How to Avoid 99% of Malicious EXE Files
Вставка
- Опубліковано 2 чер 2024
- Protect your browsing with Guardio, plus get a 20% discount every month for a year, with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
▼ Time Stamps: ▼
0:00 - Intro
0:41 - What Malware is Out There?
2:07 - A Very Excellent Thing
3:37 - What to Check on Exe Files
4:20 - Important Side Note
5:23 - What's the Point?
6:32 - Invalid Signatures
7:38 - Malicious PDFs
8:35 - PowerShell & Script Malware
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
• My Gear & Equipment ⇨ kit.co/ThioJoe
• Merch ⇨ teespring.com/stores/thiojoe
• My Desktop Wallpapers ⇨ thiojoe.art/
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ - Наука та технологія
4:47 Be aware that it almost never matters what file extension the file has, it can have a digital signature anyway. Exe files can be renamed to Bat, and sometimes, they could run (Not worth testing tho), and it will still have a digital signature. In fact, if the content of the file is a valid EXE or DLL, Windows will detect its digital signature and display it in the properties box if it is present. So before running a suspicious batch file, try to open it with Notepad. If you get unreadable characters - it's an EXE masked as a bat file, don't run it
You're right. I tested it. Renamed an EXE to BAT (or CMD) and Windows launches the EXE. Of course, you shouldn't open a BAT file unless you 100% trust it.
Very valuable piece of information! Thank you 👍
what about .doc files?
just dont run any suspicious BAT or EXE file. this video is so poorly made that he didnt even talk about the important stuff like how PDF or DOC can actually be an EXE file. Signature is there to say the file is UNALTERED AND from the OWNER. the OWNER can be the hacker so what's the point of checking that?
@@ms9001 Yeah and there's malware tools to embed into any other file, so opening a jpeg or png could open the original file _and the malware_
" How to Avoid 99% of Malicious EXE Files " learn how to avoid phishing emails and use windows defender.
Who uses windows defender in 2023/24?
@@ArunavaVishalDutta a lot of people actually. It’s actually pretty good, and perfectly viable as long as you don’t click literally every single link and download every single thing that exists.
@@ArunavaVishalDuttaa lot and it’s actually good now
Never I tried loads of AV’s in my life and will never recommend to use windows defender or mcaffee to anyone.
If want to use something free go with malwarebytes or even avast
@@ArunavaVishalDutta considering you dont need anything more and that its on by default, I think that a lot of people do use windows defender
Better tip is to actually check what you downloaded because malware can be signed all the time and plenty of small projects release unsigned binaries.
Worth noting that at least some open-source projects will post a hashvalue (e.g. md5 or sha256) of the download package, which _(to whatever extent you already trust the source)_ provides a way to verify that the downloaded file is what they claim it is.
That also verifies the integrity of the download for important files. It makes sure every bit matches what it supposed to be, which could be important for something like an OS
@@tommy8716or any program. Specifically when you get a cracked game and 1 file that is 37kb is missing and it is so crucial the game won't run without it.😂
That assumes the download site hasn't gotten hacked, so not foolproof. But yes, its an additional security layer nonethelss.
The hash value is _not_ the same as a signature. There are ways to modify a file and keep the same hash value. Hashes are great for verifying file integrity (i.e. checking the network didn't mess anything up), but they can not protect against bad actors.
You could still post a file, e.g.,THIS_FILE_IS_NOT_MALICIOUS_WINK.EXE, with a proper checksum that still contains malicious code. A proper checksum verifies the validity of the file itself, but the file could still do deceitful things.
Happy New Year ThioJoe 🎉🎉🎉 You are if not the best, definitely one of the best out there 😁
🐢
🐢
🐢
🐢
Happy New year ThioJoe!🎉
Beautiful work as always, Daf! I’m looking forward to seeing what ‘24 brings you and us. Thank you!
Did not know about that adobe setting, imo that was the most valuable piece of information out of this video, thank you!
It's pretty easy to know what's fake and what's not in email phishing. I don't get emails from hackers and scammers, but they are on my dad's emails, and I tell him if the emails he gets are real or not. They always say Your email name, not your actual name, since the person who is trying to hack or scam you won't know your name unless they get all the details from a data breach.
Great tips!
Thanks for the video!
Happy New Year!
Happy new year you really are the legend of tech
Image.jpg.exe
Happy New Year 🎉
"If it's signed, it's probably fine" - nice rhymes man :)
Digital Signature means nothing. Small developers usually don't sign their binaries, but this does not mean that they are dangerous. Better tip is to AV scan or run your executables in a VM. Use virustotal and clamav to scan the binaries.
I'd say the VM check is Downloading Binaries 101, also I can't imagine a scenario where I'd download binaries that often, especially from suspicious sources
I guess my point is that not all unsigned software is malware, but (virtual) all malware is unsigned. Kind of like squares vs rectangles.
So it’s still important to be aware of.
Microsoft Sandbox VM too? @@ThioJoe
if youre downloading something without a digital signature thats reason to exercise caution. youd want to go to the source directly for those executables, not trusting the copies you are sent over email. additionally, if the program you want to run normally would have a digital certificate, but the copy you have received does not, or has an unmatching signature, that tells you something is fishy.
@@ThioJoe That's true. I would remark that people shouldn't randomly open random executable files without actually understanding what they are.
Thanks for the information,
This doesn't always mean anything. Remember your own "Never Wonder About Weird Windows Error Codes Again" video from two months ago? Microsoft signed the err.exe file with a root certificate that's not trusted by Windows 11... (nor Server 2019, which I also checked.)
Excellent video 👍 Thank you 💜
Intro killed me 😂
Thanks, man of science.
Send the files to Virus Total - job done!
I had a problem once with all the exes that were signed was invalid. It was on a virtual machine that I had not used in a long time. I just had to run an update so my root certificates would get updated and that fixed the problem.
0:56 me who never checks my email:(*happy only 8% danger noises*)
Best protection against ransomware is window's controlled folder access.
Can you explain about it more
@@allanfikri Non whitelisted programers are prevented from modifying files in your protected folders.
Which is impossible to use, because the list of watched folders always include Documents. A lot of apps save their data into that folder. So you have to whitelist almost everything you run. So you will likely whitelist the malware too, should you ever encounter it.
And Backup, and running software as another user (achieves the same as Controlled Folder Access)
nice tip Thio, but here's a tip for you: my family is still owed an ethernet cable by you
what steps do i need to take to securely view pdfs in Firefox or Chrome-based browsers?
Good info
I forget malware even exists for months at a time because not opening suspicious files and only downloading from reputable sources has been ingrained in me since childhood.
What bout malware ads? Also Happy New Year to all!
well uBlock Origin browser extension's the one i use to block that, tho i do have to whitelist some sites manually and also it does block tracking pixels on sites too and on those i've to whitelist it the browser handles the removing trackers part i use LibreWolf which is a fork of firefox
I would also like to see a video on this by ThioJoe. I assume an ad blocker is likely the best solution.
you forgot to mention to also upload the file to virustotal to see if virustotal finds any viruses in it.
Gotta love all of the people who expect me to ditch my PC, forsaking all of the programs I'm used to, buy another computer and relearn another operating system just because it is their opinion I shouldn't use Windows. Yeah, like I'm really gonna do all that because you said so.
Does a program exist that would add a "check signature" to the file explorer context menu? Even if one does not install lots of programs, it would make things as simple as possible. :)
Open the properties
@@AllExistence thats not what hes asking tho
@@XAMEREN That's exactly where you can see signature on files in explorer.
@@AllExistence he wants it directly visible in explorer itself, not to click 4 buttons to view it just for one app
One of the right click file explorer context menu options for a file is “Properties”. It opens a window with several tabs. One of tabs is “Digital Signatures” if it has any. It lists who has signed the file. It is two left clicks away from the context menu instead of one. Close enough I hope.
I feel like even built in antivirus is good enough for most people, every time I've downloaded a malicious file, defender automatically deleted it before I was even able to scan it lol
Couple of questions about the subject.
1- I read PDF files using my web browser (Firefox) treating the PDF file as a webpage hosted on my PC (the browser’s URL is the location of the file in my pc Ej: file:///C:/Users/pc/folder/file.pdf) ¿how can I protect against malicious scrips here?
2- ¿is there such a thing as a malicious .mp3 or another kind of audio/visual malicious file?
The PDF isn't treated like a webpage, Firefox is just a program that can read PDF files. This small difference is important, cuz as soon as u open a malicious PDF file, malware starts surging thru yr shit. Truthfully, the only way to prevent a malicious PDF from damaging shit is to scan it before you open it.
And yes, mp3's can have viruses. Think back to the Limewire days lol.
Major red flag for malicious emails is the presence of any sort of executable file. Why someone try to send them at all?
I have an exe of jasc paint shop pro from 2001, I'm surprised it was even signed way back in 2001
You have finally earned a like from me. It has taken a while for me to forgive you for the misinformation that you used to put out years ago
Does Linux-based OS have equivalents to digital signatures for executables?
From my research, there is something similar in Linux. Apparently, you can check the digital signature of a file in the repository you download from using your distro's package manager. You can also compare its sha256 checksum on your local system with its sha256 on the repository where it's hosted.
Normally I’d say something about the video but I just enjoyed it, don’t know what to say
I have a problem with my laptop if you can help me am trying to install windows 10 but at the end when everything is done it says we couldn't install windows 10 i don't know why my windows is 7 ultimate
The slide shown at 2:00 indicates 49% of web delivered stuff are the EXE's. Did I blink and miss where the other 50 percentage points are shown?
Nevertheless, informative. Thank you.
@PalmDevs Because of the video's title, I was expecting the exe column to be 99%. Those others are different ways to get malware.
My old laptop got infected from malware that came from an exe
I was in class and in a rush while downloading it so i didn't check anything
1:51 Also known as EDP445
edit: oh nvm he said PDF files
Only download files from trusted sites that you trust but if it looks suspicious like it has fake download button it's a virus
My TV couldn't read my external hard drive after defrag. How to fix it?
Don't use unsigned application if it's not open source
And also be wary of using a signed application if it's not open source
1:22 I wonder why shady sites use zip instead of normal exe ohhh
What about Knox security on a Samsung phone this Guardo will clash won't it
I should have watched this before running 800Mb .exe windows activator
I literally only use e-mail for account verification and shit like that. I'm also not stupid enough to fall for a phishing scam.
how would malware get signed in the rare cases except if it is using stolen certificates and hopefully the stolen certificates would get reported and nullified.
Hey thiojoe! I dont know if this is your area of expertise but does it make more sense going with a ryzen 7600x + a 7900xtx/ possibly 4080 super. Or go 7800x3d with a 7800xt and upgrade gpu in a few years? Im currently still using a amd fx 6360 and a gtx960 since 2016. Overclocked to the brim and barely keeping up 😅😅
What resolution are you running? Refresh rate?
you should go with an Atari 2600. it's the most powerful computer ever.
@@psyxx_ 3440*1440p 165hz
dude, he is more a software guy, ask ZTTBuilds
7800x3d anyday with 7800xt will run good for many years later just upgrade gpu when have enough spare cash
There's no menu item 'preferences' under 'edit' in my Acrobat Reader.
I frequently download disk images or exe files intended for a entirely different CPU families (say, Motorola) for the purposes of emulating classic retro computers, and I'm fed up of Chrome AND Windows 10 flagging most of them as MALWARE and me having to convince them that THEY'RE ABSOLUTELY NOT MALWARE whatsoever!!!
How can i transfer virus updates to another P.C. ?
Can you make a full vidio on linux. I want to know more about it
Doesn't windows automatically check signatures when running an exe (user account protection)?
User Account Control isn't meant to check signatures of different files but rather to grant/revoke permissions from a user
I say there's a simple way for micros**t to ditch signatures for something more secure. Private compression algorithms, devs can continue to use exe's for testing while for users they should expect some new format from m$ that is the original exe encrypted via some private algorithm, one they can update on a regular basis to make hacked ones harder to pass on. The OS just has to unencrypt the new format and run the exe normally. If the encryption used doesn't match what the updates provide it's auto flagged as unsafe. m$ can just add an id of some kind to the encrypted exe files that can then be used to download the newest version the encrypted exe (as in when they update the algorithm the copy of the exe they have gets reencrypted and replaces the existing one that use to be downloaded). Can't say this is my favourite method given it requires closed source code but it IS a reasonable windows specific solution.
Hey, interesting idea! Using private compression algorithms and regularly updating the encryption to enhance security sounds like a solid approach for Microsoft to explore. The concept of adding an ID to encrypted exe files for seamless updates is a clever way to keep things current and safe. I get your concern about closed source code, but it does seem like a practical and effective Windows-specific solution. Great thinking! 👍
That's some anti utopia s**t straight out of apple
@@absolutehuman951 Oh so you somehow think micros**t is "utopia" worthy? Nah mate, windows is closer to hell like apple is. If you thought the private compression thing was the "anti utopia" part then no, that's not how reality works. In reality users of m$ windows are targeted more often than linux users like myself because often they don't know how to keep themselves safe. The compression thing would obviously be an option they could turn off since developers would need access to normal exes to test their code with. Anyone who uses the compression thing is not gonna be someone who's overconfident in theit ability to protect themselves on the most user targeted platform on the planet. I'm not arragont enough to say I can protect myself from every attacker out there even though I'm on linux and I welcome someone coming up with a way to make the algorithm user choosable. My current idea for making this less dependent on a single source for the compressed version would be to attach the algorithm to the user accounts used to download the apps. On linux this would be a one stop shop to the distro's server or maybe even a shared one for all distros. Perhaps it could be the case that a dedicated app format is made instead like the elf and so binaries but instead a single extension for both apps and libraries called zef that expects to be uncompressed/unecrypted/both before being run. Much harder to inject code into a running app/lib than it's original binary. My original idea would simply serve as a inspriration for the final form of whatever is chosen because it is a dam site more secure than letting any rando app run just because it is a standard format like *.AppImage, *.elf, *.app, *.exe or whatever else there is
wow you didnt even talk about files that masquerade as exe files such as a malicious doc or pdf file. that's the one most people fall for.
On another topic, I heard something about Tetris - 1st time a person reached the highest score, then the game crashed... 🤔
Apparently, that "game crashed" is how they know that they beat the game.
I've saw an artice years before where an article states a Tetris game comes with malware
@@GTAMan21 Russian spy software, perhaps?
I have app locker turned on, from previous video
3:36 starts the video
Didn't you almost get a malware from Nuget download?
,,,ja true but to make that distinction is misleading: there is only one "stream" of data!
How is Firefox's pdf reader compared to Adobe's, when talking about security?
It gets updated faster and it supports less features. Both good points.
the spanish voice 💀💀
I dont see it! 😮
How to avoid 99% of malicious .exe files: just don't use them most of the time. Granted, I don't use Windows, but even if I did, my most used program would still be Chrome (what it is now). If you're ever finding yourself where you want to do something and the only option is to run some random .exe file, maybe reconsider.
And if you're worried about running a disguised file, .exe files disguising themselves really only works if you don't have "show file extensions" on.
I use masOS 10.13 (ik its a pain) and lineage os 20 on my raspberry pi
Use sandboxie or something like that.
Deep Spanish voice 👍🏻
Even easier, to avoid 100% of malicious files simply leave computer off, problem solved LOL!
Is there any way to block malicious URLs or IPs directly on the router?
it's confusing how viruses are mostly spread by email
Easy way to spread stuff... It goes directly to the person, you don't have to hope they visit your website or phishing them over to it.
After more than 30 years people didn't learn from e-mail attackings
hey
Audio is kinda odd today (or maybe just my device)
Hm there shouldn’t be anything different 🤔
@@ThioJoe Hi yes, I used my headphones and sound is perfectly fine. Thank you 👍🏻
I've been fixing freands families pc's since the 80s.
i found pc i had to fix or even accout jacking through mailware / viruses
and the dam willy nilly app's and side loading
Its 90% a ID10T issue😅
i got pdf file i got hacker
How to avoid 100% of malicious .exe files: don't run .exe files ✅ /j
wheres the other 1%.. 🤔
Yeah where’s the other 1%?
Well i made up the 99% number anyway lol. It’s probably closer to 99.999%. The rest being a malicious exe that is somehow signed, which I’ve never actually seen myself and is incredibly rare.
@@ThioJoe got it 👍🏻
Lets goo!
Audio Track in Spanish Please
Whats up woth your neck? This looks like ai artifacts or a deep fake, are you experimenting?
Or just chuck your computer out the window. No malware can infect your computer if you don't have a computer!
Can u make a video about how to check if zip file containing virus both on mobile and PC and laptop
Good video but I don't like the click-bait title
Avoid 100% and buy a chromebook.🤣
56th
How to avoid malware: Dont have internet
(Stolen)
Virus total.
good morning
Second
That Digital Signature Tab must be in Windows 11 as not in 10 Pro
Easy: Use an operating system that is so archaic that it depends on the file name extension to determine its file type, that doesn't go out of its way to hide those file name extensions from users, and whose file manager doesn't easily get fooled of the file type by appending additional extensions to a file name. In short, don't run Windows... run a UNIX or UNIX-like system instead.
is it just me or thioJoe is deep fake? like if you look properly at his neck you can see it
Maybe because ThioJoe looks older now and he wants to look the same as he did before in his videos? Or he's just testing deepfakes out? The only other explanation I can think of is he modified his face in photoshop and then deepfaked it to make himself look better or it just looks like that. I honestly think he just looks like that because of the way he talks on camera and the way he has his camera set up and the lighting
Step 1: Install Linux
I just watched almost the whole sponsored section trying to skip the section with my nose
Don’t use Windows, problem solved.
How's that true? Linux and Mac can get viruses too.
@@Slender-the-Blender But 99% of malware is for Windows only and Windows exe files are not made to run in Linux or MacOS.
Hello thanks for all the helpful videos. Jesus is Lord. Any one who calls on the name of the Lord shall be saved. Jesus is God's Son who lived a sinless life then died for our sins. Jesus was raised from the dead, was seen by witnesses and went back to heaven. God loves you and Jesus both.
I'm glad you stopped trolling
Who the heck is using email still? Oh, people who probably aren't watching this type of videos.
You can avoid 100% of malicious EXE files by using Linux
Except if you also use WINE
@@tablettablete186 I believe Wine is still sandboxed, and you have to be pretty deliberate with running things through Wine
Why it looks like he has some kind of filter on his face