How to never accidentally run Malware: Must Have Windows Tweaks
2024 ж. 22 Ақп.
274 325 Рет қаралды
Most users still run malware accidentally thinking it is a pdf or a contract document. This video shows you some simple must have windows tweaks on how to not get hacked by your run of the mill infostealer or ransomware pretending to be a pdf contract. • When I accidentally ra... Try Malwarebytes with new features for free: mwb.link/4ay7nag (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact
file extensions should be enabled by default, the fact that it is even an option is a major windows security flaw.
The common argument I've always seen is that people may accidentally erase the file extension and thus not be able to open the file properly (unless they change it back). But in that case, make it so you can see the extension *but disallow you from changing it* (as the default). I don't know why or how that's not even an option.
@@osniko How can you expect such tiny little startup like MS to simply allow rename A file, not THE file. Of course they can't.
@@osnikoThis was an issue in the XP days, where the whole filename and extension was selected, but since vista the name part is selected and you must manually move the cursor to the extension part.
File extension doesn't have to be at the end of the file ,it can be in the middle, like apdf.exe can be exepdf.a
I'm okay with it being an /option/, but it should be an opt-IN not an opt-OUT.
I would argue it’s best to turn “ask me where to save each file” on because while it may be a little annoying, it will show you the file extension when you download it and it’s useful to ensure a site isn’t downloading files in the background.
This is about not instinctively open it in your browser by taking away the button if you don’t you still can
browsers these days actualy warn you if you download exes.
Great suggestion
I have on not just for that but I don’t want to clutter my downloads folder. I only use it for exe. The rest go into other folders.
@@rizkyadiyanto7922 does it? I have only downloaded trustable exe so I have yet to see that error
I highly disagree with turning off "Ask to Save" in browsers. Not only can it show the type of file you are even saving, it also can stop random files being downloaded automatically if you happen to click a wrong link, since it now always tries to ask about the file, overall giving the chance of saving you from even having the chance to click the file to begin with.
Maybe turn it off temporarily if you're scraping a ton of files from one site real quick, but ftmp, the daily driver setting should be to ask for any downloaded file.
I can see why he's suggesting this, because it creates the habit of you needing to open explorer before opening anything, meaning you WILL see the extensionand the type for sure (which many non teccy people don't), but yeah it's never a good idea to not be able to stop something to be downloaded.
Yup. What OP(Nonya) typed
Yeah I am using Chrome and it always shows the file type. If that can be faked too I'm done for.
@@ArkenGAMES File extensions can be bogus. Gotta check the magic and default program for each file type. The fact that 30+ years later this is still a problem because of basic computer knowledge being too troublesome to teach (not really) is a problem yet everything being computerized.
Worst thing Microsoft ever did was hide the file extension by default. Would that really have confused anyone? What they should set explorer to do is have all executable show up in an obvious contrast color or highlight scheme with a 'caution this is an app' identifier next to it. Make people look and go why is that highlighted like that.
Microsoft is owned by Israel, so nevermind clicking a pdf, if you're running Windows you're already infected with state sponsored malware
Wasn't it default in windows xp?
Could maybe show it separately or inside the file icon or recolored as well so that it pops out.
@@ayoCCExactly!, the question then becomes if you and I can see this almost immediately multiple people at Microsoft must have as well. They then decided that, no were not going to implement this obvious and simple fix. My question becomes, why? There must be some overriding motivation to not do this, I just don't see what it could be.
Directory opus does this, and sadly it is not cheap to purchase a license in some places
Showing file extensions is the first tip I would suggest, it would immediately distinguish between the 2 files in the video
Yes, why is this not step one in the video. The rest of the things are unnecessary.
@@chrisseal1467there also maybe file somexe.pdf that is actually an exe (som\u202Efdp.exe) with RTLO in filename, so showing file type in table view is a great tip.
I don’t think he’d have a very long video if he did that. I still found it useful, though.
And turning preview pane off..... it can execute malware jyst by previewing it
I'm fortunate I've never "accidentally" clicked or run an infected file and I've never been hit, personally, with a malware infection. Several of my friends have but I haven't. I think videos like this can really be helpful so thanks for posting!
The fact that you watched this video means you are not noob, so the probability of this happening to you is lower. You're not lucky, you're smart enough to use a pc unlike the majority of people.
Well you're obviously not reverse engineering enough malwarw
Send this to your grandma
Think before you click! And scan ANYTHING that you download from the Internet! Be paranoid about it, and opt for a guilty, until proven innocent stance! Works for me!
@@sdwone virus total is a useful tool...
I always found Microsofts idea to hide the extensions ridiculous, it was always shown in 95 98 and 2000 after all
That is the reason more of these attack are like this as normal users don't use the details view anymore
Most users don't know what it means anyway and they only get irritated
98 SE, hidden by default
@@tarwod1098 Nobody should use a computer without some basic knowledge.
Anytime I have to log into a new computer, I always turn on file extensions. It's a habit from using DOS, I think.. It takes me 10 to 15 minutes changing all the settings from default - because I hate most of the default Windows settings.
Yes! And many other tweaks, such as resetting registry values, will speed up windows, allow me to reset file locations, etc.
Adding to this, you can also use the group by type function for files. adding that clear separation that you can collapse and expand at will is very helpful
In our country we got bear issues - picking up trash. So they are trying to develop better trash bins. There was an article interview with one of the developer when he was asked question why he just simply do not make more sophisticated mechanism. Here is his answer - you know the boundaries between the smartest bear and dumbest human is pretty narrow. In other words if I set up in our company group policy to show file extensions in few days I will have a dozens of tickets on IT people complaining they cannot open their powerpoint, excel or word document, because during renaming process they deleted file extension.
Sub 80 IQ barely functioning brain 😂
That developer (a smartest bear?) could write a renaming function which prevents to change a file extension or at least warnings about it
Great video for security awareness! I just keep the "show downloads when a download starts" switched on so that I know when something is downloading when there shouldn't be anything downloading. Using this, I find out about the strange javascript downloads some sites drop on my computer. I've also been using all the other tips since a few years ago. I also scan files typically infected with malware like PDFs, Microsoft office files, and executables before I run them. Kept me pretty safe the past few years.
Excellent advice - thanks! Have made these changes and tweaks. Must get into cast-iron routine with downloads.
Some of these steps I've always done such as always open a recently downloaded file on windows explorer download folder. As I watched the video, I changed the view settings to show the extension. Very useful tips. Thanks.
Great video. That's why i always use sandboxie anytime i open a file or something I'm unsure of.👍
The thing is this method is to target unaware users, not just unsure about something. If you're frequently exchanging documents, you wouldn't be aware and never unsure about the file.
@@youravghuman5231 I agree. I was just pointing out what i use. Because i got a virus from doing it the normal way and it sucks.
It's almost like vms were made for it
good choice, sadboxie (-plus) is free and open source
file name extensions enabled is just in general a practical must for so many usecases. mostly to figure out what fileformats you are trying to open where or what they can, especially with photos or videos
Configuring windows explorer to show file extensions is the first thing I do after windows installation. Show type in the table view is also a great tip because of the RTLO attack.
And disabling preview pane, it can execute malware
@@samfkt Do you have any sources on that?
Excellent! Just subscribed. Everything makes total sense. Thanks
Thanks for posting this. :) Made a couple of the changes recommended.
Yes! These kinds of details for security are much welcome! Thank you!
The company who build my computer, must have seen your video. All settings where as you said. But thanks for making me aware.
Great tips 👍 Thanks too for giving a short glimpse of Malwarebytes.
Really useful, espeacially after I realized that just enabling extensions might make me even more vulnerable to tricks with rtlo characters in filenames
The only issue with removing the download prompts on an browser is if you have very poor internet connection, the user will not know if the download has failed and will not allow the user to have a chance to restart the download. On a legit file that is. Guess there is really no full proof way here. It also assumes that the user also knows the differences as well. An older person or person with very little computer knowledge will not know that difference. The true way is for the computer to be smarter than the individual using it with system policies and software that can prevent things like this from occurring. Still I do like some of the tips you provide here and thank you for tips!
I always set my machine to display extensions and file type and always View in Details. It really annoys me when LoseDoze changes it back to Icons or some other view for certain file types. It just wastes my time. {:o:O:}
Preview pane should be disabled too
Great video, Id only be hesitant to enable preview files since in some cases it was used to launch the malicious file
Awsome video! I already had vew file extentions on as i am a software developer and i like that feture already. Nice tips!
your videos put me right to sleep thank you so much. I haven't been able to sleep for the past three years and your videos fixed my sleep
This is brilliant I have learned how to protect and not accidentally open malware thanks
Great advice, thank you for sharing.
Very informative! Took me a while to figure out you must be in Edge (not Chrome) to change the download settings. Just wish it had been clarified in the beginning. Thx for the info!
Was surprised to see you showing off your sponsors older version of Malwarebytes v4 while it recently released v5. So what do you think of the new one, does it perform any better ?
Excellent video and tips! Thanks for sharing
Are you recommending Edge over Brave, with the normal default installation? And would you prefer to have Malwarebytes installed in addition of MS Defender or is Defender enough on its own?
Extremely helpful, thank you!
These very basic tips are invaluable even for advanced users.
This is very valuable. I use those settings for so long time I didnt even thought about it beeing a thing because thats just soooooooo basic things. I can also recommend to not use default browser with you critical logins. Use another browser
Totally agree with viewing file extensions before opening new files. But I prefer to use the browser’s download window where it shows the file with extension and I can choose to view it in it’s destination folder before running it. Eliminates a couple steps. And I often like to see download progress and keep track of where file is going. Seems like the browsers have already addressed these issues.. with a couple less steps.
I recommend change the setting of "File Explorer" to show file extension, and scan any file before open it using right click menu on a file.
by the way, to be able to have the black matter exe and to run it, did you need to disable windows defender? i wouldve thought that blakcmatter would be well known, so windows security would know about it and protect the user as much as possible? or is windows defender not reliable for keeping you safe?
Thanks for the recap, will go and double check. In the meantime, how about the UAC set up to the max, so if a text document wants to make changes to the computer I will not allow it? That's for my personal PC.
Really good video, viewing file ext is a MUST.
Excellent tips, I will share this with my friends.
As somebody who's studied network security and as a web developer who makes sure client's websites are secure and had clients get hacked before, I can definitely say these simple steps are a great first line of defense. May hacks like the one that took down Linus Tech Tips last fall could have been prevented just by doing these simple steps.
Since you studied network security, let me ask you this. Can I block port 443 and 80 on router without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled? I am getting a lot of DoS Attacks on port 443 when I check router log.
@@michaelferreira2651 Ask your question to google like this "without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled can I block port 443 and 80 on router?" The answer for your particular setup will be on the list of options. (I think probably port forwarding is the answer, but best to see what you need.)
thank you, had me 2nd guessing all my pdf's, checked them and im good but i put these good prevention methods that i looked. and personally i missed seeing extensions in my old pc
Great helpful stuff, thank you!
Another good video for malware security, thank you!
the fact that a malware attack happened RIGHT AFTER windows 95 turned off “show file extensions” by default and they DIDNT immediately switch it back is unbelievable
From where you download the Ransomware? I want to use to test some products for myself. Thanks in advance.❤
Awesome! Thank you for Sharing! 💯✴
You check the extension but even if they change the type, try opening it up in notepad Notepad never opens it up as an application, even pdf's open up as a pure text file and you can look at the contents header and see a pdf type in the file with pdf version number etc. An application will open as a text file, and you can quickly see the data section of the file and the payload etc, and you can then exit and delete the file
no one's be opening or analysing file contents in Notepad. impractical & cannot be understood
You mean a hex editor? If were going through that route might as well use the proper tool
1:41 the one on the right is slightly brighter, very obvious on the red and the top right corner of the page where it is folded
That is an amazing tips to learn. Should definitely inform our peers about these basic tips that could someday come in handy.
Some day? This has been an issue since WinXP. That they STILL haven't fixed. A simple change to the default behavior(back to what it WAS) would fix this instantly.
File extensions by default is a thing, but also remove the large icons viewing mode. Who uses that ? It's like asking for malware.
Thanks for the excellent advice!
Most important thing is that to make sure the computer mouse is functioning without any problems in its buttons because sometime if if you click one the file using your moue your mouse buttons got dirt between then there is a chance that you doouble clickj the file/application without noticing that you aleady did that, so the teporary solution is that you still can use your keyboard to move up/down with your arrow keys on your keyboard and when use your keyboard to investigate do normale task whether riht click or double click but with the keyboard capabilities, this will ensure that you don't make anyting wring by mistake to your pc.
Good suggestions. I already do this.
Is there any alternative program or file explorer where executable files are marked so we don't confuse them with other types? I think it would be an interesting way to stay alert
Simple but effective ideas to make your downloads safe to open. Thanks
thank you. I have win 11 and extensions were enabled but there were settings in malwarebytes I wasn't aware of.
Another awesome video. Thank you.
Thank you very much! This video is very important!!!
I always have "ask me where to save each file" on. That way i can see what I'm downloading before it even downloads. One time i clicked on a fake link that automatically tried to download something, thanks to my setting i could prevent that from happening
When using windows....first, go into Control Panel -> Folder options -> Disable "Hide extensions for known file types"
you think you could do malwarebyes vs bitdefender and kaspersky?
Thanks for great videos! Any suggestion for an antivirus for gaming in 2024? 🙏🏼
This is a nice reminder for me. Most users have no idea about shit that seems instinctive to me. I should share this channel with family...
Does it increasure secury even more by disabling running exe files in downloads? May prevent yt'ers from getting hacked
I think I have also seen, in the corporate side of things. Restricting applications or installers from running from inside of the Downloads folder. I remember a client where I had to move all installers to C:\Temp in order to run them.
Silly question but I thought I would ask anyway. Is it worth having Kaspersky Internet Security and Malwarebytes together on the same machine? Kaspersky wants to uninstall Malwarebytes , but I think both can co-exist as they detect different things but I am just curious.
I have great experiance with Malwarebytes pro and Win Deffender combo.
Probably because Kaspersky is enough and Malwarebytes is just using extra space for false sense of layered security.
I would check what is in the package. If you have a good security pack from Kaspersky, then say goodbye to Malwarebytes. Win Defender works perfectly with almost all 3rd party security software
Because you are a security expert, let me ask you this. Can I block port 443 and 80 on router without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled? I am getting a lot of DoS Attacks on port 443 when I check router log.
i agree about the extensions, it's amazing microsoft still hides those !
Good to know, thanks for sharing this.
Couldn't the preview window run script on for instance a word document with a macro
I've a question about Windows Defender. Defender has this thing called "Isolated Browsing", or more specifically the Window Defender Application Guard. How effective would that be in preventing viruses? Should I have this enabled?
It's not 100% effective, you still need anti-virus software but yes it should be enabled.
Before clicking to open any downloaded file, like a PDF, shouldn't one first right-click on it and run the antivirus/malware software, Windows' own or any such paid software? Wouldn't that save one from any problems? Thanks
Thank you for that very useful video. 👍👍👍
It's a small tweak but very useful and helpful to have the habit not to rely on thumbnails
I don't understand why people use icon/thumbnails, it is much faster to go through details. Since I have used detail view I had stuck with it for many years now. Never had an issue with any virus.
And can a normal PDF include malware? For example, I usually open PDF files on the web browser by default (so the icon changes for the web browser icon instead the one showed in the video) but can I PDF, which displays content, still include malware? P.S. Thanks for the tips
Not sure if it's possible to have an infected PDF (with correct extension) but I think the icon of an EXE file can be dynamically generated (just like picture thumbnails) so the malicious executable could easily look up what is the default app for opening a PDF on your computer and set it's own icon to look exactly the same.
Or even have an exe files disguising as a .pdf file extension ? So windows tells you it's a pdf, but when you click on it instead of opening pdf reader it launches itself ? Are we really safer if we display the extension ?
@@machintrucGaming No. That won't work. If file extension is indeed pdf then Windows will open it with whatever your default pdf viewer is.
Yes, it can. In fact, Adobe thought for some reason that is was a good ideia to add a scripting langauge to a PDF document (is is similar to JS). I will later add the name of the scripting langauge, because I don't remember right now. Edit: Adobe added actual support for JavaScrpit... 💀
scripts macros and like this are a huge security flaw for any office suit, as well as for pdf suit. Small correction: if file has a .pdf extention, then windows will ATTEMPT to open it with your default pdf reader. However your .pdf file may have some metadata which will open some more information about the file, and windows may automatically find a right way to proceed. Displaying the extension, and - not less important - the size, and other metadata will give you an idea about the file and might become an important signal about the way how to handle it. So answer is Yes, displaying extension, size, creation date, permissions etc are a sign of a good practice for file handling As for JS, and other scripts and macros, for most users it would be advisable to go through your office/adobe or other suits that you use and carefully look through all the security/privacy settings and disable/harden your settings. Disable JS by default. You will get prompt if your file asks to run the script. Disable internet access. You will be asked if file has a link or requires connection. And so on
One of the advantages to being a computer user since the early 90s is that I was used to all those settings, and didn't like the new less secure defaults when Microsoft introduced them, so I've always changed them back out of preference.
Shouldn't Windows Defendor block the disguised malware app when you click on it?
Great video! Thank you.
Useful information 👍
Is there a way to apply these settings to an Android device? Thank you kindly
Are you still effed if you right click on properties when you have doubts about it? And is there a downside to having Google Chrome asking you on every download where you want the file saved to?
it is possible to costumize the icon and only allow specific filetype opened in download folder (both broswer and file explorer)?
Never ever open ANY file when extensions are hidden.
Another strong reason to keep away from weird websites and only download pdfs and documents , books even , from the internet archive God bless
Agreed that file extensions should be visible by default... But I think this is something we've been warning about since... I think Windows 7 made that change, right? Making file extensions hidden by default. I vaguely remember it being a major security complaint back when the shift was made. Now, let me ask a question here. Is there a way to simply block the execution of certain extensions, period? Like, an administrative tool that does not let people run say... bat, exe and msc files? Or at least puts some 2 layers of warning on top of it before execution? Or, for instance, forces a timed quarantine into all new files. Sounds trivial to me to implement something like this. Particularly on the often abused .msc extension. Given that a whole ton of people don't have the habit of running a bunch of recently downloaded executables anymore, a tool that does this should be very useful to go against this sort of attack. I know some anti-virus and anti-malware tools already detects recently downloaded executables and nags users to scan it... Malwarebytes does this. And you have the usual Windows Security warning... but I think more options and control over this could be good, particularly for administrators.
This is helpful 👍🏽 thanks
Great advice, thanks.
Well done, my brother, for this wonderful video. It is true. A simple trick in the Windows file browser may save you from the virus trap.
I don’t see how you got the menu bar (with “new” on the left and “details” on the right).
I always tur on the option in my browser that prompts me every time I try to download a file, so nothing will be downloaded without me actually seeing the filename and extension and accepting the download
If you use other file explorers, check if color filters can be applied to file types. For example, I use Dopus, and every executable file automatically gets a red background.
does malwarebytes work when you have other tools installed and running or do they conflict with each other?
having multiple antivirus is generally not a good idea and only gives you a false sense of security
What about defender Leo, did it detect?
I think you'r wrong in the browser. "always ask" setting so I decide where the file goes. I can monitor the download and tell it where to go and not have to worry about random whatever downloading because I get to see basically what it is first. So hit DL, PC asks where to save and I notice "Oh, that's not what I wanted" OR " PC ask where to save and I notice something off I can pick a specific location for the download to investigate later or cancel the download.
Can't remember the exact name of the CVE/Exploit (one from 2022 or 2023) but I'd argue a bit about turning on file visualisation, there was this word file exploit that triggerred just by having the file visualized Pretty niche case but just a POC that it can be used as an attack vector
1. I ever have enabled the option details 2. I never save sensible files on the internal disk 3. I never open for me unknown files 4. I use as much as possible my - especially for bank account transactions - my Mac or my Unix-Based-Machine (with Mate GUI) ….yes I know Mac is based on Unix …I mean my dedicated Unix machine. 5. If I need to use my Windows PC I do the recommended security checks / updates as much as possible 6. If this is a file I need and still unsure safe or not - I transfer it to a special Notebook with minimal software equipped that machine I can re-build quickly Hope this will help as much as possible but I cannot close out my self to make failure too