Browser Notifications: a feature asking to be abused
Вставка
- Опубліковано 2 гру 2021
- Hello, my friends! Let's hit 15K likes? Check out my website! enderman.ch
Today I am going to show you the essence of browser notification scams. These are probably the most annoying and disgusting type of malware I have seen in a while. Browsers have to either restrict that functionality or completely remove it.
Links:
Private repository - go.enderman.ch/repository
Password:
mysubsarethebest
Still got questions? Don't hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #adware #malware - Наука та технологія
Adfly:
first line: Hey Cutie:)
second line: Wanna meet?
THIRD LINE: PROTECT YOUR PC
this is the dumbest ads can get
lmao true
adfly skip my guy
Adfly 😀 is SUS
Yeah lol🤣🤣🤣🤣🤣🤣🤣🤣🤣😂😂😂
I was always wondering why there isn't "Allow for X hours" or "Tell the site you allowed, but in reality block" option for site notifications
Opera has tell the site allowed
Also i remember chrome has decline for 1 hour
Just desactivate windoQ notifications
Or you can go to that site settings, enable notifications and when you have done what you wanted you just disable them
@Nice is opera bad? I use opera gx so idk
@@elmoli2217 opera was bad, a long time ago.
today its the best
Pop-ups was a feature that turned into a problem in the 90s, now browser notifications is the updated pop-up. I personally think that browser notifications should be completely removed, they are far too intrusive
if u use social media in your pc its quite useful.
@@glucky2119 it's bad regardless lol,because it's badly done,notifications should be inside an application
@@fitmotheyap disagree, we use facebook here in the phil and I can easily see my notif while watching youtube
@@glucky2119 that's great
*Make it an app that's optionally enabled regardless*
Because most don't use it,you are an exception
@@fitmotheyap its easy to block the notifications though, so I dont know why they need to make it an app
Ah yes. My IT teacher loves those notifications. I love how the notifications kept popping out when she is projecting her computer display via projector.
the IT teacher has psychopath behavior
wow how does she live
She's too strong to be left alive
While watching assembly: *Notification*
@@-why Your IT teacher is IT?
never allow them
most of them contains adware
and malware
I dont think one allow button on browzers without downloading can get a malware
But adware yes
@@TheDanikReals adware can lead to malware
Yes it is and we should not click it
I only do it for social media like Pleroma and Mastodon
I hope they change the name back to popups than Notifications
Just think if site got infected and sends you Notifications
I would choose popups than Notifications
is sound way better
I think browser should just always return true for asking to enable notifications. Trying to send a notification should ALWAYS pretend like it succeeded, but it won't send it if notifications are disabled.
Also, the enable notifications popup should have a warning saying to only enable it for sites you trust and that sites cannot detect it.
Sites would just counter that by measuring how long it takes for a response or ask you to first block and then allow notifications
Sites can go around that by sending a code through notification and asking you to input that code
I think the best way of managing notifications is with feedback, when first enabling a website to notify a user then once in a while they should be asking "you recently received this notification from this website, how would you evaluate that?" "Good or bad" or "useful or unwanted"
Then based on a score should disable them automatically, or ask you "you said bad/unwanted, so you wanna disable it?"
Especially with notifications telling you "security allert" so the user is always informed that's an ad and not a real alert. I do tech support to some people in my city and they often call me because they think to have a problem with the antivirus, while it's just an ad, but the headers of the notifications are so small that you think they are legit.
@@gaggioaxel Or just add a "3 dots" menu next to the X button to disable notifications for that website
Technically, clicking the cross to close the pop-up would do that, since you're closing a system-bound pop-up and not returning anything. Correct me if i'm wrong.
Here's another thing I've ran into:
Adware/malware that asks for permission through UAC, but it won't let you click "No" and instead will respawn the UAC window until you click "Yes" and let it do god knows what. The worst part is that it isn't easy to get out of, unless you switch to another user through the Ctrl+Alt+Delete screen (assuming you have multiple user accounts, if you don't, you can only restart) and the process through task manager. The idea is to annoy the user until they think that clicking "Yes" is the only option.
It's easy enough to recreate if you know programming: create a payload with UAC request in the application manifest, pack it into a parent program, make the parent program extract the payload and attempt to run it inside a while true loop. Since clicking "No" on an UAC prompt throws an exception, you can catch it and just continue the loop. If you don't catch an exception, you break the while loop and the payload gets run. The exploit here is that clicking "No" throws an exception instead of either doing nothing or killing the parent program.
OMG this is so true man!! Thanks
Ok but can't there just be 2 buttons "Yes" and "No" but the No button is just the Yes button named differently? Can't you just program it like that?
@@pat1509 You can't break into UAC dialogs without finding an exploit lol.
If you are quick enough to throw the focus on another window especially Edge the uac prompt would stay confined in the taskbar. then open task manager and kill the app. eezy peezy
How about task manager on top,will that work I wonder,since I use task manager on top
Adfly: Yay! a new person to hack!
*noticing it’s VMWare*
Adfly: But now I don’t want to
8:09 - "So, anyone can pull this on you. Especially Russians. *giggles*"
Made my day!!
hehe boi…
Isnt that a insult?
@@attackehh he is Russian lmao
@@TheFakePlayerGame I know but the Russians thing is supposed to be making fun of them.
Giggles intensifies
Man, I forgot how clean the Windows 7 interface is.
The only reason i still don't use it is because...
1. I'd need to pay for it.
2. Security concerns.
3. No support for more modern drivers.
@@trafficconememes331 you pay for things while I use open source. We are not the same.
Lol this is windows Vista
@@Siberianlyix nah man
I am a enterprise client and I have Windows 7 updated and supported to this day, and I do not want to switch to another version of Windows :)
One problem in browser that they are too powerful.
You can literally run a VM in background while the user thinks the page is closed!
Also, some browsers are so broken that some alert-requests block the entire window
You mean after opening the link, allowing notifications and closing the page, it is a sort of "ghost window" still active
@@Navi_Silver Yep!
I bet this is often abused for crypto mining.
@@Sparkette I don't think service workers (background browser tabs) are given resources like that but with how much memory Chrome wants I wouldn't be surprised.
Adds get really annoying in browsers, a good example is when I want to download a Minecraft Mod and it takes me to Adfly.
Mcpedl
@@ilikeminecraft1232 thats for PE tho
there's a plugin called universal bypass that might come in handy
@@adrekiy0 what does it do
@@kayleighmoore6951 if someone using the plugin's been to an adfly link before, it kinda stores it in a database and skips it for everyone else
my dad once activated notifications on random sites and since im a "tech genius", he asked me to remove them. i literally just disabled notifications directly from chrome.
My dad isn't very smart with tech, so whenever he sees a prompt with the button "Allow" or "Accept" he just clicks it. The amount of cam girls notifications he gets when he opens his laptop is depressing.
Ironically I got the notice for this video going live by browser notification xD
Ironically I don't care xD
Not sure you're using the word as intended, but to each their own I guess.
@@I.-_-._.-_-._.-_-._.-_-._.-_-I ok dont reply then
@@sunnyleone6018 now thats ironic
@@vadnegru indeed-o
Next video: clicking on all the urls the bots in this comment section are leaving.
Oh no. All the ones that link to explicit websites too?
@@williamhuang8309 It'll be like a roulette. 😜
sadly yet another example of a somewhat useful feature being abused into oblivion. imo, chrome should heavily restrict notifications, give easy access to turning them off, and let the user know every now and again that sites can send them notifications
huh, old chrome "alert" dialogs were worse. Literally some malware websites were spamming alerts and it was impossible to close the tab. Whats more sometimes if you were spamming "ok" button an extension install request was shown. Thankfully alert dialog cannot bring focus anymore.
Do you mean the JavaScript function
_alert("Lorem ipsum dolor sit amet consectetur")?_
@@_GhostMiner exactly
@@_GhostMiner Alright
I have all browser notifications disabled outright, they're just not an appealing feature since I'm not the biggest fan of desktop notifications anyway. I usually use focus assist and have like 3 or 4 programs that are allowed through, chrome not being one of them. My phone is the place where endless notifications go.
Nobody uses browser notifications they shouldn’t even be a thing
why are you lesbian?
@@bryanhamfootball reminds of the "why are you gay" clip lol
@@BlueMoon1890 HAHAHA, Exactly want im tryna do, (i support the LGTBQ comunity)
@@bryanhamfootball well thanks for the support :) some of us can be real stinkers and it's good on you to support their lifestyle
I never ever pressed "allow". When browsers started to using notifications I was surprised and scared at the same time. :/
And now we know this is a BAD FEATURE!
Yeah before I pressed block but still got notifications
_Just go to settings and disable the notifications_ , *NO ANTIVIRUS NEEDED!*
but they can still send you notifacation except you cant see it
When I was like 8 or 9 I remember there was malware on my family desktop that changed the chrome start page to some 18+ video game add.
That’s how I switched to Firefox and never came back - possibly the best worst thing that happened to me on a computer.
F
Actually, Firefox is a very easy target. I've even seen a scam extension that blocked the addons manager!
@@0xC4aE1e5 so is every other browser tbh
unless you use something obscure
@@0xC4aE1e5that isn't possible (at least in modern versions). Browsers don't allow you to access browser URLs
1:53 this feels like a transparent background
It's a shame to see that kind of thing happening, but I don't think removing would be the best, for me is pretty useful feature as I have my own little server that sends sensor data to my devices with a simple PWA and self signed certificates/certificate authority installed
I once clicked allow when getting a minecraft mod, and my pc was *FLOODED* with notifications, and i had to hastily change the notifications setting. Talk about a nightmare.
the notification should not differentiate block and unchosen and make it impossible for the website to work out if block has been clicked or not
When I was very young like 5 or 7 I was on my father’s computer and just clicked allow on anything ended up with a incredibly infected machine it was terrible and that was the day I found out about “adult content”…
Man, 5 or 7 is a too big gap to forget especially at the particular age
@@rayirth.upside-down heh imagine finding out about it at the nice age of 1
@@TorutheRedFox well you wouldn't understand a thing, but unfortunately im not even a doctor so i shouldn't even be qualified to say that
@@helper_bot and that's the problem, if a child at that age doesn't understand, it'll make sure it'll find out
I know because it happened to me
I think browser notifications must be regulated or better, removed.
They can't be removed because they are useful for email and messenging services
@@windestruct they can. The email and messages service providers can implement and work out a plan with Google on making a system only for this kind of thing. Don't say BS.
@@psyonix_2829 Well, they can't make out an entire alternative to notifications, but they can do something like a notification permit and only permitted websites could ask for notifications
@@psyonix_2829 no. It would be expensive to make a alternative, what we need is “tell the site you allowed but block”
@@michaelepica3564 lmfao what? Google is the richest company that ever has existed 🤣
Who thought it was a good idea to give the website a return value? Seriously this is a ridiculous vulnerability.
In windows 10, there is a function call ‘focus time’ or something like that which shuts up all notifications and diverts them in to the Notification Center but if the browser starts spamming it, you might loose that snip and sketch screenshot that you wanted to edit
I did it to on a virtual machine at the end it looks like my grandma's pc edit: thanks for the like 😈😳😹 rip bozo
Maschine? From Native Instruments?
**machine*
My lil bros pc is like your grandmas pc too. It is a computer
But the PC boosters make it work better. 👍🏻😃😤
@@banane7139 lol no
I've always hit deny, haven't got into a situation where I have been "forced" to hit allow.
The "allow to continue" stuff could be easily stopped if browsers had an option to block but tell the website the user clicked allow. Since the browser could easily do that and the website wouldn't know better
i remember i used to download youtube to mp3 things, and it would always ask me to tap allow on these notifications. i never did because i was paranoid, even at like, 10, so i’m glad i didn’t click it and just downloaded the mp3s.
Same
browsers: hey we have this really cool feature you guys should totally use it!
spammers: *looks into camera* oh, we'll use it alright.
Maybe we could have a notification blacklist in browsers where it shows a warning on low security and straight out blocks ot on high (with opt in and out options of course).
I really like having these alerts on some sites as windows notifications are normally pretty bad.
"Ordinarily, malware is something that I love"
I'll take Unlikely Sentences for $500, Alex.
Jeopardy!
Fr💀
This reminds me of something that happened to a friend.
He visited a somewhat shady website, clicked allow notifications, and his *chromebook* got infected with some kind of malware.
Browsers like Chrome should fix these kinds of vunerabilities, like by having a button which doesn't allow the website to ask for notifications again, or by blocking notifications without telling the website.
Side note: how did that website manage to infect a chromebook? I thought for a while that it would be extremely difficult to infect one, but I guess I was wrong.
the actual reason i never click allow notifications is because i'm worried some exploit will come to be. since notifications are an operating system feature, my paranoid head awaits a moment when a malformed notification request will create an entrypoint outside of the browser sandbox that allows malware to automatically enter my system
Reminds me of my dad who wants to watch Romanian TV but ads are invading the website. I taught him 3 main things:
1.NEVER CLICK ALLOW ON NOTIFICATIONS FROM BROWSERS.
2. If a page appears that blocks your access to the whole browser, ctrl+alt+delete -> Task Manager, and click the tab that doesn't let you close the browser.
3. If there is any suspicious malware that you don't find or the laptop is too slow, you need to clear the cache or reinstall the browser.
How would you know? Aha, "browser task manager",
@@QuantumScratcher ?
Unfortunately that task manager trick doesn't work if you're using Firefox. It only works on chrome or chromium based browsers like edge where each tab is a separate process
whenever these bitly notification thingies appear, they always have the redirect link at its own link, so I just copy that and translate the parts that I know are slashes
not anymore
@@fortnite.burger I did this today lol
Once our Social Studies Teacher was projecting her computer screen in class and an ad for Increasing PP size popped up with images too 😳
Idk if they should remove the feature entirely, but I think they should have an option in the browser settings to see all of the sites you have allowed the notifications on and be able to remove them. Idk if some browsers already have this, but all of the ones I've used require me to reset or reinstall them to remove the sites that I've allowed notifications on.
(in chrome) wouldn't going to the service worker, and ctrl+f for "true" do exactly that? legit question btw
I think browsers should work by automatically report to websites that the notification was actually enabled - even if the user clicked on block so that websites don't redirect you forever
I like your content very much Ender :D
@@sunnyleone6018 shut your mouth.
@@-lul Lol, Mate.
Good solution can be limit sites to send, for example, 3 message day and if user really want to increase this value, allow it to change only in site settings, not on pop up notification. Like it works on Android
As an IT tech for lots of businesses, this is abused a lot.. and has been for years!
Wouldn't the solution be Block all notifications from your browser?
i think in the redirect web example 2:45 that doesn't solve it per se
@@helper_bot he means blocking notifications from your browser using the os, e.g site is forcing notifications, so user accepts the notifications, and then blocks notifications from browser using windows settings
Another thing that i notice is that the "principal page of adfly" (the one where you can skip the ads) change his web direction constantly idk why
PD: sorry if I say something wrong english is not my first lenguage
Bill becoming uncanny for Windows
Great video, but just gotta ask, are you showing IT security risks... while on Windows 7...?
CommonSenseTM and bypassESU
I remember back in 2017 my client say after accidentally click on "allow nofication", bunch of "error messeage" display that the computer get virus, and when open it, it let to a website and downloaded some Ransomware. Thankfully he was able to SHUT the power of the PC right away and bring it to me, or otherway, his computer will just become a piece of PCB can display some screen.
ah... adfly, my old friend, used to go past them a lot downloading minecraft textures in the beta.
EDIT: just came to a realization that Adfly uses a bee for their logo, and not a fly.
adfly used to be useful for making money off your links, but now the ad features have expanded so far that bitly is just better
"Before doing, think" - Sun Tzu, maybe.
I think that solution to this problem could be something like Brave's default action on this notification request: "remember my choice until I close this site". You can still use this feature if you select something else like "for 24 hours" or "forever".
from just scrolling on yr i saw ur channel and a bunch of others soo i got into suff like this and i fixed my school's pc it had some sword of trojan and malware i got a 5 \A for fixing it
ur content is fun and entirtainment( idk how to spell)
also what vm do u recommend for free? idk how to start orackle
ok is no one going to question why the recycle bin is named "Recycle Bin OwO"?
Enderman:"The more annoying the notifications are for a normal user the better"
Me: bRuH
This is why i always block notifications.
Sadly people abuse them because others lack foresight
My browser notify list only has UA-cam and Google Meet so I can see when the meeting is about to start.
3 years ago i downloaded a bunch of games and things for animating from videos (it had adfly links) and the ads were so annoying man. Now i go to videos with direct link
I love how clean the notifications look
on windows 7.
I think browsers shouldn't tell sites if notifications are blocked, In my opinion clicking 'Block' should send a website the message that you allowed notifications, but they're blocked
lol i remember doing that when i was young and got 18+ ads
This makes me want to create an anti-virus or an anti-pup software that checks your notification subscriptions on every browser you have installed and then compares them to a database of known malicious or unwanted notification links and removes them and blocks the websites that prompts you for notification access from being visited. What do you think?
Browser notifications are Pop-ups 2.0
What I do is open the settings for the page in a different tab and then click allow and when I’m done I go back to that settings tab and block it
so, if you did click allow, don't worry. you can easily remove them by going into notification settings in your browser and blocking any suspicious sites
I would know, as I fell for one
browsers should only give notification feature to only big websites (like twitter and instagram)
You can never get past one sketchy site without encountering them
I usually have it set so that any notification requests are blocked.
9:48 you can also just block permissions for all the sites you went to since service workers can only really run in the background when they send a notification
You could go into your settings, and disable notifications again after you get to your website.
If you reset the settings is it fix the problem?
Using a bypasser extension works to skip these.
Also instead of removing browser notifications, the browser company should check the website and approve it.
i have never used notifications once, it's like it only exists to be annoying
Didn't know these notif would invade my Windows notifications. I hated both.
It could just been allow just for once . And then if the site tries to send notifications it fails
You dont need to click allow or block just click the x to close it and it works. You might have to do it a couple of times tho.
Add-fly:pop up
Enderman: Im gonna send you to Jesus
Enderman you linked to a video at the end screen credits about anti viruses and all the fake pop ups around them. I would like to know what antivirus or malware blocker or whatever you want to call it you use and any you recommend.
MalwareBytes
@@sunnyleone6018 Damn daniel
@@sunnyleone6018 Bot
@@sunnyleone6018 wow creative bot
@@emblemi6345 I seen it many times
Browser notifications were a mistake.
So when I use Safari there's a Chrome Popup like in your vid but when I go to other Real Sites and they ask for Camera its a normal safari popup not a chrome, so I think they can't send you notifications because they only put in like the picture of the chrome popup
Thank you for explaining why I can actually click block, I was doing that before, but I didn't kniw why it worked.
1:42 u can actually just press block after block after block and it will redirect u to the page u want (works with adfly)
Hey Cutie :)
Want to meet?
*[] Protect Your PC*
Lol
you had us in the first half not gonna lie lol
Well, Chrome's quieter messaging works.
Umm Can i ask a question?
Ok so everyone knows about bsod and some of gsod (this one for devs build)
But...i got my first error like that today but it was pink? I have no idea what Pink Screen Of Death mean and how did it activate?
I like how Andrew self sponsored himself.
I remember I was going on a website and it said ''click allow if your not a robot'' so I did it came up another 2 times and I clicked it I forgot about it and later I got a notification saying I have a virus did a windows virus scan nothing no viruses at all
Wait, is this the windows 7 laptop? Link the one used in the Windows 7 EOS video?
I think that “Block”/“Allow” set setting for all sub domains.
That's why my browser is always on mute
you can block them from ever asking that from browser settings.
Question: Are you having blue screen issues while trying to start VMware 16? I got a SYSTEM_SERVICE_EXCEPTION for trying to start a VM.
I've been getting notifications like this, but only from Mirror Ash and Alternate World Ash, he thinks my device has a virus
Yey new video!
This is how you nuke a school computer
How do i boot an usb drive (with xp in) on a gigabyte H110M-S2H because it doesnt even show my usb drive when i try to boot in
or actually a black screen
Your voice reminds me of an old youtuber,TheSerbianEnderman,literally i cant stop listening to ya 😂
i use nord vpn to block ads but when i connected to nord it will block the ability to play any xbox games online and use any microsoft apps like the store mail xbox app ect because when im not using nord i use a proxy so it sucks bc i cant block adds