Processing .....please wait.. 
The article has been forwarded.... 
Adobe to rewrite PDF Reader for security
By SiliconIndia | Wednesday, 13 October 2010, 01:56 Hrs
Bangalore: Adobe systems has offered more details of the 'sandbox' security feature it plans to implement to secure its hugely popular but often-attacked PDF Reader software. The latest description put out by the security development team makes clear that Reader's new 'protected mode' will look like a ground-up re-design of how the program operates, almost from scratch.
Font rendering, Javascript execution, 3D rendering, image parsing and other PDF functions in the new reader will happen within the confines of the application itself, isolating these from the privileges of the operating system. The new design won't stop exploits targeting Reader but they will limit what can be done from within its confines. At the moment, that is more or less anything the attacker wants, including being able to take over the system.
The challenge is to enable sandboxing while keeping user workflows functional without turning off features users depend on. As the developers admit, the potential hole in security is always the operating system itself, which can still be compromised, although exploiting such vulnerabilities is as easy as it easy a few years back. Microsoft's software development lifecycle (SDL) has tightened up code security.
The first version sandbox will also not protect against read access to the file system (which allows data theft) or registry, or restricting network access, but future versions will look at this aspect of security.
Font rendering, Javascript execution, 3D rendering, image parsing and other PDF functions in the new reader will happen within the confines of the application itself, isolating these from the privileges of the operating system. The new design won't stop exploits targeting Reader but they will limit what can be done from within its confines. At the moment, that is more or less anything the attacker wants, including being able to take over the system.
The challenge is to enable sandboxing while keeping user workflows functional without turning off features users depend on. As the developers admit, the potential hole in security is always the operating system itself, which can still be compromised, although exploiting such vulnerabilities is as easy as it easy a few years back. Microsoft's software development lifecycle (SDL) has tightened up code security.
The first version sandbox will also not protect against read access to the file system (which allows data theft) or registry, or restricting network access, but future versions will look at this aspect of security.
Don't Miss ( 1-5 of 25 )
Post your Comment
All form fields are required.
Write your comment now
Beautiful and dress selection, please go to Dresses
Sign Up for DailyDose and Read the Day's Highlights
Email:
 |
SiliconIndia:
About Us |
Contact Us |
Help |
Community rules |
Advertise with us |
Sitemap
News:
Technology |
Enterprise |
Tech Products |
Startups |
Finance |
Business |
Career |
Magazine |
Dailydose |
News archive
Career:
Jobs |
Companies |
Mentorship |
Videos |
Career blogs |
Training Institute |
Freshers
Online courses:
Web developer |
Java developer |
CCNA training |
SEO |
SAS |
SQL server 2005 |
J2EE
Education:
MBA |
MCA |
Engineering |
Overseas Education |
Internship
Life:
Jokes |
Bookstore |
Relocate |
Marketplace
Cities:
Startup |
Real estate |
Finance
Send your and help us continue to improve SiliconIndia
© 2012 SiliconIndia all rights reserved
© 2012 SiliconIndia all rights reserved