This video shouldn't be *misinterpreted as advice not to use any firewall* especially if you're using a laptop and connecting to random Wifi networks. Also, since everyone is asking why I ran the sample in a Win 7 environment (yes, this happens the same way in Windows 8/10). The purpose here isn't to bash Windows Firewall. It is a demonstration of the problem with a security model relying on the firewall on the same system the malware is executing from a cybersecurity perspective with real backdoor example.
What the hell is this about? This setup can only work if the user you run this under has actual admin rights... and if it does then ANY solution is purely gimmick. What are you trying to teach here other than you not being aware of what an administrator is...? Please upload another video doing the same procedure but with the user being an actual user... And yes, UAC / Admin will stop this kind of bs - and if it did not (due to other exploits stacked, privilige escalation issues etc.) then ALL other solutions aside from a hardened and unexploitable (lol good luck) hardware firewall with DPI and other layers on top will not stop the threat either. So in summary your video says: basic threats will be dealt with unless you're being hacked by the FBI - and if you are... well... nothing will stop the attack. In the worst case people will just visit you, smash your teeth in and kindly ask for the password again. Get REAL.
Honestly the firewall doesn't make that much differnce on a local LAN. It's more for hosts on the public internet that are being continuously scanned for vulnerabilities. You could very well disable it and it wouldn't make any difference. You are already behind a NAT firewall, your home router. And the host-based firewall in windows is designed for programs that run with administrator privilges can create exceptions for itself.
So don't use an account in the Administrators group for everyday use? Then malware running as that user won't have the elevated privileges to run netsh and compromise the Windows firewall. Am I correct on this point? Of course, an (additional) external firewall is still preferable, but on a mobile device, you have to use what you've got available.
please make more videos about malware analytics techniques , and it will be much better if you make a series from beginner to advanced. your channel is really great thank you
If uac is turned off and the user is silly enough to have their account run as admin or if the uac did pop up and they clicked yes when they initially launched the file
Yes it's a domino effect when the user runs at all times as local admin with UAC off. In this case using Windows Firewall is the *least* of security concern. Interesting walkthrough a Trojan but I dont get the point of this video and may be dangerous if viewers misconstrue this as turning WF off!
People usually just elevate the original malware executable without checking what it is when they run it initially. After that there's no more prompts because it has access.
So, I've just never heard of that site until this video. It's very interesting to see what it can do. Are there any other sites of this type that you are aware of? Maybe you could do a video on such sites which you think are beneficial to people interested in cyber security. Thanks.
Virus Total is THE website for these things, it was bought by google long ago and has a massive database, if there is any other website I doubt it's any more powerfull.
However, everyone with private desktops and laptops are kinda screwed. I think he used administrator to demonstrate the market consumer average when it comes to Windows usage, which are often the common home usage Windows.
@@psychcisco then they should also have the operating system labelled. As well as installed updates and OS versions. And really, it shouldn't need to be said. Every laptop in the world is sold to automatically set up your primary account as an Administrator, and every PC is preferably set up as one. And this is primarily a problem caused by user account control, antivirus and firewall permissions. If you're currently running a non-administrator windows, I have no idea what you're doing
I used to have deep freeze but the problem is it burns out the read and write of HDD platter disk in the long run but good against virus that overwrite the system very effective, if you know how to use it, just dont use a virtual disk as a storage, use a second physical drive,
You are testing your assertion using Windows 7 32-bit, which has entered end-of-life Jan-2020 and has not been receiving any meaningful updates for quite some time. It would have been more relevant if you run this experiment on an up to date Windows 10. Then see that the assertion you make does not hold true, at least for this test.
UAC was supposed to protect against that. But people kept complaining about annoying prompts so Windows made the default security level for never OSes "medium" which doesn't ask about built-in programs running with Admin priviledges. Instead they now use safe screen stuff that looks a program trying to run on up on the internet to determine if it should display an additional prompt. Basically just turn UAC to high first thing on a new PC and never have an issue like the one displayed.
Since more and more people are running smartphone devices, I was just wondering if you could make in the future a video about Antivirus software for Android/iOS?
@Dex4Sure well.... There was some instances were devs put malware and bypass Apple/Google protection. And don't get me started how many times ios users were attacked by hackers using exploits.
@@БрухБрух-щ7и Yeah and its been real bad recently for android anyways... ( it's almost like google don't give a **** ) I don't know too much on apple as I don't hear as much about them. ( side note . . I'm not a fan of Apple and their crappy broken products ... Customer: Something broke/ not working? Apple: Buy a whole new computer )
@@pcsecuritychannel I'm not sure if a Raspberry Pi would be useful for that, since solutions like PiHole exist for other purposes. Just a thought for the video.
@@abandonedmuse My modem router combo from my ISP is really basic and doesn't have anything like that. If I go in the setting there is nothing for firewall but my cousins they have a different ISP and they have firewall options and stuff.
Someone clearly has a rather limited knowledge about firewalls and security in general. As an IT security guy for over 17 years this was quite painful to watch.
As suggested in the video, a hardware firewall is preferable, though that is pretty benign advice. A better (i.e., more possible/likely to be done, not "superior") suggestion, also in the video, is to have some other software firewall. Generally this will be bundled with some antivirus software.
Comodo firewall free, but good luck trying to find the correct download, nowadays the official web tries to spam you with "Complete Antivirus with Firewall" not the "firewall free" I am telling you.
@@el_tate Took me the best part of 2 seconds to find it. I googled "comodo free firewall" and got this link www.comodo.com/home/internet-security/firewall.php
@@el_tate Okay so I retract my comment slightly, but it does appear that to get the firewall you need to install the AV product as well. I wouldn't say thats too bad considering comodo AV is actually pretty good.
@@nitaihat12 Just look at CVEs And of course it requires admin privileges. As much as I appreciate this channel, he often seems to blatantly skip things that would make you worry less. This might be either due to him targeting less experienced users that indeed shouldn't get a false sense of security with all the malware out there, or if it is to help sales of security software. If you are an experienced user, you can spend less money on security software and instead just keep your eyes open. But sure, don't do as root.
@@lukasvincourcz7043 May be true, but thats actually their problem. Microsoft even released Windows 10 for free at first and clearly said that Windows 7 won't get supported anymore after some time, as every older Windows version. So I really don't see the point of making the test on an outdated windows version... Hope you get my point.
@@brunopaquin5637 While true, one should NEVER update to windows 10 through an already installed windows 7. windows 10 should ALWAYS be installed fresh from scratch and never as an update. my friends and hundreds of people I know have gone through hell doing it that way. then weeks later microsoft themselves posted on their website saying the same thing. And I only use windows for pc gaming.
I think the point of the video was to use "security through obscurity". In other words, If you switch it up and use a different firewall the malware likely won't be written to specifically shut down that alternative firewall. If you are using common applications (MS Office)/OS (Windows)/Firewall (built-in) your system is what most malware are designed to attack.
@@sooocheesy People are better off just purchasing a tiny mini PC, with a cheap CPU, but not too old. and install Linux OS as the host-OS of that Tiny / Mini PC and then install OpenSense or pfSense with Saracata, and place the tiny / mini pc between the main computer and the router. You can get some pretty awesome protection.
Why is this so misleading? Executing the "netsh advfirewall firewall add rule" requires elevation, so unless you disabled UAC you will be perfectly protected by Windows firewall. Also it seems that in order to execute the Fire.exe you would need to disable the AV as well.
Couldn't you just... set up a standard user account and use that for everything and require separate admin credentials? That said, I have glasswire on my desktop. It uses the Windows Firewall, but you can set it to ask to connect. So it blocks by default requiring your input to accept. It also provides a quick snip of where the application is connecting and its rating with Virustotal. It's kind of hands on at first, but once you figure it out it is pretty helpful at identifying shady programs. It does a whole lot of other things but I mainly like it because it makes managing the Windows Firewall possible.
I see you’re using Windows 7 in the virtual machine. You probably shouldn’t use this at this point as it is no longer supported. You may get a different result in Windows 10 defender/firewall. I use MacOS so this won’t happen to me. Saying another software firewall might’ve worked isn’t saying much unless you show it working. As well as router firewalls which I believe I have. What is the likelihood of this happening if you avoid sketchy sites I would say don’t lose any sleep over it.
The PC Security Channel Microsoft may have issued a patch for this except they ended support in January and this cane out in April so there are no more patch Tuesday patchers for win 7. The last patch Tuesday for win 10 was on May 12 so it would be worth testing an updated windows 10 install to see if this works. In practice don’t visit any malicious sites to avoid something like this.
@@abc123fhdi In the best case it will present as a notification. Do you know what happens when your average user is presented with a notification? "Yes" "Okay" "Continue" "Accept" "Confirm" etc. :/
@@advertslaxxor That's not a failure of Windows; that's a user error, and no firewall can prevent ham-fisted users who are itching to mess everything up.
@@pcsecuritychannel Did you test it on Windows 10? You used an OS that's EOL, and it's successors have had major overhauls in the security department.
@@RWBY Right? I wonder why TPSC didn't think about it. If you are testing, you need to have consistency. And that would be a REALLY stupid step from Microsoft to just let any program control Firewall, especially now that they invested so much money and time in Defender. And well, if the user gives it Admin right... then they are screwed. BUT TPSC didn't mention that - he just said that the problem could do it by itself, which is not true. That program needs admin rights.
Because I'm just demonstrating a basic point about security model which is independent of OS, be it Windows 7/8/10. For everyone saying it requires admin access, sure, but most malware/ransomware executes with admin access anyway, be it through privilege escallation or user grant, if you watch TPSC often you know this already. My objective is to make people aware of several cybersecurity scenarios. If you take it as a universal bashing of something, that's on you.
@@pcsecuritychannel want you to run it using the latest version. Since win 7 already expired. Need to show to anyone that say default windows protection is enough
@@pcsecuritychannel Yeah but if the malware executes with admin access anyways, which is not always the case but have it your way. The point is, there is no software firewall product that is going to protect you against this or with other words windows firewall does not do less of a job than other firewall products. So he's right, this video is a joke and you are mispresenting information. Also who says a hardware firewall will deny this traffic, depends on how you set it up.
You assume you are a local admin here. So this is not realistoc demonstration. Your trojan executed will not run first if you have Smart Screen enabled and Real Time protection with Tamper protection. Also, any other firewall, if you have local admin on the box, then it is a done deal. It is pointless to demonstrate any attack vector on any system if you own the system. The most important compromise already done (Local Admin/Root). Also, using Windows 7!! Come on!!
Exactly. He's thinking about Windows firewall like an application whitelister. If you run this trojan with local admin privileges, and if it managed to bypass the Windows Defender heuristic scan and behavior blocking, it can already do anything on the system.
Honestly I don't see the point of this video. Most users setups don't need a firewall (software or otherwise), because their behind a router doing NAT for them, so unless the malware can open ports in the router they are protected. There uPnP of course, but the whole premise of the video is wierd. It's not whether your firewall is good or not, it's about running untrusted software and the correct use of UAC.
There is a software (more like a gui) called Windows Firewall Control. It has an option called Secure Profile that deletes or disable any firewall rule that was not created using that software, even if created using cmd running as admin. But I'm not sure if it is that secure. It's now owened by Malwarebytes too. And I double down on asking you to do a video about good firewalls =)
isn't the point fairly mute? There are only so many & they all have shutdown commands via command prompt/powershell. My argument with this isn't [it's better to use a network firewall], it is what it requires to run.. if you're talking about privilege escalation or snuck into some installer or the user is just that stupid to hit yes.... Then a firewall wouldn't be doing much anyways. to be honest, this comes off as .... ass backwards. Ya, if we're honest a malware could as easily uninstall popular anti-malware/virus, firewall programs with elevated access as well. The point made is .. done so in a vacuum ignoring that software firewalls on the infected systems are not trustable or reliable because malware has likely gained or been given admin access.. and adding to the 'do not use windows firewall' as a headline is fing moronic as it will do nothing but mislead people whom don't get the concept & whom only have experience of 'router firewalls' being from their ISPs & that suck donkey ass in control ability & limited ability to set finer rules that often interfere with baby first servers.. which include MP gaming servers. [which takes my tech literate friend minutes to actively resetup even a minecraft one, and luckily it doesn't use normal ports so that it doesn't conflict with other things] A Hardware firewall would be pretty neat for people sure, but the problem comes in... most wouldn't know wtf to do & how to set it up, let alone think it's worth the cost ranging 50-120$USD, to 300-600$ USD, & broaching 1k+$ USD. i've a feeling that if more videos like this come out... MS will likely disable CMD & PS access to the firewall, which does nothing but harm users as the API access is still there & that doesn't stop other methods of disabling a software firewall either.
Nope. I have never seen malware with built in commands to add rules to other software firewalls, while I'm sure some may exist, that does not make refute the fact that this is a de-facto command for any backdoor trojan. Regarding the cost of hardware firewalls again, a false dichotomy there, several routers these days come with firewall functionality, not to mention the existence of PFSense. Plus, as I said in the video, I'm not insisting that everybody shouldn't use Windows Firewall, just pointing out how it will rarely actually help most people against malware and instead just add an annoying alert to their day every couple of weeks. This is all very practical information. I just demonstrated a scenario. People are free to use the information as they like.
1:30 *SERIOUSLY WTF!!!???* Why doesn't that command AT LEAST require some kind of password to execute!? (as a parameter or a separate popup window or something.)
If you are someone who use the Windows Firewall at least in a corporate environment, one other thing you can do is use a GPO to control the Windows Firewall and tell the firewall to ignore any locally made rules. Is not a guarantee obviously but would provide some minor to moderate additional resistance to this attack. Ideally though, ya you want a hardware firewall that can actually scan into the packets and an IPS on the host that will run hashs against executables.
I thought the default config for a router firewall is to deny unsolicited incoming connections and allow outgoing connections. I don't see how that is better, unless you have a default-deny policy for outgoing connections and you are obsessively white-listing domains you visit in your router. This is fine if you're in a corporate setting, but I don't want my wife nagging me 20 times a day to add new domains to the whitelist while she's shopping online for nicnacks and dodads.
actually windows 10 as well as windows server 2003 have basically the same firewall and most malware that affected server 2003 surprise works in windows 10 i highly recommend another firewall program as well as anti malware and anti virus as well
Well obviously you use an anti virus software preferably with a firewall or one that modifies the Windows one, but you are right a firewall in the router would be the better idea, some internet providers also have firewalls at their base which seems to become more and more widepsread. I would really like to see you explore more GNU Linux safety aspects etc, interesting to see which are really more secure, with or without AV.
I use Private Firewall on my laptop. It lets nothing through that's not part of the operating system and lets you know if something is trying to get onto your system. It's a learning curve to use it.
Leo, i have bitdefender antivirus plus edition which doesnt have firewall, i dont want to use windows firewall, any recomendation for firewall that can installed with bitdefender antivirus plus?,P.S.: sorry for bad english
This video is absolutely misleading. Disabling Windows Firewall requires malware to have administrative privileges. But if malware has them, it can disable ANY SOFTWARE FIREWALL that you are running on the same PC. Of course buit-in firewall is much more common and because of that is targeted first. But if you are using ANY OTHER software firewall in the same situation you are BY NO MEANS SAFE.
This video is clickbait and misleading in so many ways. First and foremost, you ALLOWED the netsh command to be executed as a privileged user; are you going to make a video called "Why you shouldn't use UAC" next? Second, it's entirely possible that any replacement firewall software you deploy on the host will also allow CLI or registry control to stay under the radar. Almost every third-party firewall device allows outgoing connections by default unless explicitly blocked. Third, an "external" firewall running on a separate system won't do any good if the malware communicates on common web ports (80, 443) which was the case. Fourth, you seem to be unaware of wf.msc for finer-grained control of the Windows Firewall, especially useful on enterprise networks combined with Group Policy. Fifth, you also neglect to mention that WF has the capability to block outgoing connections (and can alert/prompt the user when this happens). Ultimately, regardless of the software you decide to use for secure computing, the user's actions trumps all system protections in place. While I enjoyed your "Windows Defender in 2021" video, this is just nonsense and bad advice all around.
This "test" is absolute garbage and you should be ashamed for posting this kind of bs. Yes, the integrated Windows firewall is not great, but you used an EOL, unpatched, Windows 7 version with not even Windows Defender installed and UAC disabled. No one should take this as advice for anything. Now try this again if you have the balls with Windows 10 1909, UAC enabled with the latest updates installed and Windows Defender (it's on by default). And yes, the first thing I always do in any system is to install Kaspersky Cloud or ESET Internet Security.
Oh no, another "security" YT channel where someone who has no idea how actual security works gives advice to the ignorant masses, LMAO. The only good part in your video is the one presenting those simulation sites, that's really cool. Other that that, the rest is pure nonsense. Why: - the malware you presented didn't "disable" the Windows Firewall, it just added a rule in the firewall that allows the malware to connect online (sure, the effect of this is basically the same as disabling the firewall altogether in this case, but still, the firewall was NOT "disabled"). - as others pointed out already, using a regular user account instead of an Administrator one would have made the issue you talked about IRRELEVANT. - the biggest mistake you made and the reason for my post, claiming a _standalone_ firewall shouldn't be used by running a threat that would have been instantly stopped from running by your ANTIVIRUS realtime protection in the first place is downright disinformation and possibly shows your ignorance in "security" matters. Identifying local threats on your computer is NOT the job of a firewall, it's the job of the antivirus, period. There are tons of legit software that add rules in Windows Firewall for themselves using a similar CMD or PowerShell script, so that feature is there for a reason - it takes a good antivirus to identify whether a piece of software is allowed or not to run or make that modification, the firewall is all about an aditional layer of protection and is meant to run alongside other such layers, not standalone. A good approach to security is simple, and involves MULTIPLE steps, not just one: - try to update main software regularly (personally, I wouldn't rate this as critical, since the rest of the measures usually help in "covering the cracks" in this one, but then, this is "trendy" and heavily promoted nowadays since it not only helps the user, but also ... the commercial aspect of the producing company, LOL) - try to run stuff from a regular user account and not an administrator one (again, not really critical IMHO, other steps and some reasonable understanding of how stuff work helps in not shooting yourself in the foot on this one) - a good antivirus (I consider ESET, BitDefender, Kaspersky the best here, but others are almost as good too) - a good firewall (yes, I prefer 3rd party solutions here too, preferably "security suites" that include both an antivirus and a firewall, but Windows Firewall is not bad here, though not quite at the level of a 3rd party firewall ... as long as you take care of the other steps, of course) - a good browser extension to only run Javascript and such on demand, for "trusted" sites (e.g. uMatrix, uBlock Origin for Chrome or similar extenstions for Firefox; this is often overlooked, but it's quite important, since it's one of the first layers of protection when it comes to online malware) By the way, I'm not a fan of Microsoft or Windows Firewall, but the video is seriously misleading and ignorant from a security point of view. It's like complaining that a baseball bat doesn't stop a criminal with a gun in your house ... but you're the one that opened the door for him (and his gun) in the first place.
Windows Firewall is actually behind many of the commercial firewalls. Your argumentation is very bad since admin can do ANYTHING in Windows. Including opening holes in firewall or even turn it off? Same way you could argument that don't use AV since they can all be uninstalled using admin rights. Well yes. They are ADMIN RIGHTS.
This seems to be windows 7, which isn't supported anymore. Try on windows 10. Also, anyone seriously concerned with security would be running Linux, not Windows. So instead of going "dont use windows firewall, use another firewall you have to pay for" you should be going "Don't use windows, switch to Linux".
Dude... You are still using Windows7??? It's 2020! Microsoft doesn't support it anymore. Make your "test" with an actual OS like Windows 10 and we will see if the results are the same. I doubt it. You said we should use "another" firewall. It would be interesting if tests with this "another" firewall would be different. Who says that other firewalls don't have the same behaviour?
Hmm not to sure what to think about this video. So statement a) do not rely on your Windows firewall b) have you firewall separeted from windows Both statements are true, however isolated and therefore lead to a wrong conclsion, namely c) disable the forewall. Why? At home you have in 99% a firewall in your router. So you are not at risk, and can leave it as is. At public windows firewall provides more protection than no firewall at all. At least to me, the headlien and the video give th eimpression of: "Disable windows firewall" What is missing is: Use somehting else, if you are not at home!
"Any software other than Windows Firewall will probably fare better" True, but it's not because they're better firewalls It's just because they're less popular It's like saying MacOS is less vulnerable to viruses just because virus developers don't target it as much This is misleading
Ok so we now know Windows Firewall sucks it's what I been using on my Win10 desktop..... ughh. However I do have "AiProtection Powered by Trend Micro" turned on in my ASUS router so there is that at least. My question is what software firewall do you recommend? It would have been great if ended the video with a top 3 recommendation or your number 1 pick!
1. you tried this on a 12 Year old OS which is not supported anymore! 2. never ever should your "everyday" Acccount have local Admin rights! so this video should be called "Why you shoudn't use Windows 7 anymore" or "Why you shoudn't have local Admin rights"
You're showing this in May of 2020 and your test system is Windows 7... Yeah, nice test ... on a deprecated system ... that a very small percentage of normal users is still clinging to. If you can demonstrate the same issue on fully updated Windows 10, I will consider this more seriously. Otherwise, I will call your video misleading.
what's the difference between registered and non registered domain with PAGE NOT FOUND 404 message? can you explain I can't find the info, how to distinguish them?
This video have misleading info. If you have user account control turned on within a standard user account the virus will not be able to create a firewall rule with a simple command, because it requires administrative privileges. So if you have the user account control settings at maximum (Always notify or Default) any action which requires administrative privileges (like adding a firewall entry for instance) will not be successful without explicit permission: You will be prompted to click "Yes" even if the program is run on background. The task shown from minute 1 to minute 2 is not realistic. The rest of the video is just fearmongering.
Author is naive. If someone has total control over your host... guess what? They have total control. With that said, there is a reason why you should have "more" with regards to packet inspection, configuration change detection, anomalous behavior detection and the unicorn non-exploitable higher level firewall. "Want a million dollars? Step 1. Get a million dollars."
Sorry to say but this video is a bit misleading and can make some people disable Windows Firewall when they shouldn't, Windows 10 Firewall is better then any FREE Firewall solution that you can download, sometimes you make it worst by installing some 3rd party software out in the wilderness. Please change the tittle to "Why you shouldn't just use Windows 7 Firewall". There is a lot of stuff you say on this video that isn't right.
The end say not trying to bash Windows Firewall. But that is not even a question when it comes to objective reporting. The question is whether or not users should simply disable it and use something else.
touch wood i never have problems using windows defender and firewall, i have Malwarebytes and Glary Utilitites, im always using my pc 24/7 have done for the last 15 years...... i litterally never have any serious problems, i admit defender was useless in windows 7 and XP used Avast back then when Avast was trusted that is! not anymore!
i was using kaspersky total fiewall before.. no detections... clean system now using mcafee total firewall... i get many warning - blocked unsafce connection is it true that kaspersky failed to detect or mcafee is false signals 🙄
Don't use Windows Firewall, Just stick to those antivirus suites that you're used to, I guess on the other hand, it's better than nothing at all, But, I'd get something better fast...
I use Private Firewall, It is not being updated any more since 2015 I believe, but I don't see any need for it to be updated. I would love to see The PC Security Channel test it against Ransomware, like he did with the Comodo Firewall...PLEEEEEEESE?!?!
Ok the video is valid to alert those who use windows 7 but even if the virus systematic is similar to Windows 10 it does not mean that it can make the same changes in the new Windows 10 Firewall, so I give negative to your video because if you want to demonstrate something that demonstrates it in the new on windows 10 that has many new features and artificial intelligence every day more implemented even on the firewall of it. I accept your video and congratulate you for showing us the architecture of a virus sticking through the windows 7 firewall, but its interpretation does not match the reality of windows 10 until it proves the opposite. Before staying there already saying that many are talking and questioning why you did not on windows 10 I ask you why ?? do it in Windows 10 and show us that it would be the same interpretation until then I will keep my disliked in the video ..
Why are you using Windows 7 for this? Isn't Windows 10 the operating system that most people use nowadays? Anyways aside from that, keep up the good work!
How come you did not use windows 10? It is weird cause in 2020 you make this test on a older version of windows that is not supported anymore, that is like testing an antivirus, and not updating the database! Try the same test with windows 10 for a reliable result, not a fan of windows firewall or windows defender, using Bitdefender on my main system, but this test, is unfair!
This is not a Windows Firewall issue at all. This is an issue that could apply to any software firewall if running Windows as an Administrator. It could also apply to MacOS or Linux if you are stupid enough to operate as the Root account and run a malicious script.
Instead of telling people not to use windows firewall as a blanket recommendation just for easy clicks you could actually at least pretend to care a bit about their security and advise them to switch from the now unsupported windows 7 you had to use to showcase this attack, to windows 10 which is what the vast majority of windows users are already using. Because installing windows 10 is an automatic and instant security increase.
Lot of people in the comments are talking about netlimiter. I don't know what it is but it seems popular. Can you do a video on netlimiter? How effective is it with this malware stuff? Please do a video on netlimiter.
SPHINX Windows 10 Firewall Control ? www.sphinx-soft.com/Vista/index.html still windows firewall except you decide what's allowed or not, also you have an easily accessible events, connections, app list, you can make it block everything by default, it will break your games for sure, until you allow them as games love to try and connect to the internet without even asking you or even being visibly launched which sphinx won't allow
While hardware firewall is very good, when on the go, it is difficult to use a hardware firewall on, say, public transport. Relying on tech to protect people from doing shady behaviours online is just not going to go well. With all that being said, some recommendations other than using hardware firewall would be nice.
hm you say that Windows Firewall is not effective BUT than you just go ahead and assume that other Firewalls will do better, why not test it? Why make some assumptions when you could easily test it? do you hate Windows so much?
I have always used what comes with windows, and not one time in the last, oh.. 15-20 years, have I ever had a problem. Dont go to shady websites and you wont get shady presents.
Well, the malware can in this case kill any antivirus you have running using Command lines. So, the moment you give admin rights, you're screwed regardless.
The content of this videos actually makes no sense to me. When you or any malware tries to add a Windows Firewall rule, a UAC dialog will pop-up. It can't do that without it. In case you confirm that dialog, no firewall would be able to protect you anymore. Malware can shutdown any firewall with ZwTerminateProcess.
@@arisu7397 I must say, I've never seen any "factory setting" set UAC off by default (assuming they are pre-installed Windows) it's all the "user" saying that "It's annoying so I disable it", which is just, you know, user error.
This video shouldn't be *misinterpreted as advice not to use any firewall* especially if you're using a laptop and connecting to random Wifi networks.
Also, since everyone is asking why I ran the sample in a Win 7 environment (yes, this happens the same way in Windows 8/10). The purpose here isn't to bash Windows Firewall.
It is a demonstration of the problem with a security model relying on the firewall on the same system the malware is executing from a cybersecurity perspective with real backdoor example.
What the hell is this about? This setup can only work if the user you run this under has actual admin rights... and if it does then ANY solution is purely gimmick.
What are you trying to teach here other than you not being aware of what an administrator is...?
Please upload another video doing the same procedure but with the user being an actual user...
And yes, UAC / Admin will stop this kind of bs - and if it did not (due to other exploits stacked, privilige escalation issues etc.) then ALL other solutions aside from a hardened and unexploitable (lol good luck) hardware firewall with DPI and other layers on top will not stop the threat either.
So in summary your video says: basic threats will be dealt with unless you're being hacked by the FBI - and if you are... well... nothing will stop the attack. In the worst case people will just visit you, smash your teeth in and kindly ask for the password again. Get REAL.
To ensure people don’t misinterpret it, you could change the title to “Why you shouldn’t rely on Windows Firewall”
How about using Windows Firewall Control? - binisoft.org/wfc
Honestly the firewall doesn't make that much differnce on a local LAN. It's more for hosts on the public internet that are being continuously scanned for vulnerabilities. You could very well disable it and it wouldn't make any difference. You are already behind a NAT firewall, your home router. And the host-based firewall in windows is designed for programs that run with administrator privilges can create exceptions for itself.
So don't use an account in the Administrators group for everyday use? Then malware running as that user won't have the elevated privileges to run netsh and compromise the Windows firewall. Am I correct on this point? Of course, an (additional) external firewall is still preferable, but on a mobile device, you have to use what you've got available.
You should do a video on the best Firewalls available.
I use ESET and it has been fantastic! Not just for the OS but for email and everything that comes into the system. Worth every penny in my opinion!
Netlimiter is very satisfying.
Yes please do!
Comodo is a good choice? I used it for a while.
Windows is the best.
please make more videos about malware analytics techniques , and it will be much better if you make a series from beginner to advanced.
your channel is really great
thank you
Shouldnt windows always ask you when a program tries to add a rule on the firewall?
If uac is turned off and the user is silly enough to have their account run as admin or if the uac did pop up and they clicked yes when they initially launched the file
Yup, UAC and exceptions to the firewall are requested.
Yes it's a domino effect when the user runs at all times as local admin with UAC off. In this case using Windows Firewall is the *least* of security concern. Interesting walkthrough a Trojan but I dont get the point of this video and may be dangerous if viewers misconstrue this as turning WF off!
Blokka Nokka if you have uac turned off and running as admin then it will do what it wants
People usually just elevate the original malware executable without checking what it is when they run it initially. After that there's no more prompts because it has access.
So, I've just never heard of that site until this video. It's very interesting to see what it can do. Are there any other sites of this type that you are aware of? Maybe you could do a video on such sites which you think are beneficial to people interested in cyber security. Thanks.
Virus Total is THE website for these things, it was bought by google long ago and has a massive database, if there is any other website I doubt it's any more powerfull.
@@TheFPSPower I am pretty sure he meant app.any.run
Don’t run as a administrator. A limited user can’t change firewall settings. Thus the script won’t be able to either.
However, everyone with private desktops and laptops are kinda screwed.
I think he used administrator to demonstrate the market consumer average when it comes to Windows usage, which are often the common home usage Windows.
@@BreadMan434 So the title of this video, and most of his other video's should probably be "Why not to run Windows as an Administrator"
Most of the time software installers require admin rights. They can easily do this trick then.
@@psychcisco then they should also have the operating system labelled. As well as installed updates and OS versions.
And really, it shouldn't need to be said.
Every laptop in the world is sold to automatically set up your primary account as an Administrator, and every PC is preferably set up as one.
And this is primarily a problem caused by user account control, antivirus and firewall permissions.
If you're currently running a non-administrator windows, I have no idea what you're doing
I used to have deep freeze but the problem is it burns out the read and write of HDD platter disk in the long run but good against virus that overwrite the system very effective, if you know how to use it, just dont use a virtual disk as a storage, use a second physical drive,
You are testing your assertion using Windows 7 32-bit, which has entered end-of-life Jan-2020 and has not been receiving any meaningful updates for quite some time. It would have been more relevant if you run this experiment on an up to date Windows 10. Then see that the assertion you make does not hold true, at least for this test.
UAC was supposed to protect against that. But people kept complaining about annoying prompts so Windows made the default security level for never OSes "medium" which doesn't ask about built-in programs running with Admin priviledges. Instead they now use safe screen stuff that looks a program trying to run on up on the internet to determine if it should display an additional prompt.
Basically just turn UAC to high first thing on a new PC and never have an issue like the one displayed.
Since more and more people are running smartphone devices, I was just wondering if you could make in the future a video about Antivirus software for Android/iOS?
Bitdefender free for Android
Agreed. Placed all my bets on Dr. Web being good / pretty decent as well.
@Dex4Sure well.... There was some instances were devs put malware and bypass Apple/Google protection. And don't get me started how many times ios
users were attacked by hackers using exploits.
@@БрухБрух-щ7и Yeah and its been real bad recently for android anyways... ( it's almost like google don't give a **** ) I don't know too much on apple as I don't hear as much about them. ( side note . . I'm not a fan of Apple and their crappy broken products ... Customer: Something broke/ not working? Apple: Buy a whole new computer )
all are scams, stop downloading pirated pr0n and you won't get viruses.
Can you do a video on how to get a router level firewall? I know it would be different for each router but it would be helpful.
Definitely I'll add it to my list after seeing the comments in this video. ;)
@@pcsecuritychannel I'm not sure if a Raspberry Pi would be useful for that, since solutions like PiHole exist for other purposes. Just a thought for the video.
@@pcsecuritychannel yes bro I approve of that request too!!
All routers have their own firewalls. Just read the manual and block the ports you don’t need. Anything coming in is wise unless you really need it.
@@abandonedmuse My modem router combo from my ISP is really basic and doesn't have anything like that. If I go in the setting there is nothing for firewall but my cousins they have a different ISP and they have firewall options and stuff.
Someone clearly has a rather limited knowledge about firewalls and security in general. As an IT security guy for over 17 years this was quite painful to watch.
True, no vector just payload on a simulator
Try it on Windows 10...
Yeah!
@Dex4Sure of course windows defender would be turned off when using third party av.
"Download his friends and have a party on your system" 🤣
Well so what should we use?
As suggested in the video, a hardware firewall is preferable, though that is pretty benign advice.
A better (i.e., more possible/likely to be done, not "superior") suggestion, also in the video, is to have some other software firewall. Generally this will be bundled with some antivirus software.
Comodo firewall free, but good luck trying to find the correct download, nowadays the official web tries to spam you with "Complete Antivirus with Firewall" not the "firewall free" I am telling you.
eltate it doesnt have official website?
@@el_tate Took me the best part of 2 seconds to find it. I googled "comodo free firewall" and got this link www.comodo.com/home/internet-security/firewall.php
@@el_tate Okay so I retract my comment slightly, but it does appear that to get the firewall you need to install the AV product as well. I wouldn't say thats too bad considering comodo AV is actually pretty good.
so how does this malware obtein premissions to change firewall settings? doesn't that need admin perms?
If you use exploits, no (most of the viruses do)
@@ptyxx I see, could you point me somewhere I can learn about how such an exploit might work?
@@nitaihat12 Just look at CVEs
And of course it requires admin privileges. As much as I appreciate this channel, he often seems to blatantly skip things that would make you worry less. This might be either due to him targeting less experienced users that indeed shouldn't get a false sense of security with all the malware out there, or if it is to help sales of security software. If you are an experienced user, you can spend less money on security software and instead just keep your eyes open. But sure, don't do as root.
Powershell injection Set-MpPreference -DisableRealtimeMonitoring $true
Why would you do this test on WIndows 7?
A lot of people are still using this version of windows
@@lukasvincourcz7043 May be true, but thats actually their problem. Microsoft even released Windows 10 for free at first and clearly said that Windows 7 won't get supported anymore after some time, as every older Windows version. So I really don't see the point of making the test on an outdated windows version... Hope you get my point.
Just a note: to this day W10 is still free if you have a Win7 license
@@brunopaquin5637 While true, one should NEVER update to windows 10 through an already installed windows 7.
windows 10 should ALWAYS be installed fresh from scratch and never as an update. my friends and hundreds of people I know have gone through hell doing it that way.
then weeks later microsoft themselves posted on their website saying the same thing. And I only use windows for pc gaming.
@@TwstedTV agreed, but since 1909 you can install from scratch and activate with a win7 key
Doesn't f-secure use a modified windows firewall?
I think the point of the video was to use "security through obscurity". In other words, If you switch it up and use a different firewall the malware likely won't be written to specifically shut down that alternative firewall. If you are using common applications (MS Office)/OS (Windows)/Firewall (built-in) your system is what most malware are designed to attack.
@@sooocheesy People are better off just purchasing a tiny mini PC, with a cheap CPU, but not too old.
and install Linux OS as the host-OS of that Tiny / Mini PC and then install OpenSense or pfSense with Saracata, and place the tiny / mini pc between the main computer
and the router. You can get some pretty awesome protection.
A list of good firewalls would be nice. Also what kind of system do you use to test these? What Linux distro do you like?
Why is this so misleading? Executing the "netsh advfirewall firewall add rule" requires elevation, so unless you disabled UAC you will be perfectly protected by Windows firewall. Also it seems that in order to execute the Fire.exe you would need to disable the AV as well.
That video is misleading, you skipped the vector part which can be easily blocked by the firewall.
cmd.exe needs administrative privilege to run firewall commands, so never disable UAC.
I use "Windows Firewall Control" from Malwarebytes.
is it good for something?
It’s a good add-on for the system firewall. There will be many requests for creating rules, but this will improve system security.
Couldn't you just... set up a standard user account and use that for everything and require separate admin credentials?
That said, I have glasswire on my desktop. It uses the Windows Firewall, but you can set it to ask to connect. So it blocks by default requiring your input to accept. It also provides a quick snip of where the application is connecting and its rating with Virustotal. It's kind of hands on at first, but once you figure it out it is pretty helpful at identifying shady programs. It does a whole lot of other things but I mainly like it because it makes managing the Windows Firewall possible.
1:02, This wasn’t fair. Windows 7 is EoL. Please do a test on 11/10 for fair!
How do I stop it from blocking my game bruh
Now why don't you try using an Operating System that isn't discontinued. Windows 7 isn't supported anymore.
Because Win10 means $$$ on any.run, easy as that.
In theory, would UAC settings and/or running the OS on a non admin account prevent the malware from using cmd to add the rules?
yes but if u click yes on the promp the same would happen
I see you’re using Windows 7 in the virtual machine. You probably shouldn’t use this at this point as it is no longer supported. You may get a different result in Windows 10 defender/firewall. I use MacOS so this won’t happen to me. Saying another software firewall might’ve worked isn’t saying much unless you show it working. As well as router firewalls which I believe I have. What is the likelihood of this happening if you avoid sketchy sites I would say don’t lose any sleep over it.
That's not the point. The video about malware on a system using access to CMD to edit Firewall rules, the same can happen in Windows 10.
The PC Security Channel Microsoft may have issued a patch for this except they ended support in January and this cane out in April so there are no more patch Tuesday patchers for win 7. The last patch Tuesday for win 10 was on May 12 so it would be worth testing an updated windows 10 install to see if this works. In practice don’t visit any malicious sites to avoid something like this.
@@abc123fhdi In the best case it will present as a notification. Do you know what happens when your average user is presented with a notification? "Yes" "Okay" "Continue" "Accept" "Confirm" etc. :/
@@advertslaxxor That's not a failure of Windows; that's a user error, and no firewall can prevent ham-fisted users who are itching to mess everything up.
@@pcsecuritychannel Did you test it on Windows 10? You used an OS that's EOL, and it's successors have had major overhauls in the security department.
Why not using windows 10?
Yes, windows 10 has the same problems?
@@RWBY Right? I wonder why TPSC didn't think about it. If you are testing, you need to have consistency. And that would be a REALLY stupid step from Microsoft to just let any program control Firewall, especially now that they invested so much money and time in Defender. And well, if the user gives it Admin right... then they are screwed. BUT TPSC didn't mention that - he just said that the problem could do it by itself, which is not true. That program needs admin rights.
Because I'm just demonstrating a basic point about security model which is independent of OS, be it Windows 7/8/10.
For everyone saying it requires admin access, sure, but most malware/ransomware executes with admin access anyway, be it through privilege escallation or user grant, if you watch TPSC often you know this already. My objective is to make people aware of several cybersecurity scenarios. If you take it as a universal bashing of something, that's on you.
@@pcsecuritychannel want you to run it using the latest version. Since win 7 already expired. Need to show to anyone that say default windows protection is enough
@@pcsecuritychannel Yeah but if the malware executes with admin access anyways, which is not always the case but have it your way. The point is, there is no software firewall product that is going to protect you against this or with other words windows firewall does not do less of a job than other firewall products. So he's right, this video is a joke and you are mispresenting information. Also who says a hardware firewall will deny this traffic, depends on how you set it up.
You assume you are a local admin here. So this is not realistoc demonstration. Your trojan executed will not run first if you have Smart Screen enabled and Real Time protection with Tamper protection.
Also, any other firewall, if you have local admin on the box, then it is a done deal. It is pointless to demonstrate any attack vector on any system if you own the system. The most important compromise already done (Local Admin/Root).
Also, using Windows 7!! Come on!!
Exactly. He's thinking about Windows firewall like an application whitelister. If you run this trojan with local admin privileges, and if it managed to bypass the Windows Defender heuristic scan and behavior blocking, it can already do anything on the system.
Honestly I don't see the point of this video. Most users setups don't need a firewall (software or otherwise), because their behind a router doing NAT for them, so unless the malware can open ports in the router they are protected. There uPnP of course, but the whole premise of the video is wierd. It's not whether your firewall is good or not, it's about running untrusted software and the correct use of UAC.
How will this work against Windows 10 Firewall?
Title: You shouldn't use Windows Firewall.
Me: He said nothing about Windows Firewall with Advanced Security.
There is a software (more like a gui) called Windows Firewall Control. It has an option called Secure Profile that deletes or disable any firewall rule that was not created using that software, even if created using cmd running as admin. But I'm not sure if it is that secure. It's now owened by Malwarebytes too.
And I double down on asking you to do a video about good firewalls =)
isn't the point fairly mute?
There are only so many & they all have shutdown commands via command prompt/powershell.
My argument with this isn't [it's better to use a network firewall], it is what it requires to run.. if you're talking about privilege escalation or snuck into some installer or the user is just that stupid to hit yes.... Then a firewall wouldn't be doing much anyways.
to be honest, this comes off as .... ass backwards. Ya, if we're honest a malware could as easily uninstall popular anti-malware/virus, firewall programs with elevated access as well.
The point made is .. done so in a vacuum ignoring that software firewalls on the infected systems are not trustable or reliable because malware has likely gained or been given admin access.. and adding to the 'do not use windows firewall' as a headline is fing moronic as it will do nothing but mislead people whom don't get the concept & whom only have experience of 'router firewalls' being from their ISPs & that suck donkey ass in control ability & limited ability to set finer rules that often interfere with baby first servers.. which include MP gaming servers. [which takes my tech literate friend minutes to actively resetup even a minecraft one, and luckily it doesn't use normal ports so that it doesn't conflict with other things]
A Hardware firewall would be pretty neat for people sure, but the problem comes in... most wouldn't know wtf to do & how to set it up, let alone think it's worth the cost ranging 50-120$USD, to 300-600$ USD, & broaching 1k+$ USD.
i've a feeling that if more videos like this come out... MS will likely disable CMD & PS access to the firewall, which does nothing but harm users as the API access is still there & that doesn't stop other methods of disabling a software firewall either.
Nope.
I have never seen malware with built in commands to add rules to other software firewalls, while I'm sure some may exist, that does not make refute the fact that this is a de-facto command for any backdoor trojan.
Regarding the cost of hardware firewalls again, a false dichotomy there, several routers these days come with firewall functionality, not to mention the existence of PFSense.
Plus, as I said in the video, I'm not insisting that everybody shouldn't use Windows Firewall, just pointing out how it will rarely actually help most people against malware and instead just add an annoying alert to their day every couple of weeks. This is all very practical information. I just demonstrated a scenario. People are free to use the information as they like.
"Why you shouldn't just use Windows Firewall". Does this post also apply to [Windows 10 Firewall]?
Trust MS to call their paperwall a firewall.
1:30 *SERIOUSLY WTF!!!???*
Why doesn't that command AT LEAST require some kind of password to execute!? (as a parameter or a separate popup window or something.)
Because he's using an unsupported OS. Windows 7 is End of Life since Jan 2020
@@tropolite
Not really the point, this SHOULD have required some kind of password FROM THE START, or at least been patched soon after.
If you are someone who use the Windows Firewall at least in a corporate environment, one other thing you can do is use a GPO to control the Windows Firewall and tell the firewall to ignore any locally made rules. Is not a guarantee obviously but would provide some minor to moderate additional resistance to this attack. Ideally though, ya you want a hardware firewall that can actually scan into the packets and an IPS on the host that will run hashs against executables.
I thought the default config for a router firewall is to deny unsolicited incoming connections and allow outgoing connections. I don't see how that is better, unless you have a default-deny policy for outgoing connections and you are obsessively white-listing domains you visit in your router. This is fine if you're in a corporate setting, but I don't want my wife nagging me 20 times a day to add new domains to the whitelist while she's shopping online for nicnacks and dodads.
Doesn't netsh command require admin privileges?
Tip: use linux, you need a root/admin password to do rules in firewalls
actually windows 10 as well as windows server 2003 have basically the same firewall and most malware that affected server 2003 surprise works in windows 10 i highly recommend another firewall program as well as anti malware and anti virus as well
Well obviously you use an anti virus software preferably with a firewall or one that modifies the Windows one, but you are right a firewall in the router would be the better idea, some internet providers also have firewalls at their base which seems to become more and more widepsread.
I would really like to see you explore more GNU Linux safety aspects etc, interesting to see which are really more secure, with or without AV.
I use Private Firewall on my laptop. It lets nothing through that's not part of the operating system and lets you know if something is trying to get onto your system. It's a learning curve to use it.
Leo, i have bitdefender antivirus plus edition which doesnt have firewall, i dont want to use windows firewall, any recomendation for firewall that can installed with bitdefender antivirus plus?,P.S.: sorry for bad english
Comodo firewall, tinywall, simple wall, zonealarm firewall
This video is absolutely misleading. Disabling Windows Firewall requires malware to have administrative privileges. But if malware has them, it can disable ANY SOFTWARE FIREWALL that you are running on the same PC. Of course buit-in firewall is much more common and because of that is targeted first. But if you are using ANY OTHER software firewall in the same situation you are BY NO MEANS SAFE.
This video is clickbait and misleading in so many ways.
First and foremost, you ALLOWED the netsh command to be executed as a privileged user; are you going to make a video called "Why you shouldn't use UAC" next? Second, it's entirely possible that any replacement firewall software you deploy on the host will also allow CLI or registry control to stay under the radar. Almost every third-party firewall device allows outgoing connections by default unless explicitly blocked. Third, an "external" firewall running on a separate system won't do any good if the malware communicates on common web ports (80, 443) which was the case. Fourth, you seem to be unaware of wf.msc for finer-grained control of the Windows Firewall, especially useful on enterprise networks combined with Group Policy. Fifth, you also neglect to mention that WF has the capability to block outgoing connections (and can alert/prompt the user when this happens). Ultimately, regardless of the software you decide to use for secure computing, the user's actions trumps all system protections in place. While I enjoyed your "Windows Defender in 2021" video, this is just nonsense and bad advice all around.
My firewall: windows firewall has blocked some of the features of this app
Me: oh- WELL AT LEAST MY FIREWALL IS WORKING 😃
This "test" is absolute garbage and you should be ashamed for posting this kind of bs. Yes, the integrated Windows firewall is not great, but you used an EOL, unpatched, Windows 7 version with not even Windows Defender installed and UAC disabled. No one should take this as advice for anything.
Now try this again if you have the balls with Windows 10 1909, UAC enabled with the latest updates installed and Windows Defender (it's on by default).
And yes, the first thing I always do in any system is to install Kaspersky Cloud or ESET Internet Security.
Oh no, another "security" YT channel where someone who has no idea how actual security works gives advice to the ignorant masses, LMAO. The only good part in your video is the one presenting those simulation sites, that's really cool.
Other that that, the rest is pure nonsense. Why:
- the malware you presented didn't "disable" the Windows Firewall, it just added a rule in the firewall that allows the malware to connect online (sure, the effect of this is basically the same as disabling the firewall altogether in this case, but still, the firewall was NOT "disabled").
- as others pointed out already, using a regular user account instead of an Administrator one would have made the issue you talked about IRRELEVANT.
- the biggest mistake you made and the reason for my post, claiming a _standalone_ firewall shouldn't be used by running a threat that would have been instantly stopped from running by your ANTIVIRUS realtime protection in the first place is downright disinformation and possibly shows your ignorance in "security" matters. Identifying local threats on your computer is NOT the job of a firewall, it's the job of the antivirus, period. There are tons of legit software that add rules in Windows Firewall for themselves using a similar CMD or PowerShell script, so that feature is there for a reason - it takes a good antivirus to identify whether a piece of software is allowed or not to run or make that modification, the firewall is all about an aditional layer of protection and is meant to run alongside other such layers, not standalone.
A good approach to security is simple, and involves MULTIPLE steps, not just one:
- try to update main software regularly (personally, I wouldn't rate this as critical, since the rest of the measures usually help in "covering the cracks" in this one, but then, this is "trendy" and heavily promoted nowadays since it not only helps the user, but also ... the commercial aspect of the producing company, LOL)
- try to run stuff from a regular user account and not an administrator one (again, not really critical IMHO, other steps and some reasonable understanding of how stuff work helps in not shooting yourself in the foot on this one)
- a good antivirus (I consider ESET, BitDefender, Kaspersky the best here, but others are almost as good too)
- a good firewall (yes, I prefer 3rd party solutions here too, preferably "security suites" that include both an antivirus and a firewall, but Windows Firewall is not bad here, though not quite at the level of a 3rd party firewall ... as long as you take care of the other steps, of course)
- a good browser extension to only run Javascript and such on demand, for "trusted" sites (e.g. uMatrix, uBlock Origin for Chrome or similar extenstions for Firefox; this is often overlooked, but it's quite important, since it's one of the first layers of protection when it comes to online malware)
By the way, I'm not a fan of Microsoft or Windows Firewall, but the video is seriously misleading and ignorant from a security point of view. It's like complaining that a baseball bat doesn't stop a criminal with a gun in your house ... but you're the one that opened the door for him (and his gun) in the first place.
Windows Firewall is actually behind many of the commercial firewalls. Your argumentation is very bad since admin can do ANYTHING in Windows. Including opening holes in firewall or even turn it off? Same way you could argument that don't use AV since they can all be uninstalled using admin rights. Well yes. They are ADMIN RIGHTS.
This seems to be windows 7, which isn't supported anymore. Try on windows 10.
Also, anyone seriously concerned with security would be running Linux, not Windows. So instead of going "dont use windows firewall, use another firewall you have to pay for" you should be going "Don't use windows, switch to Linux".
Dude... You are still using Windows7??? It's 2020! Microsoft doesn't support it anymore. Make your "test" with an actual OS like Windows 10 and we will see if the results are the same. I doubt it.
You said we should use "another" firewall. It would be interesting if tests with this "another" firewall would be different. Who says that other firewalls don't have the same behaviour?
Hmm not to sure what to think about this video. So statement
a) do not rely on your Windows firewall
b) have you firewall separeted from windows
Both statements are true, however isolated and therefore lead to a wrong conclsion, namely c) disable the forewall. Why? At home you have in 99% a firewall in your router. So you are not at risk, and can leave it as is. At public windows firewall provides more protection than no firewall at all. At least to me, the headlien and the video give th eimpression of: "Disable windows firewall" What is missing is: Use somehting else, if you are not at home!
"Any software other than Windows Firewall will probably fare better"
True, but it's not because they're better firewalls
It's just because they're less popular
It's like saying MacOS is less vulnerable to viruses just because virus developers don't target it as much
This is misleading
Why are you testing Windows 7? It has been EOL’d. This would be more relevant if you tested with Win 10.
Ok so we now know Windows Firewall sucks it's what I been using on my Win10 desktop..... ughh. However I do have "AiProtection Powered by Trend Micro" turned on in my ASUS router so there is that at least. My question is what software firewall do you recommend? It would have been great if ended the video with a top 3 recommendation or your number 1 pick!
Back in the day, I used ZoneAlarm. Currently, I don't run a firewall. As I actually forgot how important they are
1. you tried this on a 12 Year old OS which is not supported anymore!
2. never ever should your "everyday" Acccount have local Admin rights!
so this video should be called "Why you shoudn't use Windows 7 anymore" or "Why you shoudn't have local Admin rights"
Excuse me but isn't this, assuming we run a malicious file first manually right?
You're showing this in May of 2020 and your test system is Windows 7... Yeah, nice test ... on a deprecated system ... that a very small percentage of normal users is still clinging to.
If you can demonstrate the same issue on fully updated Windows 10, I will consider this more seriously. Otherwise, I will call your video misleading.
what's the difference between registered and non registered domain with PAGE NOT FOUND 404 message? can you explain I can't find the info, how to distinguish them?
This video have misleading info.
If you have user account control turned on within a standard user account the virus will not be able to create a firewall rule with a simple command, because it requires administrative privileges.
So if you have the user account control settings at maximum (Always notify or Default) any action which requires administrative privileges (like adding a firewall entry for instance) will not be successful without explicit permission: You will be prompted to click "Yes" even if the program is run on background.
The task shown from minute 1 to minute 2 is not realistic. The rest of the video is just fearmongering.
Author is naive. If someone has total control over your host... guess what? They have total control. With that said, there is a reason why you should have "more" with regards to packet inspection, configuration change detection, anomalous behavior detection and the unicorn non-exploitable higher level firewall. "Want a million dollars? Step 1. Get a million dollars."
Sorry to say but this video is a bit misleading and can make some people disable Windows Firewall when they shouldn't, Windows 10 Firewall is better then any FREE Firewall solution that you can download, sometimes you make it worst by installing some 3rd party software out in the wilderness. Please change the tittle to "Why you shouldn't just use Windows 7 Firewall". There is a lot of stuff you say on this video that isn't right.
The end say not trying to bash Windows Firewall. But that is not even a question when it comes to objective reporting. The question is whether or not users should simply disable it and use something else.
touch wood i never have problems using windows defender and firewall, i have Malwarebytes and Glary Utilitites, im always using my pc 24/7 have done for the last 15 years...... i litterally never have any serious problems, i admit defender was useless in windows 7 and XP used Avast back then when Avast was trusted that is! not anymore!
Since i use a pirated version of Windows 8.1 pro, i have granted firewall control to Avast free anti-virus.
It is a good or bad decision bro ?
i was using kaspersky total fiewall before.. no detections... clean system
now using mcafee total firewall... i get many warning - blocked unsafce connection
is it true that kaspersky failed to detect
or mcafee is false signals 🙄
Don't use Windows Firewall,
Just stick to those antivirus suites that you're used to,
I guess on the other hand, it's better than nothing at all,
But, I'd get something better fast...
So what Windows firewall payed package is worth buying to the competition. This is if I have too sercumstance of being cheaper likely.
I use Private Firewall, It is not being updated any more since 2015 I believe, but I don't see any need for it to be updated. I would love to see The PC Security Channel test it against Ransomware, like he did with the Comodo Firewall...PLEEEEEEESE?!?!
I didn't care to check what channel. I thought, hey this guy sound like Leo. Keep it up, this channel is awesome!
Ok the video is valid to alert those who use windows 7 but even if the virus systematic is similar to Windows 10 it does not mean that it can make the same changes in the new Windows 10 Firewall, so I give negative to your video because if you want to demonstrate something that demonstrates it in the new on windows 10 that has many new features and artificial intelligence every day more implemented even on the firewall of it. I accept your video and congratulate you for showing us the architecture of a virus sticking through the windows 7 firewall, but its interpretation does not match the reality of windows 10 until it proves the opposite. Before staying there already saying that many are talking and questioning why you did not on windows 10 I ask you why ?? do it in Windows 10 and show us that it would be the same interpretation until then I will keep my disliked in the video ..
Why are you using Windows 7 for this? Isn't Windows 10 the operating system that most people use nowadays? Anyways aside from that, keep up the good work!
Iobit Malware Fighter 8 rc just came out. Would love to see some Iobit software tests.
How come you did not use windows 10? It is weird cause in 2020 you make this test on a older version of windows that is not supported anymore, that is like testing an antivirus, and not updating the database! Try the same test with windows 10 for a reliable result, not a fan of windows firewall or windows defender, using Bitdefender on my main system, but this test, is unfair!
This is not a Windows Firewall issue at all. This is an issue that could apply to any software firewall if running Windows as an Administrator. It could also apply to MacOS or Linux if you are stupid enough to operate as the Root account and run a malicious script.
Instead of telling people not to use windows firewall as a blanket recommendation just for easy clicks you could actually at least pretend to care a bit about their security and advise them to switch from the now unsupported windows 7 you had to use to showcase this attack, to windows 10 which is what the vast majority of windows users are already using. Because installing windows 10 is an automatic and instant security increase.
Correct me if I'm wrong but you can't add a Firewall rule if you are not local admin and if you are local admin you f... Up a long time ago
Lot of people in the comments are talking about netlimiter. I don't know what it is but it seems popular. Can you do a video on netlimiter? How effective is it with this malware stuff? Please do a video on netlimiter.
Windows firewall blocks so many things, like official games, things in msi afterburner and other stupid things
SPHINX Windows 10 Firewall Control ? www.sphinx-soft.com/Vista/index.html still windows firewall except you decide what's allowed or not, also you have an easily accessible events, connections, app list, you can make it block everything by default, it will break your games for sure, until you allow them as games love to try and connect to the internet without even asking you or even being visibly launched which sphinx won't allow
So what do you recommend? Also how do I get that test Trojan?? My ex. 😳 I mean I wanna “test” it in other firewalls 🤫
You should have gave some resolutions. As in firewalls that are available. But it was a good video thank you very much.
While hardware firewall is very good, when on the go, it is difficult to use a hardware firewall on, say, public transport. Relying on tech to protect people from doing shady behaviours online is just not going to go well.
With all that being said, some recommendations other than using hardware firewall would be nice.
Any comments on Windows Firewall Control? Malearebytes purchased it.
Right. Lets run Malware with admin privileges and expect nothing will go wrong.
I noticed that your using windows 7 firewall..... why not windows 10 firewall?
This firewall, is the best protection.
You should make a video of how to configure your firewall.
hm you say that Windows Firewall is not effective BUT than you just go ahead and assume that other Firewalls will do better, why not test it?
Why make some assumptions when you could easily test it? do you hate Windows so much?
Does this affect people who use standard account with admin separated? Can this get past UAC?
I use NetLimiter which allows me to control every program or application that tries to access the internet.
I have always used what comes with windows, and not one time in the last, oh.. 15-20 years, have I ever had a problem. Dont go to shady websites and you wont get shady presents.
Fair amount of false and misleading statements. But the content is out and some money on its way. Not too honorable, but pretty common.
Well, the malware can in this case kill any antivirus you have running using Command lines. So, the moment you give admin rights, you're screwed regardless.
This only happened if the malware can pass defender antivirus for windows right?
The content of this videos actually makes no sense to me. When you or any malware tries to add a Windows Firewall rule, a UAC dialog will pop-up. It can't do that without it. In case you confirm that dialog, no firewall would be able to protect you anymore. Malware can shutdown any firewall with ZwTerminateProcess.
in most systems UAC is turned off by default
@@arisu7397 I must say, I've never seen any "factory setting" set UAC off by default (assuming they are pre-installed Windows) it's all the "user" saying that "It's annoying so I disable it", which is just, you know, user error.
One of the reasons I'm using Zonealarm Free Firewall
I also used that but i decided to uninstalled it and just use windows firewall with windows firewall control
@@johnave4545 yeah that's what I'm using now