In this section, we will look at document conversion options and processes. We will begin by reviewing how MS Word converts documents into other formats including ODT, PDF, Epub and HTML (web pages). We will then look at how LO Writer converts documents into DOCX, PDF, Epub and HTML (web pages). We will then look at the security of options for sharing documents from email to online storage to jump drives.
MS Word Conversion Options and Processes
Open a Writer document with some text above an image. And another row of text below the image. Then click File, Save As.
You can save the document in many formats. We will save it as a PDF. Then find and open the PDF. Sadly, Windows does not come by default with a PDF Reader. The options are simply to open the PDF in a web browser like Google Chrome.
Click on MS Edge and it wants to import it somewhere:
Next click File SAVE AS again and use MS Word to save it as an ODT document. You will get a warning that you may be losing features:
But when you open the ODT document with MS Word or LO Writer, it looks exactly the same.
Next open the Word document again and save it as an HTML web page. Then open the web page with a browser. Right click and click View Source. As we saw in the last section, the source code of even a simple Word document is over 700 lines long.
Can Word Save a Document as an Epub Document?
Open the Word document again. This time, click on File, Export. Then click Change File Type and click Save as Another Type. The Epub file type does not appear in the list. Thus, there is no way for Word to directly create an Epub document. What you need to do is create an HTML document and then download a free Epub creation program like Sigil or Calibre and open the HTML document in Sigil or Calibre and then have one of them convert the document into a Epub document. But as we have just seen MS Word can balloon a file with 1 sentence and one image into a 700 line HTML document – which would also be a 700 line Epub document.
LO Writer Conversion Options and Processes
Open a blank Writer document and type in the same sentence above the image and then an image with a sentence below it. Save the document in ODT format as Conversion Test Document. Then click File SAVE AS.
Save the document as a Docx document.
You will get a warning that some of the formatting may be lost when converting an ODT document to DOCX. But click on use Office Open XML and it will be converted with no changes. Then close the DocX document and open the ODT document again.
This time save it as an HTML document. Again you will get a warning.
The HTML document will open in LO Writer. Close it. Then open it with a web browser. Right click on the browser window and click View Source. As we saw in the last section, the code is only 22 lines long. No place for hackers to hide in this document! Now close the browser and reopen the ODT Conversion test document with LO Writer. Then click File, Export As.
Libre Writer allows you to export any document, including a DOCX document as either a PDF document or an Epub document.
First, we will export as a PDF:
There are lots of settings you can adjust. For now, we will just click Export. Then click Save. Then find the document and open it with a Linux Document Viewer.
Close the PDF document viewer. Then click File Export and export the document as an Epub:
Again lots of settings. But just click OK. Then click Save. Then find the document and open it with Sigil.
Click on View Code View
The Libre Writer created Epub document has only 12 lines of code. Again no place for hackers to hide.
Security Concerns of Sharing Documents with MS Word versus LO Writer
Ransomware – hacked Windows computers have already cost corporations, governments (and eventually all of us) trillions of dollars in damages. If you doubt was a real threat Windows based and Word transmitted ransomware is, then I encourage you to read my most recent report on the hidden dangers of Ryuk Ransomware.
Ironically, if you want to share MS Word documents, there is no problem sharing them between Linux computers. They are only a threat to people who are using Windows computers.
So what is the solution if you want to keep using a Windows computer and want to share Word DocX documents with others? The answer is to download a free copy of the Windows version of LibreOffice Writer and use LO Writer to create DocX documents to share with others. As long as you and all of your friends and co-workers are using LO Writer to create and edit DocX documents, there is virtually no security risk of sharing files.
Try this experiment. Open a computer (or my case, virtual machine) running Windows 10. Then download and open Libre Writer and open a new document. But instead of saving the document the normal way as an ODT file, save it as a DocX file.
Then save the LO Writer created DocX file as an HTML file and open it with a browser and right click and view page source. It is only 17 lines. The bloated MS Word DOCX code is not there.
What about MS Word saving a document as an ODT document originally and then ODT to HTML?
Sadly, even when MS Word creates an ODT file, it still adds all of the bloated code – creating a security risk with it:
Summary: ODT or DOCX files created with LO Writer are more likely to be safe documents than ODT or DOCX files created by MS Word.
Why Sharing PDF documents is Not Secure
Traditionally, Emotet spam messages are distributed through large-scale spam campaigns containing links to malicious MS Word documents. These malicious documents are usually hosted on compromised legitimate websites and they contain an embedded PowerShell downloader script. The malicious PowerShell code downloads the next stage of the attack, which is the malware binary.
However, in some cases the actors opted to use malicious PDF documents as the attachment infection vector. If the victim clicks the link in the PDF file, the second stage of the attack is launched. In this case the second stage is a Word document with embedded malicious PowerShell commands.
The malicious Word document subsequently downloads the next stage of the malware infection – the Emotet malware – which in turn can download Ryuk Ransomware.
A study of PDF document security was recently published by the security firm Kaspersky. See this link: https://www.kaspersky.com/blog/36c3-pdf-digital-signature/32073/
The study look at 22 Windows based PDF readers (Note that the study did not include the PDF reader called Evince that is used by Linux Mint). The summary results table shows that no fewer than 21 of the 22 PDF viewers could be hoodwinked by a simple hacking attack. That is, for all but one of them, it is possible to create a PDF file with malicious content or false information that looks valid to the user.
The only PDF application that did not fall for any of the researchers’ tricks was Adobe Reader 9. The problem is that it is susceptible to a known RCE vulnerability. The Windows 10 default PDF reader was Microsoft Edge which is about as insecure as you can get.
Compromised PDF files have very low detection on VirusTotal:
The bottom line is that you should blindly trust PDF documents even if they have a digital signature. If you see a green check mark somewhere, that does not necessarily mean the signature is valid.
Security of options for sharing documents from email to online storage to jump drives.
Given that Windows Ransomware is being spread primarily by MS Word DOCX documents, it is no longer wise to open a Word document with a Windows computer. Even PDF files can contain ransomware. So how can we safely share documents with other people if we are using a Windows computer? One solution, as we have seen above, is to create our DOCX documents with LO Writer and urge our friends to do the same.
Another secure solution is to post your documents as web pages and send the link to your web pages to your readers. The benefit of this option is that your readers can also share the links to your web pages with their friends. The drawback to using web pages is that you need to learn how to set up a secure website.
But what about sharing documents that were created by others who are still using MS Word? These documents should not be trusted whether they are DOCX or ODT documents. It does not matter if you trust the source or not – as your friends can have infected computers and not even know it. It also does not matter if you download the document from a cloud server or from a USB jump drive. An infected document is still infected no matter where it comes from.
The only really safe solution is to convert an old laptop to a Linux computer and then use LibreOffice Writer to open DOCX documents in your Linux computer. Linux is not affected by Windows ransomware and there is no chance that opening an infected Word document with a Linux computer will harm your Linux computer. The process for converting an old Windows laptop to a Linux laptop is fairly easy and can be accomplished in about one to two hours. For more information on how to convert an old Windows laptop into a Linux laptop, see the following website: https://learnlinuxandlibreoffice.org/
In the next article, we will summarize the topics we will cover during the remainder of this course.