Adobe has updated its Reader and Acrobat software with several new security features, including more robust sandboxing....
Could you break down the changes that Adobe has made? Will enterprise users still need to take special precautions to use Reader and Acrobat securely?
The release of Adobe Reader XI and Acrobat XI were heralded as a milestone release in terms of security, with both products introducing more restrictive sandboxing and other security features. Sandboxing can be an effective method of blocking the exploitation of previously unidentified security holes. Though sandboxing was present in previous versions of Reader and Acrobat, the new releases introduce a more significant implementation through Protected Mode.
Protected Mode (Enhanced) restricts both read and write activities, not just write, as in the past. Write protection prevents an attacker from writing and executing malicious code on a victim's computer, and the addition of read protection is a data theft prevention control to help protect against attackers seeking to read information from the machine. Adobe Reader Protected View (New) and Adobe Acrobat Protected View (Enhanced) both establish a separate window station and desktop. A window station creates a discrete, securable clipboard and desktop where messages can only be sent between processes that are on the same desktop. This control prevents attacks such as screen-scraping, where one application reads data from the display output of another when a PDF file is opened in either the standalone product or a browser.
Enterprises should upgrade to the new versions of Reader and Acrobat because they're certainly more secure than previous versions, but since it's not an update, users will have to manually download and install it; the automatic updater will not install new versions. Enterprise users should still exercise caution when using Reader and Acrobat, and administrators should certainly keep up to date with Adobe alerts and patches.
Related Q&A from Michael Cobb
Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the ...continue reading
Third-party DNS providers claim to improve browsing times and speeds, but are they a secure enterprise option? Expert Michael Cobb explains.continue reading
Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.