The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Handling Malicious PDF

    Discussion in 'Security and Anti-Virus Software' started by goglog, Jan 4, 2010.

  1. goglog

    goglog Newbie

    Reputations:
    0
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    5
    Hey guys,

    I stumbled upon an excellent guide on securitybits.net ( http://securitybits.net/malicious-pdf-how-to-protect). This article provides some nice tips on how to protect yourself against malicious pdf documents. One of the tip they wrote was regarding running programs in a virtualized environment.

    Now, I'm familiar with Sandboxie but it always crashes on my laptop (Windows 7) and I was wondering if any of you know know (easy to use and free) any other solutions that I may use?

    Thanks,
    Marek
     
    goglog, Jan 4, 2010
    #1
  2. surfasb

    surfasb Titles Shmm-itles

    Reputations:
    2,637
    Messages:
    6,370
    Likes Received:
    0
    Trophy Points:
    205
    Virtual box.

    Most of the time, a malicious PDF won't harm your computer if you view it. It is all the funny links/javascripts in it.
     
    surfasb, Jan 4, 2010
    #2
  3. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    ^+1, or FoxitReader or SumatraPDF.
     
    Baserk, Jan 5, 2010
    #3
  4. UniqueQ

    UniqueQ Notebook Geek

    Reputations:
    32
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    15
    Virtualpc and virtualbox
     
    UniqueQ, Jan 5, 2010
    #4
  5. TeeJay 44

    TeeJay 44 Notebook Deity

    Reputations:
    1,020
    Messages:
    1,048
    Likes Received:
    0
    Trophy Points:
    0
    SumatraPDF. Does it for me.

    I am done with Adode.
     
    TeeJay 44, Jan 5, 2010
    #5
  6. Hiker

    Hiker Notebook Deity

    Reputations:
    448
    Messages:
    1,715
    Likes Received:
    1
    Trophy Points:
    56
    Is there any risk from getting an infected PDF from a trusted source, with up-to-date AV and AS running, along with D+ in Comodo firewall? I have Acrobat 8 Pro in CS3 and can't complain since they all run fine.
     
    Hiker, Jan 5, 2010
    #6
  7. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Whether the trusted source can be trusted is up to you ;)
    Disabling Javascript in Adobe is the usual course but in your case I'm not sure how-to (not familiar with CS3).
    Fyi, Avira picks it up (too).
    From Shadowserver Foundation, who reported the exploit;

    " We have said it before and we will say it again: Disable JavaScript.
    We have not had time to fully test but enabling hardware DEP for systems that support it may also mitigate this issue.
    Antivirus detection should improve in the coming weeks and hopefully a patch. Right now only 5 out of the 41 different Antivirus vendors used by Virustotal are detecting this threat. Even then their detection appears to be generic and is not currently specifically detecting this exploit. The 5 vendors to detect the threat are:
    * (McAfee-GW-Edition) *note this is not the same as McAfee Desktop or Mail Server Edition
    * (eSafe)
    * (NOD32)
    * (AntiVir)
    * (Kaspersky)    " link

    According to Adobe;
    " With the DEP mitigation in place, the impact of this exploit has been reduced to a Denial of Service during our testing." link

    Cheers.
     
    Baserk, Jan 6, 2010
    #7