Best practice for safe viewing of PDFs posted to list

Wed Jun 10 14:44:29 PDT 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/10/2015 04:50 PM, Seth wrote:
> Links to PDFs are not uncommon on this list but I never feel
> good about opening them up.
 [ ... ]

> I usually use an open source reader like muPDF on SumatraPDF in
> a VM, but it's a hassle.
> 
> Curious if the advice given above is still relevant and also
> what other on the list recommend for safe viewing of PDFs.
> 
> [1] http://www.pcmag.com/article2/0,2817,2362356,00.asp

I think that using a reader like Evince inside a VM should be very
safe, relatively speaking.  Needless to say, if paranoia is an
issue don't let a PDF file you didn't make yourself touch any
installed Microsoft OS (except inside a VM used for no other
purpose and "rolled back" to an earlier snapshot after every use)
or any "smart phone."

If you want a really unpopular PDF reader, try the GIMP:  It can
import PDF files as rendered images, one layer per page.  It can't
execute active content.  Anybody who anticipates this security
measure, and devises a way to make a PDF file climb out of the
GIMP and take over the machine, arguably deserves to succeed.

:o)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVeK+5AAoJEDZ0Gg87KR0LBHEQAIRqeMYyIysEMARM3+76L198
lLs9CDN2vTJAtXp/x6cb6xKWswppYpN8WqV/FWWRvUA1Las6HuBpyf0ULiY/piC6
5z3CF1KzKlNI2sRX93bvNQZJ0alKOshwRBjCRb5mEue7hCHmyosTu0ppxY37Q/go
oaKnWaevihOh5jv1W2Rc7IOElXw6seQwp6nEQDEce8GlN7i+h+g2UbID5HKW02/c
xxSIdSPZhExwaz/RaICGT6g9mCuz3AT8xg+gdbzW8lVlrpaqEQuY07OGITIXYxoz
vycfyZOYjudWv72njz7qpoYXoTdfte8Iwde8s4GN77JttzdXEySrzd/cXUxR08aD
+0+JnNCjTxM191C4gZW0OKdPleqUBwZOMUJpTrTpbP/JPYW3JqOSzG9BZmMh9ClG
LP97WEootEiP/ZsB+H9uOaXC6NZTnVfj9MV2ovr9vsUhNOuNKSHH6usJqaUGS2l6
ccM5ZXU/yHECCfwFWzcsOCIT1EAPlfEpzB74hZ3ja5RlRa9jmmelEUpbmS16PKNy
wsqVsoN67uIsVGfTskIEWiWfRj8lORBLKY2hre16cvZ8nGH2+p6Mm3y/ImKSFJAg
883ScaQMNW2KBwCEV2NJ5zjMgo5/VBKo1sZ/R15ppKXTR3QgnlHRdnGzavOhb1Tr
IBmOZqBJ1QUHWLOA4koI
=+zTe
-----END PGP SIGNATURE-----