1

When I open an Office file such as a Word file that was downloaded from the internet, it warns me that it might not be safe to edit unless I trust the file source, but what if I actually need the file and need to edit it?

Can I remove whatever it is that can make it dangerous?

In what way can I check that the file is not a threat?

schroeder
  • 123,438
  • 55
  • 284
  • 319
zinnks
  • 35
  • 5

2 Answers2

2

While in read-only protected mode, select all text, and copy/paste into a new document.

The text of the document is not the threat but any macros and programming behind the document are threats. So, if you only need the text, copy that.

But, it is often not that simple. Some documents (like Excel) require macros and some programming to make them useful. At that point, you need to either:

  • open the document in the most up-to-date document reader available
  • open the document in a reader that is not the most common and targetted reader (something other than MS Office, like LibreOffice)
  • open and edit the document in on online reader (like Office 365)
  • open the document in a sandbox (like a Virtual Machine) that can limit the impact if the document is going to do something malicious

These options do not check that there is no threat, but it severely limits what impact the threat may have.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • When going for the second route, you might also want to do this on a box without an internet connection as there are sometimes [canaries](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) hidden inside files. – Tom K. Nov 12 '18 at 12:13
  • What about if i want the layout part of an PowerPoint file for example? – zinnks Nov 12 '18 at 16:34
  • @Laaz you can save the layout as a template or style – schroeder Nov 12 '18 at 16:38
  • @schroeder But it I just delete the macros am I safe or it is not that easy? – zinnks Nov 12 '18 at 16:48
0

There is no 100% safe to open a document, but a couple things to add to previous answers.

  • upload the file to virustotal.com and see if it comes back malicious, if it does, don't open it!
  • Open the file in a Virtual Machine running office
MikeSchem
  • 2,266
  • 1
  • 13
  • 33
  • I personally wouldn't upload the document itself for privacy reasons. You can submit the hash to V/T that would be a good idea. – KingJohnno Nov 13 '18 at 10:04
  • If there is no 100% secure way of opening a document, does that mean that if I want to use Office I have to take the risk? – zinnks Nov 13 '18 at 16:11
  • @KingJohnno submitting the hash isn't going to help if VT doesn't already have the file in their DB – MikeSchem Nov 14 '18 at 01:18
  • @Laaz there's no such thing as 100% secure with anything. However, you can mitigate risks. IE. you are not 100% secure in your house at night someone could break in and kill you, but locking your door does help. – MikeSchem Nov 14 '18 at 01:20