Question Is Defender good against scriptors or malicious pdf and word files?

Please provide comments and solutions that are helpful to the author of this topic.

Azazel

Level 3
Thread author
Jun 15, 2023
148
I'm going to reword your title.

If I click on a word of PDF file I didn't create and when I downloaded it didn't bother to scan at a site like VT, is there a chance I could get hammered?

See what I did there :unsure:
it's unreasonable to scan every pdf file I download from the internet with Virustotal.
They are shared and downloaded many times, for example hard configurator and cyberlock's user guides are in pdf.

I ask if it is reasonable to use defender even hardened against all types of threats instead of using a free alternative like avast.
If it is as competent as other avs and not too reliant on signatures, cloud and exclusive good detection of exes only.
 
F

ForgottenSeer 103564

it's unreasonable to scan every pdf file I download from the internet with Virustotal.
They are shared and downloaded many times, for example hard configurator and cyberlock's user guides are in pdf.

I ask if it is reasonable to use defender even hardened against all types of threats instead of using a free alternative like avast.
If it is as competent as other avs and not too reliant on signatures, cloud and exclusive good detection of exes only.
Yes and I'm pointing out that relying solely on one solution because you do not wish to take the time to vet your downloads is the kind of risky behavior that gets users in trouble. The file while inert is not a danger, take the time to scan it with something besides your current security to ensure. If you take risks of downloading a lot, then you should put in the effort to minimize chances. No solution is 100% but if you ad extra effort into the equation you can negate that.
 

ErzCrz

Level 20
Verified
Top Poster
Well-known
Aug 19, 2019
951
If you use ConfigureDefender and @Andy Ful 's anti-exploit tool it can protect you against those but by default, MD isn't as effective. You can download the Configure Defender and the individual hardening tools from here: GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings. . I use Hard_Configurator which comes with ConfigureDefender, WIndowsFirewallHardening and Anti-Exploit as one bundle but you can just use the tools independently. ConfigureDefender increases Microsoft Defender's capabilities and the exploit tool prevents these office and pdf reader issues.
 
F

ForgottenSeer 103564

All kinds of solutions abound besides the one I stated which is the simplest, probably most effective.

You can hash the file locally and upload it to VT.

You can upload it to a sandbox or run it in a VM.

You can open it in a hex editor and check the file signature.

You can install Python and then Pdfid and pdfparser to analyze the files "works on Windows or Linux" , this will give you a look at what's inside a PDF before you run it. You will be able to view stream, end streams of the file and lists of start and end tags for JavaScript. Basically if you view zeros as start and end tags of JavaScript chances are the file does not contain anything.

You can get and use a advanced PDF reader with options to disable JS or connecting to the Internet. Ect,ect.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,394
Nothing is a 100% when you connect your system to the internet. I suggest you should add Hard Configurator to the mix and use a secure and less vulnerable pdf software like foxit or nitro pdf reader.
How is Foxit and Nitro any less vulnerable than Acrobat? Would a modern browser that can handle PDF form-filling and signing provide better protection than popular PDF software?
 
  • Like
Reactions: Brahman

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
795
How is Foxit and Nitro any less vulnerable than Acrobat? Would a modern browser that can handle PDF form-filling and signing provide better protection than popular PDF software?
Just like Linux remains less vulnerable than windows. The less popular it is the less is the chance to get targeted. Making a zero day exploit for adobe is more attractive to a Blackhat than making it for Foxit or nitro. Apart from that with foxit the "safe reding mode" is enabled by default.
Screenshot 2023-12-02 171440.png
 
F

ForgottenSeer 103564

Yes, but I think most computer users don't use/don't know how to use VT, VM, and hex editors. They are the main users of AVs.
You are in a forum with all degrees of experience and knowledge, the post is to cover most aspects for this different levels. For those without the skill or knowledge using a PDF reader with ability to turn of java script or connecting to the Internet are mentioned.
 
Last edited by a moderator:
  • Like
Reactions: Nevi and vtqhtr413

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
458
You are in a forum with all degrees of experience and knowledge, the post is to cover most aspects for this different levels. For those without the skill or knowledge using a PDF reader with ability to turn of java script or connecting to the Internet are mentioned.

These security programs are not made for forum members but for computer users in general, most of whom don't know about or use VT, VM, or even hex editors, not to mention being told to set things in PDF readers on or off, or even selecting PDF readers.
 
F

ForgottenSeer 103564

These security programs are not made for forum members but for computer users in general, most of whom don't know about or use VT, VM, or even hex editors, not to mention being told to set things in PDF readers on or off, or even selecting PDF readers.
Are you having to translate this, because I think what we got here is failure to communicate.

Users that can not toggle a simple button in settings will not be in this forum or stopping by to read up on how to shut off java, or even possibly understand what java is or why it needs to be off.

Everyone else is covered in that post, now unless you have something more viable to add I think we have this topic covered.
 
Last edited by a moderator:
  • Like
Reactions: Nevi and vtqhtr413

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
266
All kinds of solutions abound besides the one I stated which is the simplest, probably most effective.

You can hash the file locally and upload it to VT.

You can upload it to a sandbox or run it in a VM.

You can open it in a hex editor and check the file signature.

You can install Python and then Pdfid and pdfparser to analyze the files "works on Windows or Linux" , this will give you a look at what's inside a PDF before you run it. You will be able to view stream, end streams of the file and lists of start and end tags for JavaScript. Basically if you view zeros as start and end tags of JavaScript chances are the file does not contain anything.

You can get and use a advanced PDF reader with options to disable JS or connecting to the Internet. Ect,ect.
No offence but some of us like to use our PC's like normal non paranoid people.
Being cautious is one thing.
Doing what you describe is unreal for day to day use.
 
  • +Reputation
Reactions: Azure
F

ForgottenSeer 103564

No offence but some of us like to use our PC's like normal non paranoid people.
Being cautious is one thing.
Doing what you describe is unreal for day to day.

Saying no offense before you label someone paranoid negates any sincerity. The thread title states why those choices were presented.

Vetting things or circumventing issues, before you execute them is unreal? Or lazy, you determine this last part.

Im beginning to feel like i need to pull out chalk board and draw pictures here.
 
Last edited by a moderator:
  • Like
Reactions: Nevi and vtqhtr413

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
458
Are you having to translate this, because I think what we got here is failure to communicate.

Users that can not toggle a simple button in settings will not be in this forum or stopping by to read up on how to shut off java, or even possibly understand what java is or why it needs to be off.

Everyone else is covered in that post, now unless you have something more viable to add I think we have this topic covered.

My post was deleted because I was told it wasn't helpful to the OP. I'll see if this one passes:

The OP is asking whether or not Defender is good. Your response is that it is as long as one knows how to use VT, VM, or hex editors, or know what to toggle in what apps in PDF readers.

The problem is that most users don't know how to use VT, VM, or hex editors, and malware do not wholly come from PDFs.

Given that, I think Defender isn't good enough, and the suggestions you gave aren't helpful. I also think hard configuration isn't helpful as well because it can do more harm than good, similar to turning off Java and other features. Users can create more problems, and they will have to figure out what they disabled in order to bring back functionality.

With that, use other AVs that according to AV-Test, AV Comparatives, and Youtubers doing tests (like the one mentioned by the OP) do better. Examples are Avast, AVG, Kaspersky, and Bitdefender.
 
  • Like
Reactions: Nevi
F

ForgottenSeer 103564

My post was deleted because I was told it wasn't helpful to the OP. I'll see if this one passes:

The OP is asking whether or not Defender is good. Your response is that it is as long as one knows how to use VT, VM, or hex editors, or know what to toggle in what apps in PDF readers.

The problem is that most users don't know how to use VT, VM, or hex editors, and malware do not wholly come from PDFs.

Given that, I think Defender isn't good enough, and the suggestions you gave aren't helpful. I also think hard configuration isn't helpful as well because it can do more harm than good, similar to turning off Java and other features. Users can create more problems, and they will have to figure out what they disabled in order to bring back functionality.

With that, use other AVs that according to AV-Test, AV Comparatives, and Youtubers doing tests (like the one mentioned by the OP) do better. Examples are Avast, AVG, Kaspersky, and Bitdefender.
Ok so you obviously want to have it out over this after many explanations.

Your suggestion is to use a more advanced security software for users you claim are not capable of toggling a couple switches in a more advanced PDF reader correct. They are not capable of this but are capable of installing and setting up the more advanced software.

There is in my post above suggestions from beginners to advanced to help everyone, but you choose to say only the beginners will be interested in this thread, so im wondering if I should hire you as a physicic now.

Are we finished, or do we need to take this further.
 
  • Like
Reactions: Nevi

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
458
Ok so you obviously want to have it out over this after many explanations.

Your suggestion is to use a more advanced security software for users you claim are not capable of toggling a couple switches in a more advanced PDF reader correct. They are not capable of this but are capable of installing and setting up the more advanced software.

There is in my post above suggestions from beginners to advanced to help everyone, but you choose to say only the beginners will be interested in this thread, so im wondering if I should hire you as a physicic now.

Are we finished, or do we need to take this further.

I'm thinking of just set-and-forget software like Bitdefender free. I'm also guessing that anyone who's asking if Defender is good enough can figure out how to install another AV. Otherwise, there's no point in asking.

About PDF readers, I don't think all malware are coursed through only PDFs, so that suggestion is lacking. Rather, one will have to figure out what to turn off in every app that involves scripts, Word files, etc. But what happens if a feature stops working given that? One has to remember what to enable and then disable it after. It's similar to the effects of hardening Defender. As for VMs, VTs, and hex editors, as those are even more complicated, if not weird, because the user now takes on the role of the security program.
 
  • Like
Reactions: Nevi and oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top