Adobe - Creating Sandbox Architecture for Acrobat reader

Adobe has announced plans to strengthen it's Acrobat reader when processing PDF files to reduce malware attacks.  It will use Protected mode and Sandbox security concepts to better interface with Windows APIs and potentially reduce some of the dangers today associated with PDF processing.

Adobe - Creating Sandbox Architecture for reader
http://blogs.pcmag.com/securitywatch/2010/10/adobe_describes_upcoming_windo.php
http://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-part-1-design.html

QUOTE: Another approach, which Adobe announced in July, was that they would implement a sandbox architecture in Reader for Windows. All the same vulnerabilities affect Acrobat and most of them affect other operating systems, but Reader for Windows was chosen because it's the overwhelming majority of the installed base and therefore the overwhelming majority of the systems attacked. Remove the ability to attack Reader and attackers will look elsewhere.

The sandbox splits Reader in two: The core functions, including parsing and rendering PDFs and executing JavaScript are done in a restricted sandbox process. If code in that process must perform some potentially dangerous task like calling a Windows API or using the file system, it must call to a separate process called the broker process through interprocess communication. No details are provided, but presumably this IPC mechanism is protected somehow so that it can't be called by inappropriate code.

Because the sandbox process has very little in the way of rights, even if an exploit takes complete control of that process it won't be able to do anything useful.  Sandboxes are great and this one should go a long way towards protecting users.