There's plenty of reasons to run as a Standard account beyond preventing ransomware. Your closing thoughts at ~7:30 are bang-on. Security is a manifold process: it's Standard accounts, proper segmentation, principal of least privilege, etc.
@MikaelKKarlsson2 жыл бұрын
Standard account is useful, for guarding the operating system from a particular user. 😉
@Mario583a2 жыл бұрын
Let me guess: Dio Brando,
@mrlogic46192 жыл бұрын
@@KZbin.Pigeon 😐
@The_Black_Hole2 жыл бұрын
@@Mario583a OH NOOO
@russellhltn13962 жыл бұрын
I think the advice to run as a standard account comes from the era of worms and viruses. By denying access to system files, it was much harder to infect and spread. But ransomware is about user data. Different game.
@loryt6902 жыл бұрын
yes is for that, if you use normal account some permission are denied
@A42yearoldARAB2 жыл бұрын
Still helps because it does not have the permissions to encrypt other users. If it was configured properly, a standard user needs admin permission to run the doggy file in a way that it writes to begin with. Obviously a business should also have av and backups of what users have access to.
@cpuuk2 жыл бұрын
It's all about layered defences, you don't just rely on one lock to protect the system.
@ltxr99732 жыл бұрын
Finally you're making that video! Running malware as admin is really nice to show off what the malware does but it doesn't say much about an everyday scenario or how good the malware is at escalating privileges.
@TheWhiteBamba2 жыл бұрын
THIS is what we needed as a video. Started watching it, and curious to know if the non-admin group is actually right for newer cyber threats.
@TheCocoaDaddy2 жыл бұрын
Thanks for doing this test! I would expect ransomware to be able to encrypt any and all data a Standard account user would have access to. I was hoping to find out if other parts of the system could be affected as well.
@DePhoegonIsle2 жыл бұрын
other users, core files, aka anything you need elevated access for. aka if you see the UAC it will likely hinder that. (methods exist to bypass it, but those are exploits & tend to target priority targets)
@pyrotex82 жыл бұрын
Since you've done recent Linux security videos as an addition to your Windows security videos, I know it would be very difficult, but I think it'd be really neat to see some macOS security videos, as there isn't a whole lot of info in that area that I have found.
@thebritishindian12 жыл бұрын
I’ve been using Trend Micro for years after seeing your original test on the channel. I was really happy to see it’s effectiveness at the end of the video. Thanks Leo!
@jer1776 Жыл бұрын
Ive been considering using a standard account on my computers for a while now. Thanks for the demonstration
@jakobfel22 жыл бұрын
How good is Windows Defender's controlled folder access feature at protecting against ransomware? Given the fact that I'm running on a standard account with Windows Defender and it's constantly blocking stuff via the controlled folder access feature, I'm curious if that plays a major part in protecting your system or not.
@stefanie692 жыл бұрын
i want to see a test on it too
@DePhoegonIsle2 жыл бұрын
It does, but it needs better training. you have to allow certain programs access (like one drive, if you use it) or any other programs you constantly use to save/retrieve data from there. It help stop any new one. Also, don't save your dev programs into those folders, or at least do not let your dev programs run inside there.
@voidwalker75072 жыл бұрын
Well, for example if you use core isolation - a feature of Windows Defender it will put most of the important processes, sevices and registry keys into a hypervisor but it messes with virtual boxes.
@ollicron73972 жыл бұрын
It's incredibly overprotective, after a week of using it, I had to turn it off because some executables require access to different folders on your system. You COULD unblock the denial of programs being able to access certain folders but it requires a lot of manual work.
@jakobfel22 жыл бұрын
@@ollicron7397 Yeah, it does get really annoying but I'd rather deal with it if it means that I'm less likely to have to worry about ransomware. I make regular backups that I store offsite but restoring them would be a major pain.
@buffuniballer2 жыл бұрын
One of the key points of making standard users is control over what is installed. Sure, some programs can run locally, so let's get that out there. However, system wide applications cannot install without UAC getting involved to let the user install. I think of this more for computers shared by a family. So I make standard accounts for the kids. They cannot install programs and cannot access and/or corrupt my data. They can lose theirs (you did back up, right and make sure backups are not just to another drive on the same system, right?) so you minimize what is at risk at any given time. However, if the standard user has read access, data can be exfiltrated to someone else. So not letting that user even read other users data is part of a multi-layered security plan.
@ampeg1872 жыл бұрын
Standard user accaunt with a seperate admin accaunt that are both password protected and with UAC on Max is a good habit to get used to. Its also smart way to keep other users away from uninstaling programs or disable av. Its another layer of protection that is smart to have
@richardh90712 жыл бұрын
Standard user accounts certainly do reduce the blast radius and prevent VSS being disabled, so it is a worthwhile addition to a defence in depth approach. My fear is when ransomware starts filling the free space up with random data, to not only make forensic recovery of encrypted files more difficult, but to also cause the hard drive to reach capacity and induce windows itself to delete the volume shadows. That could be done from within standard user accounts, and with SSD's could be accomplished in 20 minutes or so.
@tyaprak2 жыл бұрын
"Everybody knows the dark mode is for pros" 😎
@punisher4272 жыл бұрын
Why my windows doesn't have dark m
@FL1K4z2 жыл бұрын
@@punisher427 caus noosb...😎😎😎
@Ran6ger2 жыл бұрын
Can you retest comodo? It’s been a while, and they’ve updated quite a bit. Would love to see how effective the “Comodo Container” is.
@itsupport19110 ай бұрын
Folder encryption would still protect data, admin or not. If sharing a single PC with others, it's a must for local file storage otherwise just use cloud. Admin vs standard makes a diff only in a very basic/limited scenario.
@PreybirdMKII2 жыл бұрын
Do you have any plans to put Trend through the extensive Ransomware tests like you have run Kapernsky and others through? Very interested to see how it stacks up compared to some of the other solutions out there.
@DePhoegonIsle2 жыл бұрын
I mean, sure ... but it comes at the cost of many things that need to be followed as well. (avoid running programs with elevated permissions as much as possible. / use control folder access for important documents / don't give fulll read/write access to users who only need read access / don't keep critical files in only 1 spot / use version control software for project files & user created files / enable & use UAC @ max settings / etc) -- Though my personal favorite is, install steam/other game mangers outside of a protected folder alongside the games. This seriously cuts down the possibility of rogue games/programs for games even needing elevated access for anything, and while your games & launcher could be nuked it helps stop ALOT of the accidental or even malicious games/programs any normal user would ever see from entirely destroying everything. The problem is that most users benefit the most from being put onto standard accounts, because it prevents auto exploitation, and forces a prompt box for thinking about what's going on. This will never fix 'stupid/impatient/ignorant/greedy' users who will want & attempt to get free things, go to shady shady places, and force run software from uncertain places while taking risk on risk all for a free thing or easy gain. Normal users aren't targets for 'targeted attacks', their computers which make up the majority of the advice aren't valuable (or hold valuable information). Though don't think it wasn't noticed how twisted it, conflating corperate security & home security measures, just to promote a home security product.
@wilfredotorres66282 жыл бұрын
Hi Leo, A lot of security has to do with being very vigilant and using sound secure methods that are known to work and like most of the high-tech industry, it's always changing.
@marquiniocontrerasamaya13692 жыл бұрын
I don't really agree with your statement around 5:38 mostly due to in my particular expirience whenever theres a change in the file system on a standard user account, you would have to type in user name and password in order to overwrite the files. You can add new files but not change them without credentials from what I have seen. please let me know if this is different for you guys.
@marcuspvxea2 жыл бұрын
It's like they always say, in Cybersecurity you don't look for what a person know, but how a person would approach and apprehend a situation, in simple terms, Problem solving traits.
@kabloosh6992 жыл бұрын
The key is "defense in depth." In other words you should be using multiple layers of security from the rule of least privilege (aka standard user accounts), an AV, network IPS, strong passwords, 2FA, and secure back ups. Network shares a nice but probably shouldn't be relied upon for official data storage. Using a web based application like Sharepoint to store official documentation may be a better solution so if you are a victim to a ransomware attack only the data on your computer is lost. Which sucks, but wouldn't harm the entire business since core documentation and data is stored on a separate server. You "could" gate a network share where the user always needs to authenticate to access it. This would at least prevent any automated ransomware from taking over but if you're already authenticated in the risk is still there. That said white listing only approved software and .exe files on workplace computers would help avoid a lot of this. The adversary would really have to work hard to get around that first by knowing what is the authorized software and then making their malicious ransomware look exactly like the legitimate software. This isn't something I would put effort in for a home user in trying to implement. The administrative overhead in making this all work is a pain in the butt.
@RockTheCage552 жыл бұрын
Yes any data the user has security to modify (not read only) Ransomware will be able to encrypt. They will be able to steal any data you have read access to (which might be sensitive). Being a standard users (or being an admin and not clicking your UAC) will prevent it from doing things like switching your DNS to a rouge DNS server.
@wolf14382 жыл бұрын
Of course standard user account by default won't help without proper written rules in group policy.
@drowningin2 жыл бұрын
Couldn't the OS dev prevent encryption, or know the encryption key used to undo because its using your processor to encrypt, and it can save how its doing it. So in a future version it could be as easy as going to start>settings>encryption>undo and it have a list of all most recent changes?
@vadimuha2 жыл бұрын
Imagine you encrypted list of your password on laptop, someone stole it and they can just go to settings>encryption>undo what's the point of encryption then?
@SimDoes2 жыл бұрын
There’s public private key encryption where a different keys are used to encrypt and decrypt, so saving the public key wouldn’t be very useful
@prodbywerty2 жыл бұрын
Encryption isn't always reversible.
@DePhoegonIsle2 жыл бұрын
What you're thinking about isn't possible because of how encryption works. Also, what you're wanting (because of how you want it to work) is 'version control software' aka having a second copy of every file/folder, every version of it. That is expensive on the data storage costs with, and while doable is well beyond normal users reasonable means. -- aka, things like 'git', 'timemachine', etc.
@Tomb_Raider1232 жыл бұрын
Please wanted to see more Trend Micro malware test videos in this year. Also test its APT protection.
@fivestar22272 жыл бұрын
The admin account in this demonstration was not passworded had it been that dirty discord executable would have triggered the admin account password prompt before it could run. If it was this simple to run malicious files on standard accounts every work, school or public network would be doomed.
@OnE618113012 жыл бұрын
I wonder if it could circumvent the user separation - for example, even if you run it as a regular user, could it embed a payload in a way that as soon as you login as an admin, it's restarted and encrypts from the admin role too...
@CoolDudeClem2 жыл бұрын
Best advice is to just stay away from shady websites and avoid opening e-mails you didn't expect.
@alphaslayer73602 жыл бұрын
Hay I have a question what's the difference between Avast and Avast one?
@TheawesomeMCB2 жыл бұрын
Another thing I find problems with a standard user account is that if you use that standard account 99% of the time, and that user account gets hit with ransomware, then there goes all your data anyway. If you did an admin account it would do the same thing. Not to mention some ransomware can have UAC bypass in it if you used a user account and the ransomware needed admin privileges. It’s always a good idea to have a modern AV like kaspersky or bitdefender as those will 1. Detect the ransomware 2. If the AV detected a UAC bypass, it would most likely set off the exploit protection on top of it.
@Tomb_Raider1232 жыл бұрын
I also wonder which Tier is Trend Micro in terms of Security ? As per your previous tier list of Antivirus you made.
@alirezapourranjbar7652 Жыл бұрын
Thanks for the informative videos. Is there a way to get hands on those ransomeware viruses that you used for testing ?
@mdredoan7652 жыл бұрын
Which antivirus should i buy..... Kaspersky internet security or Kaspersky total security
@Palo_Z-Lucenca_Limited2 жыл бұрын
User Account is not problem for R groups.. its sofisticated atack with privilage escalation, network pivoting and lateral movment.. goal is DC (win active directory) and backup (NAS) server.
@artistryartistry72392 жыл бұрын
So you should keep highly sensitive documents in folders on your admin account, and switch logins when you need to access them, or at the very least, store sensitive docs there and provide read-only access to the user account.
@shadowtabbys2 жыл бұрын
Does kaspersky protect against this too Leo?
@mk90272 жыл бұрын
Both aren't most modern exploits using privelage escalation or rootkit type of trick?
@Arachnoid_of_the_underverse2 жыл бұрын
Is the Av not using fingerprinting on the files though, rather than some more subtle behavioural technique?
@somethingcoolgoeshere2 жыл бұрын
Doesn't alot of malware rely on the fact that most people will by default be in the administrator account?
@AirgapNetworks2 жыл бұрын
The cybercriminals could consider security risks in a website as a goldmine to penetrate the company’s operations. They could even damage the vital resource on your website - making you start from the ground. Ransomware attacks can occur when businesses fail to follow basic web security policies and frameworks.
@zetectic79682 жыл бұрын
Very interesting. Thanks Leo
@droy3332 жыл бұрын
Oooo can I send you a virtual machine to test out? What Virtualisation software do you use? I would simulate the setup I use and instruct my techs to configure (often via GPO's).
@A.hdh.2 жыл бұрын
Love the Interstellar wallpaper
@rachelkesavan70502 жыл бұрын
AV-Comparatives, one of the world’s foremost antivirus testing organizations based in Austria, conducted a performance test in April 2022 that compared 17 international antivirus brands and ranked them based on their impact on device performance. K7 Antivirus emerged as the winner in the test with an impact score of just 1.6, establishing that K7’s antivirus has the least impact on device performance.
@flowsava2 жыл бұрын
i could've used this video when i got ransomed a while back. for the discord nitro ransomware [which i did have at one point], all i really did was restart my computer and i guess windows defender cleansed it? not too sure what happened
@mistie7102 жыл бұрын
To be honest, I can own to glibly parroting the mantra of using a standard or user account in days gone by. As a Unix, later Linux user, this was a standard procedure anyway, keeping your dirty mitts off the root account was built into many distros, either by restricting the root account to the console or stopping its use altogether in favour of using the "sudo" command should you need admin access for a limited action. Indeed I can recall arguing that Microsoft giving out admin access by default on most primary installations was a real source of humour back in the day. Of course this all predated the dawn of ransomware. The idea of encryption of data was all very well when it first came into being but when unscrupulous people started to use this to hold data for ransom changed everything, especially as, even with access management and need to use control, plenty of damage could be done. That's before we get to temporary elevation of privilege which keeps getting patched out only for malware writers to find alternative ways to gain a position of power on a system. It gets to the point where the best way to avoid infection is not to turn your computer on in the first place, but that's no use to anyone. As for Trend, I always used to use Housecall as a double-check on a given Windows system. It's a single pass system that is free to use to back up other antivirus programs just so that you give the system the best chance of surviving an attack. Otherwise I use Bitdefender on some systems, Windows Defender on others and at one time I used Kaspersky.
@aaronk99102 жыл бұрын
The reason you run as a Standard User is because only through this all you additional measures are still in place and can not turned off, like Applocker, Bitlocker, Firewalls, Antivir etc. That's the concept vehind it.
@fabrizziobridi90912 жыл бұрын
I can't use my pc so I can't test, my question is, If a ransonware that locks you screen runs as a standard account, the malware will lock only your screen or he doesn't have the right privileges to do so?
@artistryartistry72392 жыл бұрын
Can you the trend micro Max Security along side Norton AV?
@Cesar33-pl2 жыл бұрын
It was very helpful, thank you!
@rosep55162 жыл бұрын
Please where can I get these random ware for educational purposes?
@LennyLibitz2 жыл бұрын
Leo - would it be possible to do the same with a more locked down system using GPO?
@BrokenMedic2 жыл бұрын
Will shark wire capture the key being sent back to the assholes the encrypted your PC?
@simoncroston45812 жыл бұрын
No security pro would say you are safe with a standard account. Priv escalation is common knowledge.
@loryt6902 жыл бұрын
does windows sandbox is more secure then use normal windows?
@pizzel2 жыл бұрын
where can i download the sample malware with your script to try on a demo machine. im trying quick heal antivirus also sold as seqrite endpoint, thanks.
@ultralaggerREV12 жыл бұрын
It’s ridiculously funny how this video just came out after Britec09’s video…
@Goasler2 жыл бұрын
Can you please do a malex and a Ransomware test with Kaspersky Internet Security and Malwarebytes Premium (both active at the same time)? This would be nice. Thanks in advance :D It would be interesting if this two softwares would work together.
@zedx15432 жыл бұрын
can you test eset smart security premium
@surfer41852 жыл бұрын
Hey, Where can I find these type of ransomwares? Thanks!
@user-iv1qz1tx7u Жыл бұрын
Go download some shady stuff, you might get some 😊
@oniichan-onii2 жыл бұрын
Which vm software are you using?
@Dailyshorts_of_youtube2 жыл бұрын
Hi, im using your links to buy some AV buy the links seems to be bad
@guilherme50942 жыл бұрын
Thanks!
@jamejame22782 жыл бұрын
I am wondering if reset to factory setting, will that remove virus?
@user-iv1qz1tx7u Жыл бұрын
No, it won't remove a ransomware. You need to search for proper ways to do so.
@simplememelord Жыл бұрын
does it affect our partitions file?
@hellocomputer71352 жыл бұрын
Please re-test McAfee antivirus because I think it's improved a lot since 2020. Thank you!
@CeleronS12 жыл бұрын
Thank you for video! :) You should test HP Wolf Security solution.
@aronjanssen57022 жыл бұрын
U have alphv? If not i can send it to u?
@abdullahal-shimri30916 ай бұрын
I switched to Linux long ago and never looked back. However, I'm required to use a specific app which only runs on Windows 11 and I just bought a separate laptop for that. Nevertheless, my daily driver is a Linux.
@spaceguybob2 жыл бұрын
I mean, this is a standard thing on pretty much every other modern OS to not make the user a root/admin account
@1reflect1552 жыл бұрын
my friend installed some "warzone hacks" on my pc a couple years ago but i had put him on a user account
@lenarnie29732 жыл бұрын
best channel, more videos pls
@qdog10332 жыл бұрын
how reliable is virustotal?
@paulstubbs76782 жыл бұрын
Nice, I always assumed ransomeware would know how to get around user account restrictions, so there would be no difference. As for dark/light mode, I tend to regard dark mode as a young noob bull, I never had it 'before' and my eyes were not bored out of my head, so it's a load of bull (so are they going to print inverse, they can't handle white paper)
@paranone2 жыл бұрын
Some of your statements are misleading, using an account with local admin rights doesn't mean you have access to the whole network, and using a "standard user" doesn't mean you don't have access to all network shares, the 2 are completely separate things...
@dwoolet2 жыл бұрын
How to become a cyber security expert?
@GT77762 жыл бұрын
KASPERSKY BEST
@tigercrafter63452 жыл бұрын
Yeah Kaspersky is best
@D1sturbingThePeace Жыл бұрын
@@tigercrafter6345 no
@AWJG2011plays11 ай бұрын
HELL NO
@voidwalker75072 жыл бұрын
Try the new Scan and Protect portable cloud scanner from Sophos brother. Interesting, as it performs similar to NPE with a reputation based scan. Yet, for example it finds caffeine.exe as malware, let's you choose to upload it for analysis. It seems to take the evolutionary approach, better to see faces in the woods than to miss them and get caught. I know you are aware of the "Sophos Virus Removal Tool." Now they have an updated version. Cheers mate. --
@artistryartistry72392 жыл бұрын
Is he running all this malware in a VM? And is the host probably a PC that's totally disposable and is routinely wiped? Even then, isn't the firmware of that host at risk?
@CeilingPanda2 жыл бұрын
Believing in random comments from on the internet is usually bad advice
@eliotcougar2 жыл бұрын
Backups, backups, backups...
@PandaMilitary2 жыл бұрын
Plss test windows security in windows 11 it would be great!
Reason why standard got affected is because you did NOT made it both Password protected!!!
@TheHolm2 жыл бұрын
No
@genjibob76032 жыл бұрын
what to do if standard acc got infected. 😂 give us full process.
@bryanmartin_2 жыл бұрын
Oh no, your files, have been encrypted! LOL
@oneninth02 жыл бұрын
ahem, Create an admin account then create a standard account as your main, whala
@mrtwinky20072 жыл бұрын
youtube did not tell me about this video
@FalcoGer2 жыл бұрын
You see, privileges permit you to do things. Having less of them is better. This is why web servers run as www-data and not as root. Because www-data can read the files required for hosting a web server while root is god. A user can read and write user files, and nothing else. While NT/SYSTEM AUTHORITY is god. If a virus gets executed with user rights, it can do all the things the user can, that includes deleting all the user's files, encrypting them, or sending their firefox passwords database off to the hacker (use a master password by the way). Just because one type of virus targets your user data doesn't mean the advice of running as an unprivileged user is bad or useless. If you have multiple users on your system, one idiot can't nuke all your files, unless of course everybody is admin. Just because a vulnerable web application can delete the website that is hosted doesn't mean running the website as root doesn't matter. "Security in depth" is they key terms to put into your search engine here. Running unprivileged doesn't mean you are safe. Running antivirus doesn't mean you're safe. Updating your system regularly doesn't mean you're safe. Using strong passwords doesn't mean you are safe. There is no one click solution to cyber security. But you reduce attack surface by doing all of the things above. And that is also why windows defender is good enough even though it's one of the most targeted AV for evasion. You don't rely on this one thing to keep you safe and you never should rely on any one thing to keep you safe, because such a thing doesn't exist. Be smart, check your sources, be updated, have a backup and don't click yes on every prompt you see without reading. When in doubt go to the official source and double check. UAC doesn't stop users from deleting all their files isn't the argument and saying that it is is dishonest. The argument is "It's safer.", and that is true.
@tst67352 жыл бұрын
Thx m8 I
@Akotski-ys9rr2 жыл бұрын
Why would you want to use your computer with a standard account? That’s like using the school computer
@Daxter2502 жыл бұрын
it triggers me so hard that leo turned of file extension xDDD.
@tezlol22552 жыл бұрын
hey
@pancak32 жыл бұрын
EARLY
@ieg79562 жыл бұрын
no one cares man
@wingmor2 жыл бұрын
Can i have you attention and ask to review a program called Zillya. It is pretty cheap antivirus and it would be nice to know if it is reliable.