http://www.computerworld.com/s/article/9179403/Adobe_to_beef_up_PDF_secu rity_with_Reader_sandboxing?source=CTWNLE_nlt_pm_2010-07-20
Kinda looks like they know there software is insecure, and the patching is a loosing race, so they are trying to use sandboxing a corrective/detective control to prevent the nasty that can come of using adobe PDF's. Honestly, only of the biggest attack targets is javascript, so why not strip that from running within the product and eliminate a big security threat. I understand that the same scripting languages can be used for good or evil, but honestly, the line has to be drawn somewhere, that and packed PDF's with malicious .exe's and other malcode in them are the next step, sure the sandbox will help, but what if the sandbox becomes compromised or breached itself. Ideas, and thoughts, either way are welcomed... Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
