News

Adobe Reader To Get Microsoft Sandbox Security

• By Jabulani Leffall
• July 22, 2010

As Adobe Systems applications face increasing security threats, Microsoft is stepping up to lend a helping hand.

Microsoft is providing some of its sandboxing security technology, developed for Microsoft Office, to its partners, including Adobe, according to David LeBlanc, a Microsoft senior technologist for network security, in a blog post. One of the first such product collaborations involves Adobe Reader, a plug-in utility for reading PDF files.

"Office and Adobe compete on many fronts, but we put all that aside when it comes to helping protect customers from security issues," LeBlanc wrote.

Sandboxing is a security methodology that allows developers to separate running applications. The Microsoft-Adobe sandbox program provides a set of commands and technical resources designed to allow Adobe Reader to run securely during a Windows session. Adobe modeled the program after Microsoft's Practical Windows Sandboxing technique, which is "similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode," according to Adobe spokesperson Brad Arkin.

The next release of Adobe Reader will have a protected mode that will sandbox all "write" calls on Adobe Reader PDF documents opened during Windows sessions. It will work with Windows 7, Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003, Arkin explained.

Arkin added that "even if an exploitable security vulnerability is found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files, changing registry keys or installing malware on potential victims' computers."

Security experts welcomed the collaboration and believe that where security is concerned competition must take a backseat, especially in cases where programs and systems are interoperable.

"Microsoft and Adobe have an extremely large user base. This is evident by the number of attackers exploiting vulnerabilities on their software," said Jason Miller, data and security team manager at Shavlik Technologies. "Although sandboxing Adobe Reader should help mitigate a great deal of vulnerabilities, there is still the potential of future vulnerabilities with the product."

This new collaboration may represent a continuation of other initiatives that began earlier in the year, such as security patch cooperation between Adobe and Microsoft. Such alliances should lead to better communication and better overall protection for customers.

"I think this is an indication of something we need to see," said Tyler Reguly, senior security researcher at nCircle. "All big vendors should be working together to better ensure the security of their systems and to protect their end users. These vendors share customers, so working together to provide a better end product is really just common sense."