i know downloading pdf files from random sites could be problematic. 

 

But is it risky ( in terms of viruses, getting my personal data hijacked, etc ) to download pdfs from archive.org ?

As archive.org curates its source material directly from the Internet...

26 minutes ago, RichCor said:

As archive.org curates its source material directly from the Internet...

So, I assume that's a "yes, could be dangerous" ?

Are .mobi files potentially problematic?

nah .mobi .pdf 

 

as long as its .pdf .mobi and not as example .pdf.exe

 

no suffix after the pdf 

To this end, you should choose to allow known file name extensions to be displayed.

https://support.winzip.com/hc/en-us/articles/115011457948-How-to-configure-Windows-to-show-file-extensions-and-hidden-files

You can double up on this by only opening downloaded files within a SandBox. Once you have determined that they are safe, you can open normally.

 

https://www.windowscentral.com/how-use-windows-sandbox-windows-10-may-2019-update

 

or

 

https://www.sandboxie.com

 

https://filehippo.com/download_sandboxie/

Adobe got really stupid there for a while and now .pdf containers can hold:

JavaScript

Embedded Flash

Launch Actions

GoToE (encrypted payloads)

Embedded Media Controls

http linking (potentially to malicious websites)

 

Also, some PDF readers, or browser helper files, can contain interpreter vulnerabilities that can be exploited to execute embedded shellcode that directly downloads another malicious executable Backdoor. 

 

So, .pdf files should only be opened from direct known entities and only accepted when such being sent is expected. 

27 minutes ago, andy72 said:

as long as its .pdf .mobi and not as example .pdf.exe

 

no suffix after the pdf 

I learned that a ".pdf.exe" suffix could be dangerous a few years back, but can't remember whether or not I'd forgotten it. 

 

At any rate, definitely worthwhile to point out.

10 minutes ago, BananaBandit said:

I learned that a ".pdf.exe" suffix could be dangerous

This is where Microsoft got stupid and, as Eindhoven just mentioned, as a default setting prevents file explorer from displaying the .xxx extension for "known file types". So a dangerous download of happy.pdf.exe now gets displayed in the windows file list as happy.pdf

 

Ugh!

13 minutes ago, RichCor said:

Adobe got really stupid there for a while and now .pdf containers can hold:

JavaScript

Embedded Flash

Launch Actions

GoToE (encrypted payloads)

Embedded Media Controls

http linking (potentially to malicious websites)

 

Also, some PDF readers, or browser helper files, can contain interpreter vulnerabilities that can be exploited to execute embedded shellcode that directly downloads another malicious executable Backdoor. 

It sure sounds ominous....So, by downloading a dodgy PDF, i might put myself at risk for someone accessing my banking passwords and then they could take my money?  Or is that particular scenario a bit far-fetched?

24 minutes ago, BananaBandit said:

So, by downloading a dodgy PDF, i might put myself at risk for someone accessing my banking passwords and then they could take my money?  Or is that particular scenario a bit far-fetched?

Change that to "by dowloading" period, especially from unverifiable sources, then anything is possible.

 

If a 'file' can somehow either trick a user into allowing it to execute code, or better still using an exploit to automatically execute embedded code or instructions to run, then you could be seriously boned.

 

The code might do nothing more than display an annoying message, or become a keylogger with remote backdoor access.

 

That's not to say that ALL files found on the Internet, or even on the torrenting platforms, are compromised. Just some of them, especially if they're popular and sought after by gullible sheeple.

Let's clarify the situation.

You can download pdf (and many other files) without risk.

The risk is if you execute or "view" those files.

 

You can use Protected Mode to make sure you don't get more than you asked for.

https://helpx.adobe.com/reader/using/protected-mode-windows.html

 

17 hours ago, OneMoreFarang said:

You can use Protected Mode to make sure you don't get more than you asked for.

https://helpx.adobe.com/reader/using/protected-mode-windows.html

I went to my Adobe Reader program and selected:  Edit -- Preferences -- Security (Enhanced) .... There is already a check mark saying my "Enable Enhanced Security" option is activated. 

 

Does this qualify as "Protected Mode" ?

4 hours ago, BananaBandit said:

I went to my Adobe Reader program and selected:  Edit -- Preferences -- Security (Enhanced) .... There is already a check mark saying my "Enable Enhanced Security" option is activated. 

 

Does this qualify as "Protected Mode" ?

I see the following. As far as I see one of the important settings is in the red marked box. To be sure select "All Files".

 

22 hours ago, OneMoreFarang said:

Let's clarify the situation.

You can download pdf (and many other files) without risk.

The risk is if you execute or "view" those files.

This is 'mostly' true, though if you click a link in a browser you may have already committed it to also automatically opening it.

 

I remember in 2011 one of the first iPhone jailbreaks was delivered by using iOS Safari Browser to visit the jailbreakme (dot) com website and clicking a link to download a compromised .pdf that simultaneously broke the root account and downloaded an alternate app store. Scary efficient.

On 7/16/2020 at 6:26 AM, OneMoreFarang said:

Let's clarify the situation.

You can download pdf (and many other files) without risk.

The risk is if you execute or "view" those files.

So...if I download a PDF from archive.org, then use a program to convert that PDF to a MOBI, then put the MOBI on my Kindle and trash my PDF without ever opening it..... Would this process most likely suffice to safeguard my backdoor from malicious penetration?

 

Or could a malicious operator penetrate me with a dirty MOBI as well?

 

2 hours ago, RichCor said:

This is 'mostly' true, though if you click a link in a browser you may have already committed it to also automatically opening it.

Could I be risking foreign penetration of myself just by clicking a link on archive.org ?

17 minutes ago, BananaBandit said:

So...if I download a PDF from archive.org, then use a program to convert that PDF to a MOBI, then put the MOBI on my Kindle and trash my PDF without ever opening it..... Would this process most likely suffice to safeguard my backdoor from malicious penetration?

 

Or could a malicious operator penetrate me with a dirty MOBI as well?

 

Could I be risking foreign penetration of myself just by clicking a link on archive.org ?

Once your file is converted to MOBI then there is no problem anymore - at least I don't know about known MOBI problems.

 

Whenever you click on a link it is often not certain what will happen. Here are some options what might happen:

a) The file starts to download and your browser ask you where you want to save the file. That is what you want.

b) Like a) but it does not save the file where you want it but directly opens the file (from a temporary folder on your PC). That is what you should avoid because when the file is opened that is the risky part.

c) When you click maybe another page is opened and no download starts or it starts later.

 

To make sure you do a) it is often possible that you right click on the link and then select in your browser something like "save file as". Unfortunately that works only on some websites and not on others.

 

The truth is unfortunately that it is often difficult to make sure the computer does exactly what you want. Because obviously some bad people try to present files to you in a way that they look harmless - but maybe they are not harmless. Sorry for no better or clearer answer.

 

 

 

2 hours ago, BananaBandit said:

Could I be risking foreign penetration of myself just by clicking a link on archive.org ?

Please understand that every time a program offers a new extended 'feature', that new thing becomes a potential method for hackers or governments to inject code to try and break in.  

 

Clicking ANY link on ANY page in a browser might lead to bad stuff happening, if the owner of the site intends harm.

 

Archive.org is a curated backup of the Internet and the content found. If the website or content was compromised when archive slurped it up then it's probably still compromised.

 

 

2 hours ago, BananaBandit said:

So...if I download a PDF from archive.org, then use a program to convert that PDF to a MOBI, then put the MOBI on my Kindle and trash my PDF without ever opening it.....

 

You can try using the 'Right-click' option of a link to "Save link as" and force the browser to only download (an not also open/view) the link content, this is one method of insulating yourself from bad stuff happening. 

 

If a file is compromised it's usually done so to take advantage of a vulnerability in a specific application, application version, or operating system subcode (like a driver or codec) in order to work. 

 

.pdf and .mobi files are vulnerable to manipulation and exploits. 

 

If you convert the file the risk of the file malware content still being able to function as intended is greatly reduced as you're changing the target platform the content was originally intended to be rendered using.

 

FREE stuff should always be regarded as potentially compromised.

 

Thanks guys...you've given some pretty good information here (even though it's anxiety-inducing!)

9 hours ago, BananaBandit said:

Thanks guys...you've given some pretty good information here (even though it's anxiety-inducing!)

 

Personally, I wouldn't worry about it. But if you are concerned, use a SandBox.

That way, it is run in a closed off environment and cannot run on your main install. As soon as you close the SandBox, everything that ran within it disappears. Just get into the habit of running anything with which you feel uncomfortable in the SandBox first.

Clicky link of which you are not sure? Open it in a SandBoxed Browser. Anything dodgy happens can only happen in that SandBox and once your close the SandBox environment, everything disappears.

Belt & Braces for the unsure.

One more thing came to my mind.

 

If you want to read these PDFs "only" on an eBook reader then you should try to download them directly on that eBook reader. Then you won't have any risk.

12 hours ago, Eindhoven said:

Personally, I wouldn't worry about it. But if you are concerned, use a SandBox.

That way, it is run in a closed off environment and cannot run on your main install. As soon as you close the SandBox, everything that ran within it disappears. Just get into the habit of running anything with which you feel uncomfortable in the SandBox first.

Clicky link of which you are not sure? Open it in a SandBoxed Browser. Anything dodgy happens can only happen in that SandBox and once your close the SandBox environment, everything disappears.

Belt & Braces for the unsure.

Fair enough then. 

 

In case I eventually decide to sandbox it:   Where is the best place to download my sandbox?

 

Is  sandboxie.com  okay?

 

I have Windows 7, in case that makes any difference (though i suspect it doesn't). 

12 hours ago, BananaBandit said:

Fair enough then. 

 

In case I eventually decide to sandbox it:   Where is the best place to download my sandbox?

 

Is  sandboxie.com  okay?

 

I have Windows 7, in case that makes any difference (though i suspect it doesn't). 

If Windows 7, SandBoxie is the one for you. Personally I think archive.org will be fine. But no harm in having that extra layer of protection. It allows you to open particular programs in the SandBox too. So you can open Adobe Reader in the SandBox. It's a bit more fiddly and even if you choose to not use it most of the time, having it may prove useful.

For instance installing a new program. You can install in in the SandBox in so that you can scrutinise the installation options and choose or eliminate unwanted add-on choices. Once you are confident that you have made the right choices, delete the SandBox and install it normally, making the correct choices. Running it firstly in the SandBox means you can make as many mistakes as you like, as it doesn't end up embedded somewhere in your main install. 

 

But from anything from archive.org, a simple virus scan before opening should prove sufficient.