Is there a reason some books can be downloaded for free at for example http://it-ebooks.info/book/1256/ , have anyone tried these before? is it a virus or is it safe?

Those are bootleg OCR pdf of scans of real books.
http://meta.stackoverflow.com/questions/255032/should-we-add-it-ebooks-info-to-the-stack-overflow-url-blacklist

So they could possibly have virus?

Unless there is another zero-day vulnerability in Acrobat Reader or you are using outdated softvare it is unlikely. Still: (a) those scans are likely not proof read at all, so there could be mistakes and differences from original book and (b) it is a digital piracy.

So they could possibly have virus?

If you are worried about viruses then don't pirate and buy the books or w.e you download online. It also helps support the author/developers.

It will only take what 1-3 hours of work to buy the book anyways.

You should just buy it. You won't get a virus from it, but you should still but it.

Unless there is another zero-day vulnerability in Acrobat Reader or you are using outdated softvare it is unlikely.

To clarify, non-executable data can in principle contain malicious code, because computers use the same memory space for data and for code. "All" a malicious programmer needs to do is craft a file so that when a specific version of a specific program tries to read the file, it'll trigger a bug in the code, causing data that was never supposed to be executed, to be executed. The word "all" is quoted in the previous sentence because that's actually really hard, to the point that you can be reasonably certain that any given non-executable file is not infected this way. The only problem is that checking if a file is infected is also very hard unless you're looking for something very specific.

helios wrote:

To clarify, non-executable data can in principle contain malicious code, because computers use the same memory space for data and for code. "All" a malicious programmer needs to do is craft a file so that when a specific version of a specific program tries to read the file, it'll trigger a bug in the code, causing data that was never supposed to be executed, to be executed. The word "all" is quoted in the previous sentence because that's actually really hard, to the point that you can be reasonably certain that any given non-executable file is not infected this way.

Would you happen to have links to more details on hooking malicious (or beneficial) code into applications through storing the code in locations that should be read as data rather than executable?

It would kind of be like injecting code via system calls or sql injection where you take advantage of flawed code if I understand correct

giblit wrote:
It would kind of be like injecting code via system calls or sql injection where you take advantage of flawed code if I understand correct

I have been meaning to go and do some research on those... I'm the kind of person that goes "Oh I need to look that up but I'll just continue finishing this bit first", somewhere down that bit is something I think will just take 2 minutes to look up, it branches off... Before you know it I've learned about the basic principles behind something completely different :D

EDIT: I am just going to go and google for code injection right now but if anyone has some recommendations on good material then links please? (I'm always up for links to everything XD )

A few web sites have real books that are free for download. I believe that MIT's Open Courseware has a few and if I remember correctly so does Microsoft's online Academy.