Q&A: Adobe's Brad Arkin on dealing with security

We spoke to Brad Arkin, Adobe's director for product security and privacy, about coping with security threats and future plans.

It's definitely already working in getting protections out to users, but it is hard to measure how many attacks would have happened if it wasn't there.

There's the mechanics of putting the information in the right format and sharing that. That is a little bit of extra work but it is worth it.

You recently announced sandboxing for Reader. Could you explain a little more about what this is and the benefits it will bring?

The marketing term for sandboxing is Adobe Reader Protected Mode and it is a way to take all the activities involved and render them in a PDF file so you can actually see it on your computer and put it inside a sandbox process that runs with low rights.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The end result is that a bad guy that finds a flaw and is able to take over Reader will get stuck inside the sandbox. So they'd have to leverage a two-stage attack to actually do something interesting, whereas today they just need to find that one flaw.

This is an exciting mitigation technology but it is not perfect. It is not going to fix every single possible problem but it will make it harder for bad guys to do interesting things.

It will be available before the end of the year and it will be in the next available version.

This is a really exciting mitigation technique that will defend against all the different types of attacks that we have seen in the real world today. Then we'll just have to respond to what happens next.

Will sandboxing become more widespread in software in the future?

It is really hard to do but it is also quite a powerful mitigation technique. We're looking at ways in which we can use sandboxing for other Adobe products, but until they find a way to do a lot of the work that we had to do by hand, I don't know if sandboxing is going to become the standard.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/data-protection/354492/currys-pc-world-parent-firm-hit-with-ps500k-fine-over
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020
Visit/security/ransomware/354483/travelex-disruption-caused-by-devastating-ransomware-attack
ransomware

Travelex disruption caused by devastating ransomware attack

8 Jan 2020