According to Anup Ghosh, founder and chief scientist) of Invincea, Symantec's Internet Security Threat Report identified the PDF as the number one infection vector in 2009 of all Internet exploits, with Microsoft Internet Explorer placing second, third, and fourth, Adobe Flash in fifth place, and numbers 6 through 10 going to MSIE plugins.
And Kaspersky Lab's Information Security Threats in the First Quarter of 2010 Report echoes these findings: "Exploiting Adobe applications accounted for almost half of all reported security threats."
"Infected PDf files are a greater carrier of threats than web sites, making the programs used to read PDF files as potentially dangerous as web browsers," said Ghosh.
That's the bad news, joining the steady stream of bad news about insecurities and vulnerabilities in what seems like almost every type of file and every application used to work on them.
The good news: there is a steady stream of securing solutions.
In April 2010, for example, Invincea (previously known as Secure Command) introduced its Invincea Browser Protection, which uses a form of virtualization to insulate and isolate the user's computer from threats executing within the browser. Currently, according to a chat I had with Ghosh mid-November, Browser Protection runs on Windows, and supports Internet Explorer 6, 7 and 8, and will soon support FireFox.
More recently -- mid-November -- Invincea intro'd its Invincea Document Protection, using its virtualization technology here with Adobe Reader.
Given the ongoing onslaught of PDF vulnerabilities, this is the kind of tool we, sadly, need to be looking at, and using.
Adobe has been working on more secure versions of its Reader (as well they should!), using, according to Ghosh, Microsoft Practical Sandboxing, which is what Microsoft uses for Protect Mode in MSIE 8, as does Google for Chrome."
This is somewhat similar, Ghosh agrees, to running applications on Windows as a user rather than Administrator.
However, this sandboxing isn't sufficient, Gosh notes. "This still leaves all the other Adobe elements."
So Invincea's putting a wrapper around Reader makes sense.
"Whenever you open a PDF, we do it in a fully virtualized secure environment using Adobe Reader," said Ghosh. By using Invincea Document Protection, "You're protecting against things escaping to the operating system, to the hard drive, to the working environment, or other places," said Ghosh.
According to Invincea, when a user opens, reads or prints a PDF file, "If any malicious application behavior is initiated -- execution of a suspicious script, a corrupt file, or a potentially damaging program-Invincea Document Protection automatically detects the threat in real time, terminates it, captures forensic data, disposes of the tainted environment, and quickly restores to a known good state -- providing the same exceptional protection as Invincea Browser Protection."
Selecting a secure PDF reader doesn't strike me as tricky as securing a web browser, where features vary among the browsers, and where many users have a carefully cultivated and configured ecosystem of add-ons and plug-ins. On the other hand, there is a range of features and usability even within PDF readers.
There's no shortage of other sandboxing/virtualization solutions out there, from Zone Alarm's ForceField for use with FireFox and Internet Explorer (included in Zone Alarm's full security suite, also available separately).
Other approaches include running a hypervisor like VMware, Xen or Microsoft Hyper-V, and running a separate virtual machine, OS instance and all, with the browser in that; possibly some an application virtualization tool like Altiris SVS (which "shims" the Windows Registry). Or a separate computer and a KVM switch...
FYI, I've been using ForceField for several years, since its original beta. Whether it -- and, to be fair -- whether any of the security software I'm running -- has protected me from anything, I don't know.
"FireFox is also a sandboxing technology," according to Ghosh. "Our approach is different. We don't run the Adobe Reader natively on the system, we run it on a separate [virtual] machine."
"There's a Federal and defense sector that understands the threat," says Ghosh, in terms of initial, ahem, target markets for Document Protection. Other likely sectors include financial services and health care... but ultimately, any Windows user is likely to encounter PDFs.
Somewhat like Dell KACE's free Secure Browser (see my July 19, 2010 blog post), Invincea is bundling a copy of the browser and its security wrapper.
Some important things to understand about Invincea's security products:
One: You can't use Document Protection as a browser plug-in, per se. According to Ghosh, if you open PDFs within Browser Protection, it will providing the security.
Two: End users can't add their own plug-ins. According to Scott Cosby, vice president of products and operations at Invincea, "Today, our product does allow IT to add plug-ins into their implementation of our browser, and they can customize that to their exact specs. Our customers have indicated that in the future they need more flexibility to allow certain users to add plug-ins directly and we will support that use case."
And, said Ghosh, "We ship [Browser Protection] with every plugin you need to render content on the web."
Both products work with Windows XP, Vista, and Windows 7.
Current pricing for Invincea Document Protection is $15/seat/year, and Invincea Browser Protection, $60/seat/year. (Volume discounting applies.)