Discussion in 'polls' started by lodore, Jan 1, 2016.
Quite possibly, but that's over my pay grade. I'm hoping HitmanPro.Alert has my back.
I sure hope so none the less.
For viewing PDFs online, I use the included PDF viewer from Chrome, in the browser I use - 360 Extreme Explorer.
For PDFs I have saved, I use PDF-XChange Viewer.
online PDF in Chrome sandboxed
offline PDF in Foxit portable protected by an anti-exploit
In my pc (XP):
Online Firefox protected by MBAE Premium.
Offline SumatraPDF protected by MBAE Premium.
In the pc of my daughter (7):
Online Chrome protected by MBAE Premium
Offline SumatraPDF + manual lowering IL (low) + protected by MBAE Premium
I do a lot of research for my master's program, so typically use google search's cache option to view word documents, power points, PDFs, etc. There are a few select circumstances where I need to view the files as they were intended and not plain-text. So what I use to do was download inside sandboxie and reupload to a junk cloud storage account. I would then purge the sandbox (because sometimes no choice about being signed in to course shell to download these). Then relauch a clean sandbox with tight restrictions and preview them from cloud storage with the provided built-in viewer. Since my switch to chrome browser and shadow defender, I have to actually restart the computer when switching from general browsing to doing school work, but still take advantage of a junk cloud storage account. I've configured my browser to disable extensions with exception to a few important ones and generally enable on-demand only for the google docs type extensions as necessary. On chromebook, I take advantage of the guest browsing account, I have somewhat automated the setup processes a bit by saving my rules to another disposable account, and generally do some preview work. But I generally follow the same steps. cache whenever possible, or use built-in previewer from cloud storage provider.
Earlier this year there were bugs in both FF and Chrome, the one in FF was abused in the wild. But from what I understood, anti-exploit and even Chrome's sandbox would not be able to mitigate this type of exploit, because there was no code executed. The attacker could access all folders that the browser has access to. So only data protection (like offered in Sandboxie, for example) would have helped.
Would you link to an article that describes that? I saw your earlier reference, but it was just a definition of data ex-filtration.
Yes, should have added the links, here they are:
Thanks! I learned that the exploit targeted the Firefox PDF Viewer. Does that Viewer have the "Always Ask" feature?
That feature would certainly prevent an exploit from running an unsolicited PDF file.
I appreciate the response and thank you for those links, made for an interesting read.
How do you view pdf files?
On-line I most often use the browser (Firefox).
Off line, I have a few options available the default program I use is Okular. In Windows I installed Adobe Reader. In OS X I use the default Preview.
OS default (not browser default).
PDF-XChange Viewer for everything. The built in browser's plugins are just too hard to deal with.
Seems to me we did this before.
Interestingly though, PDF-XChange Viewer still keeps being updated.
Chrome and Edge are enough for me. Used to use PDF-XChange Viewer, but didn't need the extra features.
Yes, it was updated less than two weeks ago.
On Windows 10 1607 Chrome and Edge.
Separate names with a comma.