How many times have you heard “Don’t open attachments”? It’s a solid advice, but 1. most people don’t follow this advice and 2. depending on your job ( i.e journalist ) most of the time it’s almost impossible to follow.
For example, if an attacker knows about a security bug in Microsoft Word, they can carefully craft a Word document that, when opened using a vulnerable version of Word, will hack your computer. All they have to do is trick you into opening it, perhaps by sending you a convincing enough phishing email.
Dangerzone aims to fix this problems by allowing you to convert PDFs, MS Office or LibreOffice documents and even images to safe PDFs.
Dangerzone was inspired by Qubes trusted PDF and uses containers as sandboxes instead of virtual machines (using Docker for macOS, Windows, and Debian/Ubuntu, and podman for Fedora).
- Sandboxes don’t have network access, so if a malicious document can compromise one, it can’t phone home
- Dangerzone can optionally OCR the safe PDFs it creates, so it will have a text layer again
- Dangerzone compresses the safe PDF to reduce file size
- After converting, Dangerzone lets you open the safe PDF in the PDF viewer of your choice, which allows you to open PDFs and office docs in Dangerzone by default so you never accidentally open a dangerous document
- PDF (
- Microsoft Word (
- Microsoft Excel (
- Microsoft PowerPoint (
- ODF Text (
- ODF Spreadsheet (
- ODF Presentation (
- ODF Graphics (
- Jpeg (
- GIF (
- PNG (
- TIFF (
Download and installing Dangerzone
- Download Dangerzone for Windows
- Download Dangerzone for macOS. Alternatively you can install Dangerzone via Homebrew with
brew install --cask dangerzone
- Linux users: check the wiki for installing Dangerzone
How does Dangerzone work?
The first container:
- Mounts a volume with the original document
- Uses LibreOffice or GraphicsMagick to convert original document to a PDF
- Uses poppler to split PDF into individual pages, and to convert those to PNGs
- Uses GraphicsMagick to convert PNG pages to RGB pixel data
- Stores RGB pixel data in separate volume
Then that container quits. A second container starts and:
- Mounts a volume with the RGB pixel data
- If OCR is enabled, uses GraphicsMagick to convert RGB pixel data into PNGs, and Tesseract to convert PNGs into searchable PDFs
- Otherwise uses GraphicsMagick to convert RGB pixel data into flat PDFs
- Uses poppler to merge PDF pages into a single multipage PDF
- Uses ghostscript to compress final save PDF
- Stores safe PDF in separate volume
Then that container quits, and the user can open the newly created safe PDF.
1. Open Dangerzone, and click on
Select dangerous document ...
2. Browse your computer and select the compatible file that you want to convert.
Save as... to choose where you want to save the converted file and its name.
Also choose which app should be used to open the safe file after convertion, and language is necessary.
3. Now click on
Convert to Safe Document and wait. Depending on the file you want to convert this can take a while.
4. When it’s done, the converted file will be opened in the app of your choice. Below you can see the result. Original ( up ) vs converted ( down ).
I’m not sure what kind of compressions Dangerzone applies ( as said in the features ) but the converted file is over 3X bigger. Otherwise there is no difference.
For more info and troubleshooting check out the official project page on GitHub.