Can opening a .pdf file do any harm?
Thread Starter
Joined: Feb 2012
Posts: 728
Likes: 0
From: Cape Town / UK / Europe
Can opening a .pdf file do any harm?
I am expecting a payment into my SA bank account and have received this email which has a .pdf attached.
I am reasonably sure it's genuine, unfortunately I can't contact the person who should have made the transfer to check that she banks with Capitec, and was wondering, if it's just a coincidence and if it were a phishing email, could opening the attachment do any harm?
This email contains official information from Capitec Bank that is presented to you in PDF format. .................
Joined: Mar 2002
Posts: 4,569
Likes: 1
From: Florida
Much of my really important e-mails between banks require PDF format.
I would trust it as long as you have anti-virus running and as always resonably check any link addresses they refer you to type into your browser
I would trust it as long as you have anti-virus running and as always resonably check any link addresses they refer you to type into your browser
Joined: Jan 2012
Posts: 2,173
Likes: 0
From: .
Adobe PDF files are becoming an increasingly common route of infection. As windows becomes more and more hardened, other routes are being found to hijack machines, and PDF attachments are now one of the commonest routes to do this.
Two problems - there are a lot of unpatched security holes in the Adobe PDF reader, and also by default the reader can execute javascript without any warnings or blocks
What can you do?
First make sure that the Adobe Reader is up to date
Next, disable Javascript in the reader - in the reader go "edit > preferences > javascript > UNTICK "enable Acrobat Javascript""
Shouldn't cause any problems unless you like filling in online Acrobat forms.
I've read suggestions that the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader - or even the Amazon Kindle software, but I'd like to see more data before being sure of that
Two problems - there are a lot of unpatched security holes in the Adobe PDF reader, and also by default the reader can execute javascript without any warnings or blocks
What can you do?
First make sure that the Adobe Reader is up to date
Next, disable Javascript in the reader - in the reader go "edit > preferences > javascript > UNTICK "enable Acrobat Javascript""
Shouldn't cause any problems unless you like filling in online Acrobat forms.
I've read suggestions that the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader - or even the Amazon Kindle software, but I'd like to see more data before being sure of that
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
Milo,
(a) "Adobe PDFs" is not correct terminology. The PDF standard was standardised back in 2008 by Adobe under ISO ISO 32000-1.
(b) "the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader"
Utter tosh.
PDF problems are not necessarily related to a specific reader.
See this article.... and specifically I draw your attention to the Foxit vulnerability mentioned.
The BEST answer is to keep your guard up, and remain weary of attachments that you are not expecting, even from what you might perceive to be a trustworthy originator. As are the usual old adages making sure you do your day-to-day computing logged in as an unprivileged user, running up to date AV etc. etc.
(a) "Adobe PDFs" is not correct terminology. The PDF standard was standardised back in 2008 by Adobe under ISO ISO 32000-1.
(b) "the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader"
Utter tosh.
PDF problems are not necessarily related to a specific reader.
See this article.... and specifically I draw your attention to the Foxit vulnerability mentioned.
The BEST answer is to keep your guard up, and remain weary of attachments that you are not expecting, even from what you might perceive to be a trustworthy originator. As are the usual old adages making sure you do your day-to-day computing logged in as an unprivileged user, running up to date AV etc. etc.
