Adobe Reader: Will New Version Block Hackers or Tempt Them?

Last week's Adobe security scare was just the latest evidence that hackers still love to target Reader and Flash. A new version of Reader, due out within weeks, uses innovative technology to toughen defenses -- but malware writers love a challenge.

By Bill Snyder
Mon, November 01, 2010

CIO — Here's a distinction no software company craves: For two quarters running, Adobe's (ADBE) popular Acrobat and Reader software have been the favorite target of hackers around the globe. According to Symantec's (SYMC) quarterly threat assessment, attacks related to PDF usage accounted for 36 percent of malicious activity in the most recent quarter and 57 percent in the preceding three months.

Indeed, yet another attack widespread attack struck just last week, targeting Flash Player, Reader, and Acrobat on Windows, Mac, Linux, and Solaris. The vulnerability, Adobe reports, can cause affected systems to crash and allows attackers to take control of them.

Fortunately, though, help is on the way. By the middle of November, Adobe expects to launch version 10 of Acrobat Reader, built upon a technology known as "sandboxing." Simply put, the program will run inside a kind of digital shell that keeps it from interacting with the rest of the computer—unless it has explicit permission from a feature called the broker. I'll explain how this works in a bit.

There's a rather nasty twist to the latest attack. According to Adobe, it appears to target the latest version of Reader, version 9, while ignoring older versions. That's something of a slap in the face to conscientious users who follow the advice of Adobe and other software vendors to keep up with the latest version of their programs.

PDF Safety Tips

The good thing about Adobe's PDF format is that nearly everybody uses it—and if you just need to read those documents, it's free. Sadly, the program's very popularity is what attracts the bad guys. Hackers, say the security experts, look for a "target-rich environment," and with tens of millions of users, Acrobat and Reader fit the bill.

I've never heard a compelling argument that Adobe's product's are inherently insecure, or simply poorly designed, but from a consumer's point of view, it really doesn't matter. Having a chunk of malware dropped on your computer is always bad news.

So what can you do to stay secure? I wish I had advice that went beyond the conventional wisdom, but I don't. I contacted security experts at Adobe and Symantec, and they both said pretty much the same thing. Marc Fossi, Manager, Research and Development, Symantec Security Response said this:

1. Consumers should make sure to keep their software up-to-date with all the most recent versions and security patches at all times. An easy way to do this is to ensure that applications are configured to retrieve updates automatically whenever there is a live Internet connection.

Continue Reading

White Papers »
DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape
DDoS attacks are larger, stealthier, more targeted, and more sophisticated than ever. In this whitepaper, Verisign has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations.
Verisign State of DNS Availability Report
Few companies can afford the damage - financial and otherwise - that can result from a DNS failure. Yet, the latest Verisign State of the DNS Availability Report shows that DNS availability was a problem for many of the Internet's top-ranked sites. Read more about the risks and potential impacts of network downtime to revenue generation, business
2012 Cyber Crime Threats and Trends
This document provides a valuable overview of key cyber security trends during 2011 and how those trends and others might unfold in 2012. iDefense intends for this report to serve as a reference and a strategic complement to daily tactical intelligence reports for the purpose of providing IT security and business operations with actionable and relevant decision support.
DNS: Risk, Reward and Managed Services
In this report, Yankee Group Research outlines the pros and cons of in-house, ISP and managed service provider DNS management options.
Expert Guide to Secure Your Active Directory
Layered security is the way to go when it comes to protecting Active Directory. This expert e-guide explains the best method to use when planning and designing a security solution. Find out why it is important to secure Group Policy settings and discover how managed service accounts boost server security in R2.
Security-In-Depth Using Integrated Risk-Conscious Controls
Today's attacks on IT infrastructure are becoming more frequent, targeted and sophisticated. They range from well-funded, state-sponsored attacks to attacks from trusted employees and consultants.
Webcasts »
Gartner Next Generation Network IPS Webcast
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
McAfee Continuous Compliance
3 minute Flash video - overview of the need for and value of Configuration Control.
Taming the Wild West: How to build a strong cloud security strategy
Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Quantifying the Business Value of VMware View - Webcast
Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape

Verisign State of DNS Availability Report

2012 Cyber Crime Threats and Trends

DNS: Risk, Reward and Managed Services

Expert Guide to Secure Your Active Directory

Security-In-Depth Using Integrated Risk-Conscious Controls

Continuous Monitoring: Responding to New Threats in More Complex IT Environments

Overcome Top 7 Admin Challenges of Active Directory

Insiders Can Ruin Your Company. Take Action.

Top Solutions and Tools to Prevent Devastating Malware

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Aberdeen Analyst Insight: Does Your Enterprise Have a Dropbox Problem?

Google: Security for Google Apps Messaging & Collaboration

Architecting the Security of the Next-Generation Data Center

Who Owns Security in the Data Center?

Virtual Patching with Network Security

Gartner Next Generation Network IPS Research Note
Sponsored Links

Eliminate storage boundaries with HP.View the on-demand webinar to learn more

It's time to Be Bold. See what's new at BlackBerry World 2012.

Push the limits of virtualization with HP. Get the tech dossiers and learn how you can put an end to runaway virtual sprawl.

Splunk translates machine data into "aha" moments for IT and the business.

Evolving Your Data Center for the Cloud

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Converge your infrastructure with HP. Access a valuable case study in the CI Resource Center now.

Redefine Software support with HP

Click to see how Accenture has delivered high performance to clients

Learn how Accenture helps clients become high-performing businesses.

Join the Conversation. Follow Oracle EPM & BI on Twitter Today.

Check Point Trusted by the Global 100

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

HP Enterprise Security recognized as leader in Gartner's DAST Magic Quadrant - get it now!

Customized information views & Twitter events at New Fulcrum Point

ShoreTel UC cuts costs like no other. Mobilize your business today.

E-book: Discover Business-Ready Storage Systems For Oracle Environments

Managed Hosting Buyer's Guide - Benefits to key considerations

Discover how integration of operations mgmt and service mgmt enhances productivity.

Converge your infrastructure with HP. Access white papers, case studies, videos and more.

High performance. Delivered. Click to see Accenture's client successes

See how Accenture helps clients perform at the highest levels

Compare risk and TCO in single and multivendor networks on Feb 23.

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords