Adobe 12001196 - Acrobat - Mac Manual page 21

Application Security Guide Section 3 Protected Mode
Sandboxing leverages the Operating System's security model to sandbox an application. Virtualization
uses another software program to segregate the application from the host operating system. With
virtualization the end users have to deal with the overhead of managing and patching the OS and the
application separately and there is also the performance impact of rendering the application in a
virtualized environment. For more information please refer to our technical blog posts.
What is the difference between Protected Mode in Microsoft IE browser and Reader X Protected
Mode?
The sandbox we have implemented is more effective at mitigating threats in applications on desktop
windows than just running a process at low integrity. While our sandbox runs at a low integrity, it is a much
more constrained computing environment. For more information please refer to our technical blog posts.
What effect does Protected Mode have on a PDF viewed in Citrix?
Citrix is not supported. When Protected Mode cannot launch due to an unsupported configuration, Reader
displays a dialog alerting the user of the incompatibility and provides the user with the option to disable
Protected Mode.
What is the percentage increase in memory footprint because of Protected Mode?
Very little.
Will Protected Mode have any effect on viewing LC Reader-Extended PDFs?
It should work fine out of the box.
Is there any special status for certified documents so that one can disable Protected Mode only
with certified documents?
No.
Can the security policies for the broker be configured through Customization Wizard or
downloaded from a server?
No. Custom policies should be tailored to meet your business requirements and deployed by an
administrator.
Are there any unforeseen major issues with the rich PDF types containing content e.g. interactive
multimedia, geo, and 3D with Reader X?
Not many. The feature is designed to be transparent.
Do plug-ins have read and write permissions to things like config files that maybe stored on the
user's system?
Plug-ins will not be able to write log files to non-whitelisted locations. They can continue to write logs to
the Temp directory (as returned by GetTempPath() Windows API or equivalent Acrobat API). Another
white-listed location is Adobe Reader's own appdata area.
Does the Protected Mode impair a PDF's ability to access trusted web sites?
No.
Can I still save Acrobat forms on my own computer?
Yes. There is no change in behavior.
Is Protected Mode the reason why Reader X runs with two AcroRd32.exe processes?
Yes. One of the processes is the sandboxed process and the other one is the broker.
If multiple PDFs are open (either standalone or within the browser), is the number of spawned
processes the same?
Section 3 Protected Mode Page 17