- Jun 15, 2023
- 230
I saw a few videos from cruelsister which it was easily bypassed and infected.
Is Defender good against scriptors or malicious pdf and word files?
- Thread starter Azazel
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
I'm going to reword your title.
If I click on a word of PDF file I didn't create and when I downloaded it didn't bother to scan at a site like VT, is there a chance I could get hammered?
See what I did there
- Aug 22, 2013
- 827
Nothing is a 100% when you connect your system to the internet. I suggest you should add Hard Configurator to the mix and use a secure and less vulnerable pdf software like foxit or nitro pdf reader.
- Jun 15, 2023
- 230
it's unreasonable to scan every pdf file I download from the internet with Virustotal.I'm going to reword your title.
If I click on a word of PDF file I didn't create and when I downloaded it didn't bother to scan at a site like VT, is there a chance I could get hammered?
See what I did there
They are shared and downloaded many times, for example hard configurator and cyberlock's user guides are in pdf.
I ask if it is reasonable to use defender even hardened against all types of threats instead of using a free alternative like avast.
If it is as competent as other avs and not too reliant on signatures, cloud and exclusive good detection of exes only.
Yes and I'm pointing out that relying solely on one solution because you do not wish to take the time to vet your downloads is the kind of risky behavior that gets users in trouble. The file while inert is not a danger, take the time to scan it with something besides your current security to ensure. If you take risks of downloading a lot, then you should put in the effort to minimize chances. No solution is 100% but if you ad extra effort into the equation you can negate that.
- Aug 19, 2019
- 1,023
If you use ConfigureDefender and @Andy Ful 's anti-exploit tool it can protect you against those but by default, MD isn't as effective. You can download the Configure Defender and the individual hardening tools from here: GitHub - AndyFul/ConfigureDefender: Utility for configuring Windows 10 built-in Defender antivirus settings. . I use Hard_Configurator which comes with ConfigureDefender, WIndowsFirewallHardening and Anti-Exploit as one bundle but you can just use the tools independently. ConfigureDefender increases Microsoft Defender's capabilities and the exploit tool prevents these office and pdf reader issues.
All kinds of solutions abound besides the one I stated which is the simplest, probably most effective.
You can hash the file locally and upload it to VT.
You can upload it to a sandbox or run it in a VM.
You can open it in a hex editor and check the file signature.
You can install Python and then Pdfid and pdfparser to analyze the files "works on Windows or Linux" , this will give you a look at what's inside a PDF before you run it. You will be able to view stream, end streams of the file and lists of start and end tags for JavaScript. Basically if you view zeros as start and end tags of JavaScript chances are the file does not contain anything.
You can get and use a advanced PDF reader with options to disable JS or connecting to the Internet. Ect,ect.
You can hash the file locally and upload it to VT.
You can upload it to a sandbox or run it in a VM.
You can open it in a hex editor and check the file signature.
You can install Python and then Pdfid and pdfparser to analyze the files "works on Windows or Linux" , this will give you a look at what's inside a PDF before you run it. You will be able to view stream, end streams of the file and lists of start and end tags for JavaScript. Basically if you view zeros as start and end tags of JavaScript chances are the file does not contain anything.
You can get and use a advanced PDF reader with options to disable JS or connecting to the Internet. Ect,ect.
- Jan 8, 2011
- 22,361
How is Foxit and Nitro any less vulnerable than Acrobat? Would a modern browser that can handle PDF form-filling and signing provide better protection than popular PDF software?
- Aug 22, 2013
- 827
Just like Linux remains less vulnerable than windows. The less popular it is the less is the chance to get targeted. Making a zero day exploit for adobe is more attractive to a Blackhat than making it for Foxit or nitro. Apart from that with foxit the "safe reding mode" is enabled by default.
- Mar 9, 2014
- 545
I think most computer users don't have or know how to use VT, VM, or hex editors.
My post in general covers many aspects and approaches down to using a product that offers settings to simplify.
- Mar 9, 2014
- 545
Yes, but I think most computer users don't use/don't know how to use VT, VM, and hex editors. They are the main users of AVs.
You are in a forum with all degrees of experience and knowledge, the post is to cover most aspects for this different levels. For those without the skill or knowledge using a PDF reader with ability to turn of java script or connecting to the Internet are mentioned.
Last edited by a moderator:
- Mar 9, 2014
- 545
These security programs are not made for forum members but for computer users in general, most of whom don't know about or use VT, VM, or even hex editors, not to mention being told to set things in PDF readers on or off, or even selecting PDF readers.
Are you having to translate this, because I think what we got here is failure to communicate.
Users that can not toggle a simple button in settings will not be in this forum or stopping by to read up on how to shut off java, or even possibly understand what java is or why it needs to be off.
Everyone else is covered in that post, now unless you have something more viable to add I think we have this topic covered.
Last edited by a moderator:
- Jul 29, 2017
- 273
No offence but some of us like to use our PC's like normal non paranoid people.
Being cautious is one thing.
Doing what you describe is unreal for day to day use.
Saying no offense before you label someone paranoid negates any sincerity. The thread title states why those choices were presented.
Vetting things or circumventing issues, before you execute them is unreal? Or lazy, you determine this last part.
Im beginning to feel like i need to pull out chalk board and draw pictures here.
Last edited by a moderator:
- Mar 9, 2014
- 545
My post was deleted because I was told it wasn't helpful to the OP. I'll see if this one passes:
The OP is asking whether or not Defender is good. Your response is that it is as long as one knows how to use VT, VM, or hex editors, or know what to toggle in what apps in PDF readers.
The problem is that most users don't know how to use VT, VM, or hex editors, and malware do not wholly come from PDFs.
Given that, I think Defender isn't good enough, and the suggestions you gave aren't helpful. I also think hard configuration isn't helpful as well because it can do more harm than good, similar to turning off Java and other features. Users can create more problems, and they will have to figure out what they disabled in order to bring back functionality.
With that, use other AVs that according to AV-Test, AV Comparatives, and Youtubers doing tests (like the one mentioned by the OP) do better. Examples are Avast, AVG, Kaspersky, and Bitdefender.
Ok so you obviously want to have it out over this after many explanations.
Your suggestion is to use a more advanced security software for users you claim are not capable of toggling a couple switches in a more advanced PDF reader correct. They are not capable of this but are capable of installing and setting up the more advanced software.
There is in my post above suggestions from beginners to advanced to help everyone, but you choose to say only the beginners will be interested in this thread, so im wondering if I should hire you as a physicic now.
Are we finished, or do we need to take this further.
- Mar 9, 2014
- 545
I'm thinking of just set-and-forget software like Bitdefender free. I'm also guessing that anyone who's asking if Defender is good enough can figure out how to install another AV. Otherwise, there's no point in asking.
About PDF readers, I don't think all malware are coursed through only PDFs, so that suggestion is lacking. Rather, one will have to figure out what to turn off in every app that involves scripts, Word files, etc. But what happens if a feature stops working given that? One has to remember what to enable and then disable it after. It's similar to the effects of hardening Defender. As for VMs, VTs, and hex editors, as those are even more complicated, if not weird, because the user now takes on the role of the security program.
Similar threads
