Adobe Reader X


This post is a bit off-topic.  Neither the Federal Desktop Core Configuration (FDCC) nor the US Government Configuration Baseline (USGCB) mandate specific settings for Adobe products, and it’s a little unusual for a Microsoft blog to promote an Adobe product.  However, this one is important.
 
Many of our customers make Adobe Reader part of their standard desktop image, or at least have it on the majority of their systems.  Because of its ubiquity, Reader has become a major target for cybercriminals, with a scary increase in the number of exploited zero-day vulnerabilities over the last few years.  When it’s Reader running on Windows that gets attacked (as it often is), our customers suffer.
 
Adobe has just released a major upgrade, Adobe Reader X, that should go a long way toward mitigating these attacks.  Reader X incorporates a “Protected Mode” sandbox, not unlike the Protected Mode we implemented in Internet Explorer 7 and 8, in the Microsoft Office Isolated Conversion Environment (MOICE), and in Office 2010’s Protected View.  Reader X’s Protected Mode should make it substantially harder to mount successful attacks against Windows computers via Adobe Reader.  That’s good for our customers.
 
If you use Adobe Reader, you should begin evaluating Reader X right away.
 
This Adobe blog post announcing the release of Reader X includes links to additional information about its Protected Mode: http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html
 

Comments (1)

  1. Tim says:

    Just wanted to note that on Windows 7 and Windows 2003 systems using USGCB profile settings, Adobe Reader X exits abnormally after about 30secs (after using 100% CPU).

    [Aaron Margosis]  I just installed Adobe Reader X on a Win7 x86 system, then applied all the USGCB settings (including the FIPS crypto setting), rebooted, and tried opening some PDF files.  I found no problems at all.  What anti-virus are you using? 
    (That’s what I always blame first. 🙂

    Now, I didn’t try installing it on a system that already had USGCB applied, because I couldn’t find a standalone installer and didn’t want to waste time with their browser-based ActiveX installer.  I didn’t see any red flags, though, that would prevent
    a standalone installer from working as part of an automated image build.