Comment by gleenn
11 hours ago
Do you have any specifics on what Drive does? Any examples of it fixing embedded virii? Or is this blind assumption?
11 hours ago
Do you have any specifics on what Drive does? Any examples of it fixing embedded virii? Or is this blind assumption?
I assume they mean "upload to drive and use the web based reader to view the PDF," not "upload to drive and download it again"
And what special sauce does the web preview use? At some point, someone has to actually parse and process the data. I feel like on a tech site like Hacker News, speculating that Google has somehow done a perfect job of preventing malicious PDFs beckons the question: how do you actually do that and prove that it's safe? And is that even possible in perpetuity?
> how do you actually do that and prove that it's safe?
Obviously you can't. You assume it's best in class based on various factors including the fact that this is the same juggernaut that runs project zero. They also somehow manage to secure their cloud offering against malicious clients so presumably they can manage to parse a pdf to an image without getting pwned.
It would certainly be interesting to know what their internal countermeasures are but I don't know if that's publicized or not.
It certainly reduces the concern of PDF viewer vulnerability that allows local execution access which is the concern here.
It's an image sent from Google.