accounts or Sandboxie and its alternatives.

Operating System Feature: VM's. (0)

Anonymous Coward | more than 4 years ago | (#32971194)

Well in windows 7 you can use the Windows XP virtual mode and with it's integration into the start menu it's pretty transparent it's running under a VM.

Re:Operating System Feature: VM's. (1)

repka (1102731) | more than 4 years ago | (#32971392)

True, but not as transparent as I'd like it. I'm in, once they get GPU virtualization performance as the CPU one... or just move all SIMD logic into CPU and standardize instruction set.

Re:Operating System Feature (1)

TejWC (758299) | more than 4 years ago | (#32971192)

The problem is that most OSs out there (including Windows, Mac and Linux) are user-centric, rather than application centric (at least, by default). When you run Acrobat, it has the same permissions that you have (which, in many cases, allows the application to do many things). Adobe's solution is to make Acrobat limit itself in what it can do.

If you really want an operating system based solution, you could make a separate "acrobat" user (which doesn't have any read/write permissions), run Acrobat as this separate user and do a "sudo" whenever you want to allow acrobat to read/write to a file on the filesystem. Windows might have a smarter way of doing this, but it is not enabled for the applications you install by default.

Re:Operating System Feature (1, Interesting)

0123456 (636235) | more than 4 years ago | (#32971390)

If you really want an operating system based solution, you could make a separate "acrobat" user (which doesn't have any read/write permissions), run Acrobat as this separate user and do a "sudo" whenever you want to allow acrobat to read/write to a file on the filesystem.

Giving Acrobat root permission whenever it wants to write to the disk would be rather brave.

In the real world you'd create an Apparmor or SELinux profile which only allowed it to write to a few places and that would be it. Unless you're on an antiquated OS like Windows, anyway.

Re:Operating System Feature (2, Informative)

evJeremy (1721378) | more than 4 years ago | (#32971450)

Uh, no one mentioned giving Acrobat root permissions. Where did you get that idea?

Re:Operating System Feature (1)

0123456 (636235) | more than 4 years ago | (#32971558)

Uh, no one mentioned giving Acrobat root permissions. Where did you get that idea?

Uh, which part of "do a "sudo" whenever you want to allow acrobat to read/write to a file on the filesystem" did you miss?

Re:Operating System Feature (1)

multi io (640409) | more than 4 years ago | (#32971896)

sudo can run processes under any other user account (if so configured), not just "root".

Re:Operating System Feature (1)

Spock the Vulcan (196989) | more than 4 years ago | (#32971912)

RTFM. SUDO(8)

...sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file...

Re:Operating System Feature (1)

repka (1102731) | more than 4 years ago | (#32971458)

Apparently, I'm using more modern version of Windows, than you've got. It's NT4 and has the feature you've mentioned. Check it out.

Re:Operating System Feature (1)

0123456 (636235) | more than 4 years ago | (#32971584)

Apparently, I'm using more modern version of Windows, than you've got. It's NT4 and has the feature you've mentioned. Check it out.

NT4 has an equivalent to Apparmor or SELinux which allows me to prevernt Adobe Reader from writing to anywhere other than its own files?

Re:Operating System Feature (1)

bheer (633842) | more than 4 years ago | (#32972176)

Don't know about NT4 (not used it since the 90s), but XP and up have SteadyState [wikipedia.org] . Check out its disk protection feature, it's functionally chroot with a wipe after app exit.

Re:Operating System Feature (1)

Blakey Rat (99501) | more than 4 years ago | (#32971606)

Unless you're on an antiquated OS like Windows, anyway.

And you can't do it on Windows because...?

Oh wait, you can. If you couldn't, then this story would probably not exist, as Adobe wouldn't be able to do it either. Idiot.

This is only news because Adobe is finally admitting their product is crap. Now if they only took steps to improve the quality of all their other products... but I guess you can't have everything.

Re:Operating System Feature (1)

0123456 (636235) | more than 4 years ago | (#32971628)

And you can't do it on Windows because...?

Again, where's Windows' equivalent of Apparmor or SELinux?

Perhaps there is one that I'm not aware of, but if it exists I'm rather surprised that no-one's ever used it to block the huge security holes in Windows.

Re:Operating System Feature (3, Informative)

Blakey Rat (99501) | more than 4 years ago | (#32971758)

Again, where's Windows' equivalent of Apparmor or SELinux?

Well, since I've never worked with those products, you don't seem to be interested at all in explaining what the holy fuck they do, and since I'm not telepathic, I can't answer that question.

Perhaps there is one that I'm not aware of,

Not aware of? It was posted IN THIS THREAD LIKE 3 POSTS UP! Seriously, WTF is wrong with you. IIRC, you yourself picked it apart based on a fucking typo (sudo instead of su).

You're being purposefully dense to make some point about your fucking pet software you won't bother to explain. Stop it. It's pissing me off.

Re:Operating System Feature (1)

exomondo (1725132) | more than 4 years ago | (#32972248)

And you can't do it on Windows because...?

Again, where's Windows' equivalent of Apparmor or SELinux?

Perhaps there is one that I'm not aware of, but if it exists I'm rather surprised that no-one's ever used it to block the huge security holes in Windows.

The windows equivalent of SELinux would be a combination of UAC and Group Policy.

Re:Operating System Feature (1)

cbhacking (979169) | more than 4 years ago | (#32972262)

Integrity Levels, while not configurable in the sense of AppArmor profiles, serve much the same purpose (low-integrity apps, like IE, can't write files outside of low-integrity locations like the Temporary Internet Files directory, can't directly invoke apps with higher integrity levels, and can't use various forms of IPC to higher-integrity processes; this is what Protected Mode is all about). It would be nice if there were more control over things like ILs, but that's largely why Windows has a bunch of user accounts with names like NetworkServiceNoImpersonation and SqlServer: you run potentially vulnerable programs under those accounts, then use NT's fine-grained permissions structure to grant those accounts just enough access to just the objects that they need access to. In the end, it solves the same problem, but it is tricky to do that for interactive programs like a browser or PDF reader.

Re:Operating System Feature (1)

maestroX (1061960) | more than 4 years ago | (#32971284)

Should it be an operating system feature to force all user applications to run in a sandbox by default?

Yes, it is called user privilege separation and available in current modern and older sensible systems (i.e. users).

Sample session for future system featured with UAC and every process in its own sahara:

% cp oldfile newfile
> Do you wish user (i.e. YOU) to execute 'cp' (Y/N)? Y
> Do you wish cp to read oldfile (Y/N)? Y
> Do you wish cp to write newfile (Y/N)? Y
> captcha: confirm this is not a script: "#$#!?!"? #$#!?!
- cp: not enough disk space

Re:Operating System Feature (1)

Hatta (162192) | more than 4 years ago | (#32971702)

This is what SELinux is for.

Desperation (3, Insightful)

jridley (9305) | more than 4 years ago | (#32970848)

Honestly, give up on Adobe Reader. There are other options. FoxIt has about the same feature set, and CAN do all the dangerous boneheaded stuff like embedded javascript and external execution, but by default it's off, and the vast majority of people never need that stuff.

On the skinny end there's Sumatra (too skinny for me, no browser plugin). At the other end is Nitro PDF, which has a TON of features even in the free version.

Honestly, just take Adobe reader right off your machine. Do it now.

Re:Desperation (4, Interesting)

MBCook (132727) | more than 4 years ago | (#32971232)

I'm on OS X, so I use Preview (built in), and it's amazing. It looks great, and it's fast as heck. Because of this I was able to go a long time without having to use Adobe Reader.

Then I ran into a PDF at work (Windows boxes) and suddenly remember the word of pain and slowness that Reader caused. I now use FoxIt on Windows. It's not perfect (the experience of using Preview is much smoother), but it doesn't act like it owns my computer.

I recently discovered that not only do PDFs on Snow Leopard have icons that look like their first pages, but when you mouse over them two little buttons pop up and you can turn pages on the icon so you can easily see if a small PDF contains a specific chart without having to open preview or quicklook.

Some Mac blogger wrote a little while ago that if it wasn't for Preview, Mac users would have abandoned PDFs years ago as slow and bloated (the impression Reader leaves on both Mac and PC). Between Preview and the built in Print to PDF support, you forget how obnoxious PDFs can be on other platforms. MS should make a PDF reader and embed it into 7 SP2. It has to be better than Reader, and 95%+ of users don't use the fancy form-filling auto calculation Javascript magic stuff.

Re:Desperation (-1)

Anonymous Coward | more than 4 years ago | (#32971352)

that's funny, because preview is shit and adobe reader performs better

Re:Desperation (1)

cybrthng (22291) | more than 4 years ago | (#32971742)

foxit is terrible these days.. it can't embed correctly to save its life, its slow, getting bloated and the installer likes to install toolbars and crap. I loved it 2 years ago.. not so much now.

How about 'read' calls too? (1)

NevarMore (248971) | more than 4 years ago | (#32970850)

Why not sandbox it entirely? If the JS engine in Acrobat can run arbitrary commands I don't want it reading files from my local filesystem either. I suppose it wouldn't directly be able to transmit those files if its not able to write to a network socket, but that doesn't mean it should be allowed to read random things either.

Adobe obviously wants to keep a very tight grip on the PDF ecosystem, why not limit Reader and only allow it to perform scripting actions on signed and verified PDFs? This benefits Adobe since the only tool that can create and submit PDFs for signing and verifying would probably be from Adobe.

chroot (2, Informative)

cream wobbly (1102689) | more than 4 years ago | (#32970888)

Now if only there were a way for the OS vendor to provide a common sandboxing technology to all software publishers...

Adobe -- UR DOIN IT RONG! (0)

Yossarian45793 (617611) | more than 4 years ago | (#32970896)

Adobe -- UR DOIN IT RONG! (Insert picture of adorable cat here)

Re:Adobe -- UR DOIN IT RONG! (0)

Peach Rings (1782482) | more than 4 years ago | (#32971160)

etc etc [xkcd.com] .

Doesn't matter (5, Insightful)

MadGeek007 (1332293) | more than 4 years ago | (#32970902)

A sandbox doesn't matter if said sandbox has as many flaws as the orignal reader...

Re:Doesn't matter (2, Insightful)

spazdor (902907) | more than 4 years ago | (#32971310)

goodbye, PDF->payload

hello PDF->chroot breaker code->payload

How do you keep stuff like tidserve out. (3, Insightful)

rsilvergun (571051) | more than 4 years ago | (#32970916)

TIDserve gets right past virtualization. It uses a privilege escalation in IE to find the virtual OS' drivers and then it follows the driver chain down to atapi.sys (which it can exploit).

Litter ! (2, Informative)

Rastignac (1014569) | more than 4 years ago | (#32970928)

My cat's sandbox is the right place for Adobe's products.
Too heavy, too slow, too buggy, too dangerous, etc.

software noob but... (3, Interesting)

freeschwag (134804) | more than 4 years ago | (#32970958)

IANAMCSE but.....(I am not an MCSE :) )
Is there just no possible way to develop software that is NOT exploitable?

Re:software noob but... (3, Insightful)

king neckbeard (1801738) | more than 4 years ago | (#32971144)

There are good practices for security to minimize security risks, but nobody at Adobe has ever heard of them.

Re:software noob but... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#32971428)

Is there just no possible way to develop software that is NOT exploitable?

Depends on what your software is doing. If your software has to change any of the bits on the hard drive - Exploitable. If your software interacts with a database - exploitable. If your software contacts the internet - exploitable.

Time, money, skill and resources tradeoff... (1)

Sits (117492) | more than 4 years ago | (#32971806)

(I'm not an MSCE either but I have written program snippets). My vague hand wavy thinking is that it is a difficult problem with a time, money, skill and resources tradeoff. You could:

  • Reduce the attack surface area by making software small. Software that doesn't open any files, take any parameters or read from the network is more difficult to exploit. However software that doesn't take any input is a bit self defeating. If you feel your software HAS to have complicated input interactions (e.g. an embedded programming language) there may be no easy way of doing this.
  • Make software that has no bugs or flaws in it. If your software is perfect and its specifications are perfect then there aren't any exploits. This is really hard to do though - it's impossible to show that every single possible program you could write doesn't have any bugs in it. You can go the mathematical route and try to write programs from (proven!) mathematical equations. These should have far fewer bugs but you then have to be sure you got the specification correct in the first place... This is also requires high skill while being expensive and time consuming for even small programs and only becomes more expensive as the program has to grow in size. If your program never makes it market (because it took too long to write or cost too much to make) then you also get no return for your effort.
  • Try and mitigate damage that could occur. You can write the program so that pieces run in different sandboxes with different privileges/abilities. The hope is that (like compartments on a ship) a hole in one area won't lead to damage in another area. This is expensive in terms of time to write and often requires more resources but it does seem to be the direction that Internet (e.g. web browsers, servers) facing apps are going.

The above also assumes that you don't get done in by software you (the author of the program) didn't write (e.g. the operating system code for drawing a letter has a hole in it and this allows an attacker to then break your program).

Basically non exploitable software is a difficult problem and because writing perfect programs is so hard, damage mitigation with sandboxing is probably the way we will go for now (unless you are writing something life critical etc). The resources to do the sandboxing are higher than without but we are at the stage where it is worth the cost.

Let's hope.. (1)

Mascot (120795) | more than 4 years ago | (#32970962)

One can always hope that with half of Windows 7 installations being 64 bit [slashdot.org] , malicious software readily bypassing the protection will force Microsoft to finally implement a sufficient API [sandboxie.com] for sandboxing.

Doesn't matter (1)

MadGeek007 (1332293) | more than 4 years ago | (#32970980)

A sandbox doesn't matter if said sandbox has as many flaws as the original reader...

This reminds me of Word Macros (5, Insightful)

Lord Byron II (671689) | more than 4 years ago | (#32971060)

It seems that Microsoft already went through this 15 years ago with Word macros. It's kind of scary that these companies that are producing software for looking at / creating documents would enable this sort of functionality in their file formats. I realize that there are a handful of applications where it's beneficial to have a document be able to write to the filesystem, but for 99.99% of documents, what business do they have reading or writing anything?

It would be like if you bought a book, sat it down on your desk, and when you pick it up later, you find that the book was doodling on your desk the whole time.

Re:This reminds me of Word Macros (1)

ksandom (718283) | more than 4 years ago | (#32971348)

It would be like if you bought a book, sat it down on your desk, and when you pick it up later, you find that the book was doodling on your desk the whole time.

I love that analogy! :D

And yet they still haven't made a version... (5, Informative)

mark-t (151149) | more than 4 years ago | (#32971078)

... for 64 bit linux.

Sure there are free pdf readers that work on Linux and 64 bit, but I find that none of them are as flexible with regards to printing options as Acrobat is.

And the last time I installed multi-libraries on my system supporting both 32 and 64 bit, primarily just so I could use Acrobat, I started having some stability issues that I would just as soon not repeat.

Re:And yet they still haven't made a version... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32971158)

Why would 32-bit libraries cause stability issues? Other applications wont use them if they're already 64-bit. If its Acrobat iself having stability issues, a 64-bit version wouldn't help most likely. .

Re:And yet they still haven't made a version... (1)

mark-t (151149) | more than 4 years ago | (#32971630)

What happens is that, when installing new 64-bit programs, the linker would sometimes want to link with the 32-bit versions of the libraries instead of the 64-bit ones.

Re:And yet they still haven't made a version... (0)

Anonymous Coward | more than 4 years ago | (#32971264)

... for 64 bit linux.

Sure there are free pdf readers that work on Linux and 64 bit, but I find that none of them are as flexible with regards to printing options as Acrobat is.

And the last time I installed multi-libraries on my system supporting both 32 and 64 bit, primarily just so I could use Acrobat, I started having some stability issues that I would just as soon not repeat.

Why would they target software for Linux 64 bit when the ROI for windows (or even Mac) is so much higher? Goodwill doesn't pay the bills. Selling software does.

{moderator notes: I run linux on my router and my pc. this isn't a linux troll. it's a valid business question}

Re:And yet they still haven't made a version... (1)

mark-t (151149) | more than 4 years ago | (#32971644)

The reader has always been free. Having the reader available on all platforms makes the commercial pdf writer more attractive to people who might wish to utilize it.

Curious (1)

BigBadBus (653823) | more than 4 years ago | (#32971210)

Will there also be a sandbox to prevent another shite Adobe product causing my browser to flash?

But what will they put the sandbox in? (2, Insightful)

kindbud (90044) | more than 4 years ago | (#32971400)

Just sayin'...

Re:But what will they put the sandbox in? (0)

Anonymous Coward | more than 4 years ago | (#32971842)

Same thing I always found in my sand box as a kid, SHIT.

Keep your nigger kids out of the sandbox! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32971416)

Otherwise the cat will try to bury them...

Word

Why yes... (1)

Killer Eye (3711) | more than 4 years ago | (#32971468)

Why yes, because when I think of what it would take to quickly open and view PDFs, I immediately conclude that the only solution is a program big enough and complex enough to require a sandbox, to make sure that it can't be exploited.

For years, Adobe has been creating extremely bloated software. And it has been years, not coincidentally, since I've wanted to install any of their stuff.

Why did PDF have to have all this crap added to it? The answer is, it didn't; Adobe just wanted to keep extending their reach, for as long as they could convince people to keep installing "free" readers that just happen to contain your kitchen sink. Enough.

The real question is. . . (4, Funny)

jafac (1449) | more than 4 years ago | (#32971746)

Who sandboxes the sandboxers?

PDF Programming Platform (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32971960)

The initial sandbox implementation will isolate all 'write' calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003...

I was always perplexed at how a text document can somehow make calls to an operating system. It seems to be that PDF is a programming interface that supports text, and not a document format.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?