Adobe has at long last released Reader X, a fortified version of its PDF Reader software that is built to withstand attacks from the sort of zero-day security vulnerabilities that repeatedly have threatened its user base over the past several years.
The new Reader X version makes good on a promise Adobe announced in July of this year, when it said it would soon release a new kind of Reader designed to run the application in protected or “sandboxed” mode on Windows. Sandboxing is an established security mechanism that runs the targeted application in a confined environment that blocks specific actions by that app, such as installing or deleting files, or modifying system information. Adobe said that in developing the sandbox technology, it relied on experts from Microsoft and Google (the latter already has incorporated sandboxing into its Chrome Web browser).
The hardened Reader X software is specifically crafted to block attacks against previously unknown security holes in the program. On at least four occasions over the past year, attackers have leveraged newly discovered flaws in Reader to install malicious software when unsuspecting users opened poisoned PDF files.
It would have been refreshing had Adobe chosen this occasion to simplify the process of installing its software. Unfortunately, Windows users who grab the new version from the Adobe home page still need to dodge the add-ons (such as McAfee security scan) and endure the annoying Adobe Download Manager. Those who would rather not monkey around with this stuff can grab the direct download from this link (the direct download link for Mac users is here).
I look forward to the day that Adobe warns of attacks against unpatched flaws in Reader but assures Reader X users that they are already protected against those threats. Only time will tell if this highly-anticipated feature lives up to the hype. A full list of features included in this latest version is available here.