Fact: Simply opening an infected PDF file can get your device compromised.
Need: to open PDF files more safely.
PDF probably is the most commonly used format to facilitate exchange of electronic copy of documents.
We share content using PDFs all over the web, through emails. And we receive our statements, bills, invoices from our providers. We open PDF files and store them as data all the time. We need to keep it safe.
Isn’t PDF file safe? It’s just a read only document
Well, it used to be. But not anymore.
PDFs have evolved from read only documents to complex documents with interactive forms, multimedia, dynamic code running and more.
Vulnerabilities in PDF viewers could lead to malicious code execution by simply opening the PDF file. And the result is malware infection.
Tips to open PDF files more safely
- Keep your system up to date
- Use browser’s build in PDF viewer
- Use protected mode (for Acrobat Reader DC)
- Open in isolated virtual machine instead
1. Keep your system up to date
Not just the operating system.
But also your browsers and PDF viewers. To ensure any known vulnerabilities are taken care of. Minimize your exposure.
2. Use browser’s build in PDF viewer
Popular browsers like Google Chrome, Microsoft Edge & FireFox all have build in PDF viewer.
Don’t need to use plug-in. Use build in PDF viewer for better security measures.
4. Use protected mode (for Acrobat Reader DC)
Acrobat Reader DC also allows you to run in sandbox protected mode. Enable it as default.
- go to Edit > Preferences > Security (Enhanced)
- select Enable Protected Mode at startup
- select All fiiles for Protected View
- click OK
Note: The Run in AppContainer feature is official in the latest version. Make sure it’s checked also.
In protected mode, some operations like Print is not available. But you can always click Enable All Features to trust the document and release from protected mode.
5. Open in isolated virtual machine instead
If the source of the PDF file is unknown or suspicious, the best approach is not to open it.
However, if the PDF file still gets you enough interest to view it, view it inside a virtual machine. Just like how we use vm to achieve safer web browsing.
This Post Has 4 Comments
Silicon11 Jul 2020
Alan, your website is an absolute gold mine! Excellent topics, well explained and very enjoyable to read. I had to reach out and say “Thank you”. P.s I will be looking to try out many of your suggestions now.
Alan Chan16 Aug 2020
You are welcome! cheers
Annie26 Aug 2020
Alan, a small non-profit I volunteer for is starting up a newsletter. We think our easiest option for a nice looking and easy-to-create document is to use Word or Publisher and save to pdf — distributing the pdf as an email attachment.
Would you consider this type of pdf distribution to be safe — ie, created on a known, trusted computer by a trusted organization/person? In other words, for a pdf to be insecure to open, does it have to have been intentionally created to be malicious?
We realize we could use Outlook or another email program that allows fancier formatting in the body of an email message and, therefore, avoid attachment. But our results w/ Outlook so far are not consistently well-formatted, and definitely vary with different email systems. We don’t have a lot of time or expertise to perfect!
Alan Chan27 Aug 2020
legitimate pdf created by trusted organization/person at a clean trusted compputer is not a problem.
dangerous pdfs are those attached with malicious code that exploits weakness of the pdf reader.
These malicious pdfs usually come as attachment in spam/phishing emails from uninvited senders.