How to safely open an email attachment?

Sasha · August 31, 2020, 11:58pm

Hi,

I would like to have your opinion on the following.
I would like to know how I can open a suspicious file attached to an email without taking (too much) risks. I’ve heard about a few possibilities:

open the file in a Virtual Machine (with internet access disabled?);
open the file from an OS in live mode. Would Qubes OS be much more recommendable than EndOS for this, or could EndOS be considered as ‘relatively’ safe?

Do you know other ways to do that? I’ve heard about containers too, but I’m not sure if they would be useful here (I don’t really understand the way a container works).
Are the above possibilities relatively safe? I think that by relatively safe I mean that there would not be any consequence if the file is a kind of generic malware.

Thanks.

pebcak · September 1, 2020, 12:08am

A live usb is read only mode and when you boot from it, the os is loaded into ram. It won’t affect the underlying system. When you shutdown, everything is forgotten.

jonathon · September 1, 2020, 12:29am

You want hard separation, so VM or read-only live image would do. A VM is technically safer because it doesn’t have access to your hardware.

keybreak · September 1, 2020, 9:21am

I’d do any kind of risky stuff in VM

c00ter · September 1, 2020, 12:15pm

Why do you consider the attachment as “suspicious?”
Do you make it a regular practice to accept such email?

If “social engineering” leads you to this point, it may be time to re-visit your own “social” practices.

regards

Sasha · September 1, 2020, 5:04pm

Thanks for your answers, that’s helpful!

mdoverl · September 1, 2020, 9:30pm

::Raises coffee mug for a sip::

“Nice to see you this fine evening @c00ter”