Try this in your favourite File Manager

nevj · February 28, 2022, 12:11pm

Hi Daniel,
I am not sure. I know email uses the MIME system, so that means it must use xdg-mime to determine file types.

I guess you are talking about an email attachment file. You do need to be careful of those, because apparently they can do things if you open them, if they are malicious.
I would only open an attachment if I knew the person it was from.

I have never looked at thunderbird to see if it can determine a file type of an attachment, before you open the attachment. I will look.
I can see what you are asking … you would like to know the file type BEFORE you open it. Makes sense. I will try

Regards
Neville

Akito · February 28, 2022, 12:52pm

That applies to any file on the OS. The malicious part is not that they are executable or attachments or whatever, it’s that you open something from an untrusted source. You might as well open a usually downloaded file in your file manager from an untrusted source and have the exact same issue. It just happens to be the case, that this problem is more common with e-mail attachments.
Otherwise, there is nothing more malicious about e-mail attachments than running/opening a file on your OS, as usual.

nevj · February 28, 2022, 1:22pm

I am confused.
Opening is not the same as running a file. I can open a file and just read it. Is that not less risky than executing it?

And I thought email files had some extra risk. You say no. So every time I download a pdf file, you say that is just as risky as when someone sends me a pdf file as an email attachment. And , if I just read it rather than execute it, where is the risk?

Akito · February 28, 2022, 1:40pm

That can happen in a file manager, as well. So, the risk is the same. It’s uncommon for users to edit an executable, as it is supposed to be run and not edited. So, the two most common actions are either editing/viewing the file content or running it as an executable (script).

If you download a PDF file from an untrusted source and then open it, it’s just as risky, as you opening it as an attachment, made available through an e-mail sent to you by an untrusted source. Essentially, when you open it as an attachment, it gets downloaded to your PC, anyway, so it’s the same. The difference is, that it seems like it’s never downloaded. In reality, all directly opened files are downloaded, too. But they are downloaded into a temporary folder, where it gets deleted on the next temp cleanup.

The only difference that matters between opening it as an e-mail attachment and opening it on your own file system with a file manager is the way the file gets treated. If you open it in your browser, because you have your e-mail inbox opened in your browser, then the PDF will most likely open within the browser. However, opening it with a file manager, most likely won’t open it in the browser, but in an app. It’s more likely that the browser is vulnerable, as Chrome, Firefox etc. is so popular, so it’s a welcome target for paid hackers. However, no hacker will even touch some open source unimportant PDF app, because literally nobody cares. It just wouldn’t make any economic sense to pay a hacker to use an exploit on such an unimportant and unpopular PDF program.

There is another edge case, where files may not be downloaded to the computer, at all. For example, opening an Excel sheet online may result in it being opened online only, through a Google service. This would mean, you avoid the risk of running a malicious program on your computer, however on the other hand you are handing over possible private data to the Data Kraken, which feeds off our digital souls.

Depends on how the user achieves it. If you explicitly open it in a text editor with the Open with… button, then it should be safe, except that button has an exploit available. However, if you double click it, you can never be absolutely sure, it will open only for editing purposes, as the default behaviour might differ between OS distributions, and you might expect the wrong behaviour.

Additionally, just reading a file is not all the time absolutely safe. Sure, opening a text file can’t do much harm, but opening a Word document with macros enabled may result in the same behaviour, as if you ran a malicious program.
That’s also the most common trick used in e-mail attachments. Most people just want to read the Word document, then open it, enable Macros and the damage is done. Macros in Word documents coming from untrusted sources are very dangerous, if you are a target who has anything valuable to offer.

4dandl4 · February 28, 2022, 1:42pm

@nevj
With Windows I can leave the file in my Downloads folder and even use Thunderbird and save the
email in special folder and use Windows Defender or even Virus Total to scan the the files.
Not sure how this works with Linux.

nevj · February 28, 2022, 10:53pm

Thank you, that clarifies the issue.
I think pdf was a poor example, because pdf is cutdown ps so it is a program like a Word macro. You dont usually view it in an editor, you need a pdf interpreter, so it coiuld carry malicious code too.

A pure data file, like an image, should be intrinsically safe, because nothing executes it. Is that correct? Or could an image or a data file, hide some code which if accidentally executed was malicious?

From what you say, it seems the safest course is to download, whether by email or other means, save the file, use a virus scan on it, and choose your program to open it in carefully.

Akito · February 28, 2022, 11:07pm

Yes. It can be actually quite dangerous.

As a third and best reference you should watch Mr. Robot, the TV series. There is a scene, where a victim opens a picture on his Apple device, allowing an attacker to gain complete access to the device. Mr. Robot is one of the most accurate screenplays in regards to hacks, exploits and computer business.

No, anti-virus software is overrated.

The best thing you can do is to only use trusted sources. For example, only use FOSS. Only download from people and entities you trust.

Of course, nothing can make the computer a 100% safe, in the end.

There is only one way to be absolutely safe:
Remove all network hardware from your computer and never put any 3rd party software on it.
Ideally, you should manufacture the hardware itself, too.

This is the only way to be absolutely sure. And even then, you must make sure not to let any government agents near the location where the hardware is placed…

nevj · February 28, 2022, 11:18pm

Thunderbird works the same in Linux as in Windows. If you click on an attachment it offers 2 options, open the file, or save the file. I would choose save, then you get control over what you do with the file.
If you put the email in a folder, that should be safe, as it does nothing.
If in doubt, put it in the trash folder.

Sometimes people embed images in the body of an email, instead of using an attachment. Not sure what happens there? You dont get a chance to choose whether to view it.

Akito · February 28, 2022, 11:25pm

Most modern e-mail viewer solutions actually give the users that option. Good e-mail providers, like for example the following one, is actually hiding pictures by default. You have to explicitly enable them.

nevj · February 28, 2022, 11:27pm

I will echo that.
You meant FOSS software, not the itsFOSS site, although that should be clean too.

Akito · March 1, 2022, 10:10am

I meant FOSS, i.e. Free and Open Source Software. Ideally, it should be FLOSS, i.e. Free, Libre and Open Source Software. However, the Libre addition does not make it more secure by design, so FOSS, should be enough. However, that in turn means you either have to trust the creators of the FOSS release or you need knowledge on how to detect malicious code inside that FOSS product.

nevj · March 1, 2022, 12:16pm

Open source means more people see the source code. That must mean it is less likely to be malicious. Safety in numbers, like democracy.

Akito · March 1, 2022, 12:40pm

No. Where’d you get that from?

I’ve seen plenty of ages old open source code and literally nobody took a look at it, because nobody knows about it.

The most recent I found is this:

FOSS since 2011 and it has 7 stars and 5 forks on Github. Still better than 0, but I’ve seen repositories like this with literally 0 interaction.

So, no, open source does not mean more people see this. I’m sure Windows source code is seen by a thousand more people at Microsoft, than this little project could ever imagine its size of the audience to be that big.

It is less likely to be malicious, because black hats most likely wouldn’t publish their source code to Github, as there is no point in doing that. It’s an unnecessary extra step.

That’s the theory. In practice, your open source project, as already explained above, needs to reach a certain size and importance in the open source world. If it does not, it’s almost as unsafe as a random binary on the internet. It’s less likely to be malicious due to to other reasons, but not due to its democratic nature, when it comes to such small and unnoticed projects.

Akito · March 6, 2022, 1:13am

@nevj

All valid JSON is also valid jsonnet.

If a jsonnet file has only valid JSON in it, how does the OS know, if it is a JSON or jsonnet file?

It can’t know. It’s only possible to know, if the extension is set ot .jsonnet.

nevj · March 6, 2022, 1:35am

Same goes for C and C++
If the file manager is only going to display it all it needs to know is that it is asci
The problem is caused by using the file manager to execute files

My internet is out.We have floods

Neville

4dandl4 · March 6, 2022, 1:26pm

@nevj
You stay safe!!!

nevj · March 6, 2022, 10:34pm

Thanks. House is high and dry. Phone line under water