Can opening a .pdf file do any harm?
Thread Starter
Join Date: Feb 2012
Location: Cape Town / UK / Europe
Posts: 728
Likes: 0
Received 0 Likes
on
0 Posts
Can opening a .pdf file do any harm?
I am expecting a payment into my SA bank account and have received this email which has a .pdf attached.
I am reasonably sure it's genuine, unfortunately I can't contact the person who should have made the transfer to check that she banks with Capitec, and was wondering, if it's just a coincidence and if it were a phishing email, could opening the attachment do any harm?
This email contains official information from Capitec Bank that is presented to you in PDF format. .................
Much of my really important e-mails between banks require PDF format.
I would trust it as long as you have anti-virus running and as always resonably check any link addresses they refer you to type into your browser
I would trust it as long as you have anti-virus running and as always resonably check any link addresses they refer you to type into your browser
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Adobe PDF files are becoming an increasingly common route of infection. As windows becomes more and more hardened, other routes are being found to hijack machines, and PDF attachments are now one of the commonest routes to do this.
Two problems - there are a lot of unpatched security holes in the Adobe PDF reader, and also by default the reader can execute javascript without any warnings or blocks
What can you do?
First make sure that the Adobe Reader is up to date
Next, disable Javascript in the reader - in the reader go "edit > preferences > javascript > UNTICK "enable Acrobat Javascript""
Shouldn't cause any problems unless you like filling in online Acrobat forms.
I've read suggestions that the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader - or even the Amazon Kindle software, but I'd like to see more data before being sure of that
Two problems - there are a lot of unpatched security holes in the Adobe PDF reader, and also by default the reader can execute javascript without any warnings or blocks
What can you do?
First make sure that the Adobe Reader is up to date
Next, disable Javascript in the reader - in the reader go "edit > preferences > javascript > UNTICK "enable Acrobat Javascript""
Shouldn't cause any problems unless you like filling in online Acrobat forms.
I've read suggestions that the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader - or even the Amazon Kindle software, but I'd like to see more data before being sure of that
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Milo,
(a) "Adobe PDFs" is not correct terminology. The PDF standard was standardised back in 2008 by Adobe under ISO ISO 32000-1.
(b) "the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader"
Utter tosh.
PDF problems are not necessarily related to a specific reader.
See this article.... and specifically I draw your attention to the Foxit vulnerability mentioned.
The BEST answer is to keep your guard up, and remain weary of attachments that you are not expecting, even from what you might perceive to be a trustworthy originator. As are the usual old adages making sure you do your day-to-day computing logged in as an unprivileged user, running up to date AV etc. etc.
(a) "Adobe PDFs" is not correct terminology. The PDF standard was standardised back in 2008 by Adobe under ISO ISO 32000-1.
(b) "the best answer is to ditch the Adobe Reader and instead use an alternative such as the Foxit reader"
Utter tosh.
PDF problems are not necessarily related to a specific reader.
See this article.... and specifically I draw your attention to the Foxit vulnerability mentioned.
The BEST answer is to keep your guard up, and remain weary of attachments that you are not expecting, even from what you might perceive to be a trustworthy originator. As are the usual old adages making sure you do your day-to-day computing logged in as an unprivileged user, running up to date AV etc. etc.
