Is it safe to open "suspect" pdf files in virtual machine?

Question

I became aware recently that Javascript scripts can be embedded in PDF files.

Anyway, I have a pdf file which I suspect is not safe to open. I scanned it with VirusTotal and Kaspersky VirusDesk and they found no threats, however they informed me that the file contains Javascript indeed (some kind of automated script on opening) and the possible threats these scripts can contain.

I was wondering what is my safest option, I thought about opening the PDF in a dedicated virtual machine, say Ubuntu. Is this indeed the safest option I have? (Assume I need to open the PDF file).

As a sidenote, should I be so worried of PDF files?

Answer 1

Short of setting up a dedicated (physical) machine just for potential malware, a dedicated virtual machine is pretty much your safest option. It's how the professionals do it.

Make sure your virtualization program (e.g. VirtualBox, VMware) is up to date. Malware could potentially escape a virtual machine, but such vulnerabilities tend to be fixed in updates very quickly.

As a sidenote, should I be so worried of PDF files?

As with many other things: it depends. Do you know the source of the PDF? Is that source trustworthy? If the answer is "yes" to both of those questions, there is little reason to worry. If the answer is "no", then you might want to proceed with caution.

However, even if the PDF contains malicious code, you are generally only at risk if you open it with a viewer that contains some vulnerability, allowing the code to "escape" the viewer. This is analogous to a program escaping a VM, or JavaScript escaping the sandbox of your browser.

In short: use an up-to-date viewer, and you're probably fine. Still worried? Check it out in an up-to-date VM.