Adobe has revealed that it will strengthen the security controls in the Adobe Reader application by adding sandboxing in the next release. With malicious attacks targeting Adobe products more frequently, it is definitely a move in the right direction, but there are also more secure PDF reader alternatives you can start using today.
The sandboxing feature will not be available until the next major release of Adobe Reader, which Adobe expects to be release by the end of 2010. Adobe specified that the sandboxing security control will not be included in the Mac version of Adobe Reader, as the vast majority of threats exploiting Adobe products are aimed at Windows systems.
Users don't have to wait for the Adobe Protected Mode, though. Alternative PDF reader applications like FoxIt Reader and Nuance PDF Reader have similar security controls and then some, and these products are available now.
Brandt also recommends that users take a look at FoxIt Reader. He explains that FoxIt "released their 4.0 product a few weeks back and it has a whole slew of new security features, including sandboxing, which I was really impressed with. I've also found that it reduces the problem of a vulnerable software monoculture."
"Foxit is also far less bloated than Adobe, offers more features in its free product than does Adobe, and doesn't require the use of an annoying download manager to do its updates." Brandt concluded.
Nuance PDF Reader is also available for free. It allows you to fill in and save PDF forms, and annotate PDFs. It can also convert PDF files to other formats like Microsoft Word, Excel, or RTF, and it takes up about a quarter of the hard drive real estate as Adobe Reader. Most importantly, though, it contains security measures vital to protecting your system from malicious PDF files.
I commend Adobe for recognizing the persistent and growing threat that Adobe Reader represents for many organizations, and taking proactive steps to develop a more secure release. In the meantime, though, I recommend that IT admins and business professionals take a look at alternatives to work with PDFs more securely now rather than waiting until the end of the year.