Advice Request Yes, I will visit shady websites and open shady pdf - third party security?

Please provide comments and solutions that are helpful to the author of this topic.

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
I am a CS student and in parallel doing research for my thesis.
The practice of not visiting unknown sites with questionable content and downloads is not applicable for me, as I may open every document file that is not executable from many sources, in order to find research material.
Is any third party security software of any value for me, compared to what Microsoft Defender can offer me? No extra configurations can be used like some of ConfigureDefender's settings, because of compatibility problems with documents and powershell scripts. Even Norton blocked some vulnerability assesment tools in vmware vbox some time ago, so I started considering Microsoft Defender in defaults again..
I need real world advice as a power knowledgeable IT user.
Also I have core isolation turned of for performance reasons, and I cannot use sandboxed browsers
Only ublock origin with only ad filters enabled is enabled on my Google Chrome.
Maybe it's not possible at all to have an adequate protection, maybe statistically wise, I can be safe. Maybe I know all the answers, but I would like to discuss it with you.
Thanks!
 
Last edited:
F

ForgottenSeer 98186

I am a CS student and in parallel doing research for my thesis.

The practice of not visiting unknown sites with questionable content and downloads is not applicable for me, as I may open every document file that is not executable from many sources, in order to find research material.
Visit any page, view any content, view any .doc for infos on any unpaid webpage.

Threat actors just love people like you. In fact, they target people like you by targeting all the PDF doc hosting websites and obscure websites.

So what are you researching? What subject matter?

Maybe it's not possible at all to have an adequate protection, maybe statistically wise, I can be safe. Maybe I know all the answers, but I would like to discuss it with you.
  • You are already aware of malicious PDFs and office docs with macros. So you can identify them and know not to click on links and enable macros. That solves the primary problem and prevents 99% of weaponized docs.
  • You already know you should be verifying every document you download by some method to ensure as best you can that they are not obfuscated malware. Whether you are doing any of that is a different matter. My guess is that you're not because in your mind it negatively affects your "productivity."
  • You can use a bare-minimum PDF reader such as Sumatra, but this will only be of assistance with weaponized PDFs.
  • It is entirely possible to protect your physical system while having good usability; use Hard_Configurator and configure all settings to maximum. Make allow exceptions where needed to permit what you need to do. You must be at least aware of it and don't use it because you don't want the "hassle" or "inconvenience."
  • Alternatively you can open PDFs in a linux distro running in Virtual Box, but I already know you're going to say it is a performance or productivity issue.
  • About the only thing left for you is to upload the PDFs and other documents to multiple malware analysis sandboxes online, review the analysis reports carefully before opening the PDFs or docs.
  • You can also create firewall block rules for the common methods and abused processes to connect out from PDFs and other documents. At least that is something and will prevent malware downloads.
  • Getting infected or suffering some other digital related calamity is just a matter of time for you.
  • You do already know the answers.
  • You remind me of the PhD candidate user that came here years ago, did all the same things you are doing. The reason they came here was they downloaded what they thought was a PDF. It turned out to be ransomware. Upon opening the PDF, the ransomware rapidly encrypted all their PhD thesis documents, source documents, etc. They had no backups.
There's a lot of very effective solutions, but you just don't want to use any of them. In your case, using a default-allow 3rd party antivirus is like throwing the dice. Your best bet would be Kaspersky with hardening of Application Control settings. At least you have Kaspersky System Watcher to rollback the encrypted documents when you get smacked by ransomware.

Or just forego AV and rely upon regular backups.

Windows 7 SP1. No updates, no security, no problems.
  • Windows XP, unpatched
  • Office 2007, unpatched and enable macros
  • Adobe Reader version 5, unpatched (from 2004)
I give it less than 30 days.
 
Last edited by a moderator:

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,630
Just make sure what you open is actually .PDF, and not .exe, .scr, .vbs, .js, etc.
PDF documents may contain executable content as well. ZoneAlarm has Document Sanitation, later on renamed to Threat Extraction that can reconstruct documents of many formats and remove all executable contents. The extension that provides this feature is available for free.

All programmes that handle files (media players, document viewers, archivers and others) must be kept up-to-date at all times.

In addition, Kaspersky is capable of placing programmes of choice (in this case it can be Adobe Reader) in a less trusted group where they will be restricted in accordance with the set policies. Exceptions can be created for “vulnerability assessment tools” so that they can sill be used.

An old computer may be converted to a Chromebook by Installing Chrome OS Flex and that can be used whenever someone believes weaponised documents may be encountered.

There are many solutions.
 
Last edited:

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,320
I am a CS student and in parallel doing research for my thesis.
The practice of not visiting unknown sites with questionable content and downloads is not applicable for me, as I may open every document file that is not executable from many sources, in order to find research material.
Is any third party security software of any value for me, compared to what Microsoft Defender can offer me? No extra configurations can be used like some of ConfigureDefender's settings, because of compatibility problems with documents and powershell scripts. Even Norton blocked some vulnerability assesment tools in vmware vbox some time ago, so I started considering Microsoft Defender in defaults again..
I need real world advice as a power knowledgeable IT user.
Also I have core isolation turned of for performance reasons, and I cannot use sandboxed browsers
Only ublock origin with only ad filters enabled is enabled on my Google Chrome.
Maybe it's not possible at all to have an adequate protection, maybe statistically wise, I can be safe. Maybe I know all the answers, but I would like to discuss it with you.
Thanks!
As a CS student and researcher, you likely need to visit multiple websites and open various types of files to conduct your work. However, it's essential to keep in mind that doing so can expose your personal data and computer to potential risks.

While Microsoft Defender can serve as a basic security solution, it may not offer comprehensive protection against all possible threats. Third-party security software can offer additional features and layers of protection. Nonetheless, it's crucial to select a reputable and reliable software that won't interfere with your work or cause compatibility problems.

As for your specific situation, it's challenging to provide a definitive solution without knowing more about your particular requirements. Nevertheless, here are some general tips that may prove helpful:

  • Using a virtual machine (VM) can help isolate your research activities from your main computer and prevent potential malware or security threats from impacting your system.
  • Always keep your software and operating system up-to-date with the latest security patches and updates.
  • Use strong and unique passwords for all your accounts and activate two-factor authentication whenever possible.
  • Exercise caution when downloading and opening files from unknown sources, and scan them with your antivirus software before opening.
  • Consider using a VPN to encrypt your internet traffic and safeguard your privacy.
  • Before opening a download, you can upload it to VirusTotal to scan it for malware. You can install the VirusTotal extension to easily upload your downloads to VirusTotal.
  • Create a separate standard account for your work.
In summary, it's critical to balance your need for access to research materials with the need to safeguard your computer and personal data. By adhering to best practices for online security and utilizing dependable security software, you can reduce the risk of falling prey to cyber threats.
 

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
Visit any page, view any content, view any .doc for infos on any unpaid webpage.

Threat actors just love people like you. In fact, they target people like you by targeting all the PDF doc hosting websites and obscure websites.

So what are you researching? What subject matter?


  • You are already aware of malicious PDFs and office docs with macros. So you can identify them and know not to click on links and enable macros. That solves the primary problem and prevents 99% of weaponized docs.
  • You already know you should be verifying every document you download by some method to ensure as best you can that they are not obfuscated malware. Whether you are doing any of that is a different matter. My guess is that you're not because in your mind it negatively affects your "productivity."
  • You can use a bare-minimum PDF reader such as Sumatra, but this will only be of assistance with weaponized PDFs.
  • It is entirely possible to protect your physical system while having good usability; use Hard_Configurator and configure all settings to maximum. Make allow exceptions where needed to permit what you need to do. You must be at least aware of it and don't use it because you don't want the "hassle" or "inconvenience."
  • Alternatively you can open PDFs in a linux distro running in Virtual Box, but I already know you're going to say it is a performance or productivity issue.
  • About the only thing left for you is to upload the PDFs and other documents to multiple malware analysis sandboxes online, review the analysis reports carefully before opening the PDFs or docs.
  • You can also create firewall block rules for the common methods and abused processes to connect out from PDFs and other documents. At least that is something and will prevent malware downloads.
  • Getting infected or suffering some other digital related calamity is just a matter of time for you.
  • You do already know the answers.
  • You remind me of the PhD candidate user that came here years ago, did all the same things you are doing. The reason they came here was they downloaded what they thought was a PDF. It turned out to be ransomware. Upon opening the PDF, the ransomware rapidly encrypted all their PhD thesis documents, source documents, etc. They had no backups.
There's a lot of very effective solutions, but you just don't want to use any of them. In your case, using a default-allow 3rd party antivirus is like throwing the dice. Your best bet would be Kaspersky with hardening of Application Control settings. At least you have Kaspersky System Watcher to rollback the encrypted documents when you get smacked by ransomware.

Or just forego AV and rely upon regular backups.


  • Windows XP, unpatched
  • Office 2007, unpatched and enable macros
  • Adobe Reader version 5, unpatched (from 2004)
I give it less than 30 days.
Thank you for your extended answer! All are valid points, while , indeed, some of them are a no to me. Your claim that weaponized docs are harmful mostly via their links or macros enabled, is interesting. I know about most ways to get infected via them, but I really don't know about the frequency of each of them.
 

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
If you do your research on your "productive" machine how would it affect your productivity if you misjudge and get infected/encrypted?
 
  • Like
Reactions: vtqhtr413

Nikos751

Level 20
Thread author
Verified
Malware Tester
Feb 1, 2013
969
In the last 30 days how many genuine infections were blocked/reported by your security solution?
None! Only some adware related js code (ads) that some av's like kaspersky and avast web protection components block.
 
  • Like
Reactions: Trident

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,630
None! Only some adware related js code (ads) that some av's like kaspersky and avast web protection components block.
So you should be good at maths, if the same behaviour from the last 30 days continues and you had 0 infections in the last 30 days, what’s the probability to get infected in the next 30, 60 or 90 days? Express it with the relevant formula.
 

Victor M

Level 7
Verified
Well-known
Oct 3, 2022
343
Go buy a Chromebook and don't use your Windows machine for research. It would be wise to divert all your risks to a separate platform. And if you backup your research document to the Windows machine, your document will be safe.

Looking back at your last 30 days provides no statistic. Insurance firms look at risk and statistics for a whole population, be it a zip code, or a city or an industry.. Only then is statistics useful and meaningful.
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi, Ink and Jack

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,630
Probability and statistics were the goal here, not to get an advice on how to stay safe from these documents.

The only way (and even that will be extremely hard) is to use probability theory by looking at how many documents were downloaded (number of trials) in a pre-defined period and calculate probability for a malicious document to be downloaded (trial to result in an event) at least once in the same number of trials. Since we are not Symantec/Microsoft/CrowdStrike here and we don’t have access to any specific threat statistics/intelligence, this is the best we can do.

Or alternatively we can provide lucky guesses.
 

Victor M

Level 7
Verified
Well-known
Oct 3, 2022
343
Is any third party security software of any value for me, compared to what Microsoft Defender can offer me? No extra configurations can be used like some of ConfigureDefender's settings, because of compatibility problems with documents and powershell scripts. Even Norton blocked some vulnerability assesment tools in vmware vbox some time ago, so I started considering Microsoft Defender in defaults again..
In the opening post Nikos751 posted his question as above. So I'm just thinking out of the box for a little bit.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,630
It's all about statistics and probability.
But then there it is said that calculation of probability is the required result here. Without knowing a ton of information more about these sites, documents, protective measures and others you have 2 options:

Assume that probability is always 50/50 as document can only be malicious and benign, and calculate probability on 100 documents (example) one to be malicious. Probability here is very high. Similarly to the probability for a coin to land on tails with 100 tosses.

Or the second way is to look at the past 100 documents how many were malicious and calculate probability for the next 100 to be malicious which is 0.63/100 or 63%. Assuming that absolutely same tendencies continue with no change 😀
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top