News

Adobe Reader To Get Microsoft Sandbox Security

As Adobe Systems applications face increasing security threats, Microsoft is stepping up to lend a helping hand.

Microsoft is providing some of its sandboxing security technology, developed for Microsoft Office, to its partners, including Adobe, according to David LeBlanc, a Microsoft senior technologist for network security, in a blog post. One of the first such product collaborations involves Adobe Reader, a plug-in utility for reading PDF files.

"Office and Adobe compete on many fronts, but we put all that aside when it comes to helping protect customers from security issues," LeBlanc wrote.

Sandboxing is a security methodology that allows developers to separate running applications. The Microsoft-Adobe sandbox program provides a set of commands and technical resources designed to allow Adobe Reader to run securely during a Windows session. Adobe modeled the program after Microsoft's Practical Windows Sandboxing technique, which is "similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode," according to Adobe spokesperson Brad Arkin.

The next release of Adobe Reader will have a protected mode that will sandbox all "write" calls on Adobe Reader PDF documents opened during Windows sessions. It will work with Windows 7, Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003, Arkin explained.

Arkin added that "even if an exploitable security vulnerability is found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files, changing registry keys or installing malware on potential victims' computers."

Security experts welcomed the collaboration and believe that where security is concerned competition must take a backseat, especially in cases where programs and systems are interoperable.

"Microsoft and Adobe have an extremely large user base. This is evident by the number of attackers exploiting vulnerabilities on their software," said Jason Miller, data and security team manager at Shavlik Technologies. "Although sandboxing Adobe Reader should help mitigate a great deal of vulnerabilities, there is still the potential of future vulnerabilities with the product."

This new collaboration may represent a continuation of other initiatives that began earlier in the year, such as security patch cooperation between Adobe and Microsoft. Such alliances should lead to better communication and better overall protection for customers.

"I think this is an indication of something we need to see," said Tyler Reguly, senior security researcher at nCircle. "All big vendors should be working together to better ensure the security of their systems and to protect their end users. These vendors share customers, so working together to provide a better end product is really just common sense."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.