You're right. I tested it. Renamed an EXE to BAT (or CMD) and Windows launches the EXE. Of course, you shouldn't open a BAT file unless you 100% trust it.

Very valuable piece of information! Thank you 👍

what about .doc files?

just dont run any suspicious BAT or EXE file. this video is so poorly made that he didnt even talk about the important stuff like how PDF or DOC can actually be an EXE file. Signature is there to say the file is UNALTERED AND from the OWNER. the OWNER can be the hacker so what's the point of checking that?

@@ms9001 Yeah and there's malware tools to embed into any other file, so opening a jpeg or png could open the original file _and the malware_

Who uses windows defender in 2023/24?

@@ArunavaVishalDutta a lot of people actually. It’s actually pretty good, and perfectly viable as long as you don’t click literally every single link and download every single thing that exists.

@@ArunavaVishalDuttaa lot and it’s actually good now

Never I tried loads of AV’s in my life and will never recommend to use windows defender or mcaffee to anyone. If want to use something free go with malwarebytes or even avast

@@ArunavaVishalDutta considering you dont need anything more and that its on by default, I think that a lot of people do use windows defender

That also verifies the integrity of the download for important files. It makes sure every bit matches what it supposed to be, which could be important for something like an OS

​@@tommy8716or any program. Specifically when you get a cracked game and 1 file that is 37kb is missing and it is so crucial the game won't run without it.😂

That assumes the download site hasn't gotten hacked, so not foolproof. But yes, its an additional security layer nonethelss.

The hash value is _not_ the same as a signature. There are ways to modify a file and keep the same hash value. Hashes are great for verifying file integrity (i.e. checking the network didn't mess anything up), but they can not protect against bad actors.

You could still post a file, e.g.,THIS_FILE_IS_NOT_MALICIOUS_WINK.EXE, with a proper checksum that still contains malicious code. A proper checksum verifies the validity of the file itself, but the file could still do deceitful things.

🐢

🐢

🐢

🐢

I'd say the VM check is Downloading Binaries 101, also I can't imagine a scenario where I'd download binaries that often, especially from suspicious sources

I guess my point is that not all unsigned software is malware, but (virtual) all malware is unsigned. Kind of like squares vs rectangles. So it’s still important to be aware of.

Microsoft Sandbox VM too? @@ThioJoe

if youre downloading something without a digital signature thats reason to exercise caution. youd want to go to the source directly for those executables, not trusting the copies you are sent over email. additionally, if the program you want to run normally would have a digital certificate, but the copy you have received does not, or has an unmatching signature, that tells you something is fishy.

@@ThioJoe That's true. I would remark that people shouldn't randomly open random executable files without actually understanding what they are.

well uBlock Origin browser extension's the one i use to block that, tho i do have to whitelist some sites manually and also it does block tracking pixels on sites too and on those i've to whitelist it the browser handles the removing trackers part i use LibreWolf which is a fork of firefox

I would also like to see a video on this by ThioJoe. I assume an ad blocker is likely the best solution.

Can you explain about it more

@@allanfikri Non whitelisted programers are prevented from modifying files in your protected folders.

Which is impossible to use, because the list of watched folders always include Documents. A lot of apps save their data into that folder. So you have to whitelist almost everything you run. So you will likely whitelist the malware too, should you ever encounter it.

And Backup, and running software as another user (achieves the same as Controlled Folder Access)

From my research, there is something similar in Linux. Apparently, you can check the digital signature of a file in the repository you download from using your distro's package manager. You can also compare its sha256 checksum on your local system with its sha256 on the repository where it's hosted.

Open the properties

@@AllExistence thats not what hes asking tho

@@XAMEREN That's exactly where you can see signature on files in explorer.

@@AllExistence he wants it directly visible in explorer itself, not to click 4 buttons to view it just for one app

One of the right click file explorer context menu options for a file is “Properties”. It opens a window with several tabs. One of tabs is “Digital Signatures” if it has any. It lists who has signed the file. It is two left clicks away from the context menu instead of one. Close enough I hope.

The PDF isn't treated like a webpage, Firefox is just a program that can read PDF files. This small difference is important, cuz as soon as u open a malicious PDF file, malware starts surging thru yr shit. Truthfully, the only way to prevent a malicious PDF from damaging shit is to scan it before you open it.

And yes, mp3's can have viruses. Think back to the Limewire days lol.

@PalmDevs Because of the video's title, I was expecting the exe column to be 99%. Those others are different ways to get malware.

What resolution are you running? Refresh rate?

you should go with an Atari 2600. it's the most powerful computer ever.

@@psyxx_ 3440*1440p 165hz

dude, he is more a software guy, ask ZTTBuilds

7800x3d anyday with 7800xt will run good for many years later just upgrade gpu when have enough spare cash

User Account Control isn't meant to check signatures of different files but rather to grant/revoke permissions from a user

And also be wary of using a signed application if it's not open source

It gets updated faster and it supports less features. Both good points.

Hey, interesting idea! Using private compression algorithms and regularly updating the encryption to enhance security sounds like a solid approach for Microsoft to explore. The concept of adding an ID to encrypted exe files for seamless updates is a clever way to keep things current and safe. I get your concern about closed source code, but it does seem like a practical and effective Windows-specific solution. Great thinking! 👍

That's some anti utopia s**t straight out of apple

@@absolutehuman951 Oh so you somehow think micros**t is "utopia" worthy? Nah mate, windows is closer to hell like apple is. If you thought the private compression thing was the "anti utopia" part then no, that's not how reality works. In reality users of m$ windows are targeted more often than linux users like myself because often they don't know how to keep themselves safe. The compression thing would obviously be an option they could turn off since developers would need access to normal exes to test their code with. Anyone who uses the compression thing is not gonna be someone who's overconfident in theit ability to protect themselves on the most user targeted platform on the planet. I'm not arragont enough to say I can protect myself from every attacker out there even though I'm on linux and I welcome someone coming up with a way to make the algorithm user choosable. My current idea for making this less dependent on a single source for the compressed version would be to attach the algorithm to the user accounts used to download the apps. On linux this would be a one stop shop to the distro's server or maybe even a shared one for all distros. Perhaps it could be the case that a dedicated app format is made instead like the elf and so binaries but instead a single extension for both apps and libraries called zef that expects to be uncompressed/unecrypted/both before being run. Much harder to inject code into a running app/lib than it's original binary. My original idea would simply serve as a inspriration for the final form of whatever is chosen because it is a dam site more secure than letting any rando app run just because it is a standard format like *.AppImage, *.elf, *.app, *.exe or whatever else there is

Apparently, that "game crashed" is how they know that they beat the game.

I've saw an artice years before where an article states a Tetris game comes with malware

@@GTAMan21 Russian spy software, perhaps?

Hm there shouldn’t be anything different 🤔

​@@ThioJoe Hi yes, I used my headphones and sound is perfectly fine. Thank you 👍🏻

I dont see it! 😮

I use masOS 10.13 (ik its a pain) and lineage os 20 on my raspberry pi

Use sandboxie or something like that.

Easy way to spread stuff... It goes directly to the person, you don't have to hope they visit your website or phishing them over to it.

After more than 30 years people didn't learn from e-mail attackings

Yeah where’s the other 1%?

Well i made up the 99% number anyway lol. It’s probably closer to 99.999%. The rest being a malicious exe that is somehow signed, which I’ve never actually seen myself and is incredibly rare.

@@ThioJoe got it 👍🏻

Maybe because ThioJoe looks older now and he wants to look the same as he did before in his videos? Or he's just testing deepfakes out? The only other explanation I can think of is he modified his face in photoshop and then deepfaked it to make himself look better or it just looks like that. I honestly think he just looks like that because of the way he talks on camera and the way he has his camera set up and the lighting

How's that true? Linux and Mac can get viruses too.

@@Slender-the-Blender But 99% of malware is for Windows only and Windows exe files are not made to run in Linux or MacOS.