I remember the real early days when you could browse remote servers entire drives.

@@kjisnot me too. You could put a popular web address into your ftp program and see everything they had.

I remember in early days there was websites hosting remote control of literal computers and allowed you to do anything on them. (Found out cause I wanted to bypass schools firewalls)

I remember the real REAL early days when I used to push electrons through cables by hand.

So do tenants n Aa you mentioned tokens

That's why you should delete them regulary

@@Kaiserschmarren problem with that is, you need to accept all cookies again everywhere and you will need to login again, and what does that do? It gives you a new token in a new cookie and yoiu're back where you started.

@@csparty11 you can choose to delete them with every time you close the browser. But its not for everyone

@@csparty11There's this handy-dandy option to NOT accept cookies; and if you're using Firefox, there's an option to autodelete cookies when you close the browser.

Now it's 17

That's a little bit paranoid but you are right.

that works until you need to download some new program and you can't even be sure which website is official

Considering that from a User's perspective, every executable is unknown - you might as well just say "don't own or operate a PC ever".

He's downloading files and then going to a site called VirusTotal to figure out if they're malicious. Very simple. Not sure where the confusion is.

I agree, all cookies should be encrypted, not just some. smh Oh and the password protected archive and installer are a giveaway of something fishy. People should be a little more wary and not be clicking on everything random online.

even if they did, they could grab the whole folder containing the profile and just copy/paste it in their PC and they would be logged in the sites as much. (i know it works since i am using my FireFox 115 ESR folder from windows 7 i just updated on my FireFox 123.0.1 on windows 10 like it always was on win10.)

encrypted files are useless when you can just copy it. encrypted files needs to be decrypted so that the website can tell who you are. does not matter if the decryption happens in browser or website, the browser will just read the encrypted file or pass it to the website for decryption

@@ArtflPhenixyep exactly, same with my reply to this comment, they can just copy the whole profile folder and they put it in their same browser and it will all be logged in, then all they do is change your passwords. the browser will decrypt it since it has to be able to, to use it. on a side note, the only reason encrypting passwords on a site to help with data breaches is that you hold the decrypt key, they hold the password so even if they have the password files, they do not have the millions of decrypt keys. but it does not work the other way around. there is one decrypt key (the site) and anyone accessing it gets the same key. that is why it would not work.

@@ArtflPhenix- Well the browser should encrypt and decrypt it in memory when needed using AES256 which is currently uncrackable without super-computers.

there are many ways, including use of command prompt, or 7zip

@@user-od4gs3iu4t link on how you open MSI file. especially 7zip

@@noobnoob5072 1. Command prompt -> msiexec /? and pick up the parameters that you need 2. The easier way is to install 7zip, right click your file and choose 7zip -> open archive, then you see the content and can extract it completely or some parts of the container

Bro has 639 videos on his channel....

no easy way really, other than having solid proactive protection from infostealers or access control to prevent unknown applications from reading your browser folders (this would be only possible with specific enterprise solutions).

This file my guess is not signed, and just PRETENDS to be a legit installer from a recognized and reputable company. Standard windows protection might be enough to notify the user that this program is not from a trustworthy source. Meaning they should be activated, like UAC high security, all features from MS defender. And non-administrative account. Users should just understand the importance of these simple steps

Don't click on every stupid "You won a millions dollars!" or "Download this free app!". that should take care of 90% of the crap.

yeah the advice not to click every link is a kind of universal safety measure. well the good protection is simple: estimate your risks and find the best security measures to counteract them ) But the way to estimate and find measures is not always easy ) For a normy user in most cases would be enough to sit behind firewall in a router, installing MS defender with all activated features and desirably those in defenderUI, configuring secure DNS, VPN if travelling a lot, and some good desirably open source programs like Mullvad for internet browsing, LibreOffice, Foxit or Okular for office/productivity. Good also to have Portmaster as a better firewall and COMODO as a better HIPS utility. That's it ) Now backup your data and start sleeping well without nightmares about loosing all the data )

​@@BillAnt Sound advice. You still have to pay for your lunch !

Or KZbin, or Instagram, or Tiktok, or...

@@JohnDoe-wl8zkanywhere

Yes, they can encrypt it with a passphrase. And where are they going to store the passphrase? On this computer... Yes, other apps should't usually access others' data. But he just ran an installer which asked for full admin access and was given it by the user.

@@MartinWoad- Encryption/decryption can be done in ram without storing the keys.

@@BillAnt Then the key is still on your machine. Harder to get but not impossible.

​@@MartinWoad- Much more difficult, and RAM can be protected too. As is right now, it's just grabbing a file, crazy!

​@@BillAntThis implies that you will lose the encryption keys as soon as you close the app. Why not store the cookies in RAM at this point? I think incognito mode already does this Edit: it seems that cookies might still be stored in a cache folder in incognito mode 🙃

you normally need only NOT to allow direct access to your host machine file system, so no file sharing etc. Other than that you are pretty safe, and if bad thing happens just reverse the system state to a saved point

it doesn't have any, unknown publisher etc. Shouldn't be run, and any HIPS utility, or MS UAC, or MS defender will pop up to inform the user and will ask for admin privilege to continue installation

In the source code there must be some kind of filter for which files to send and which to keep. Files can get really big and traffic can get noisier which is not in the interest of the attacker. I doubt they would pull your exe files, especially ransomware. At the end of the day, they invented the same ransomware they get so they could decrypt their files automaticlly.

@@machina123they would not take a big file unless they don’t know what they’re doing you detect is easily if it’s over mb even

yes 8-) 1. Don't install some shady software and don't run some random applications. Use digitally signed soft, or freeware open source if you trust the creator or checked it by yourself or community

2. Install "noscript" browser extension to get control of the scripts in your browser. Activate, deactivate, or activate temporarly, tune permissions for any website you want

3. You can use private window in most browser to run a cookie-free session, to enhance your privacy/protection. If this is not convenient, you can install some more browsers which you can use specially for cookie-free sessions. Some like LibreWolf, Mullvad, Tor are privacy-focused and also give you enhanced security from data leak

Sure, but there could be a zero day in some software. If you are signed in to a lot of stuff you're wide open. If you have all personal data locked behind a password for each access, then as soon as something tries to read it outside of the proper programs, it won't work. Android has basically a separate space for each app to use. Shame windows doesn't have such thing.

@@AgentM124 zero day can be for any apps and for any system. Do not trust all your personal data to just one computer. Never. If you value the data, that means. Security and data protection/backup/archiving are different topic. Here most talks about security, the channel is about security, and the topic is also about security. But we can talk about data protection as well )

No its default defender

Thanks! I’ll address this in a future video.

you can do definitely quite a lot against this threat. 1. Secure DNS or VPN 2. Yes, good AV certainly helps. Those with zero trust are especially helpful 3. Regardless of protection, avoid installing some shady software, and opening pdf/office files. If need to, disable scripts and macros. This is at least partially covered by DefenderUI utility, which works for MS defender, and might be something similar configuration options in other AV as well. It's also safer to look these files in a virtual machine. 4. Block lists. The more the better. Some are included in VPN/sDNS, some other are browser extension, and many more. 5. Good updated browser. Browser like no other program connects you to internet and should make the best to protect your privacy/security. The best to my opinion are Mullvad and LibreWolf, and might be Tor. If you prefer a more common browser, then you better harden it, and install "noscript" browser extension. 6. Worth to mention the standard security practice: use non-admin account for work. Increase UAC protection level to some high alert mode. 7. Last but not the least is the common sense. No AV can guarantee your protection if you reply an e-mail and write down your credit card numbers, home address etc. So YOUR PERSONAL ZERO TRUST when you go to internet or check your e-mail has to be activated as well ) Hope this helps

1. Installing "noscript" browser extension for daily use in your main browser. 2. Using "private" window for cookie-free session in case you need to visit some trustworthy website but have to activate its scripts cause otherwise it doesn't work properly. It's a case of privacy-focused session. 3. Installing one more browser like Mullvad, LibreWolf or Tor for visiting some shady zones or experiments, if you need it for any reason. It's for security purpose

@@user-od4gs3iu4t None of these help 1. Installing noscript has nothing to do with cookie stealers and cannot prevent you from downloading malware 2. Cookies in private windows are just cleared when the window closes so if the malware is run while the private window is open the cookies will still be stolen 3. The browser makes no difference, cookies can be stolen from all In response to the actual question, the best way to protect your cookies is to just use your bran and don't download cracks, cheats etc as well as using a good AV The cookies can't be encrypted because, simply put, websites and programs need access to them so people would end up always clicking yes when a program asks for permission or asks for the password to decrypt them (like with UAC)

@@sylussquared9724 thanks for going to a point this time instead of just stalking me. 1. It helps greatly in fact. The examples are cross-site scripting. This is already known vulnerability, but might be more to come. It helps to avoid bad consequensies of mistype, thus it's a passive protection for your credentials based on misnomer and phishing. 2. You can check this in your own browser that you open the new cookie-free session. Well if you use a good enough browser, being said. 3. Your statement contradicts with your another statements about sandboxing the browser session. Stealing cookies comes normally in the context of data privacy and safety. If you talk generally about malware, then literally ANY data can be stolen, that's why it's not worth to talk about cookies only. I didn't force a meme about encrypting cookies. On the contrary, I wrote the arguments similar to yours. So there is no point to discuss this topic

They unencrypt the credentials from base64 to plain text, then they can see your name, passwords, everything. or they will just install your credentials into their system and the website that matches these credentials auto signs them into your account. All the website knows that is You on another computer.

PC Security Channel is a great channel, but John Hammond has a great channel as well.

​@@REktSigMa- The website should check the IP on every single page access, so even is the scammer can replicated your session login, the server should catch it and request a new login with a username and password.

These people know how to get around anything after they have your credentials, IP is probably known as well, and with VPN's who is to say they cannot be in your country. Even VPN's are not safe. @@BillAnt

Matter in fact I think PC Security Channel has a video on IP spoofing. I think so? @@BillAnt

if you talk about some known issues with java script vulnerabilities, then the security model that you use looks safe. With some doubt about Opera, and chrome as well since it is not completely open source. I would replace them with Mullvad, Tor, or Librewolf. It's not a perfect defense, it won't protect you from zero day. The whole idea of using different browsers comes mostly for convenience reason, to avoid changing many settings. And then just appointing the role for different browsers, so your everyday use Firefox with noscript and ad blocker, Mullvad for example is for shopping, Librewolf for testing. If you talk about malicious software in general, then of course it can grab whatever you have on your computer. And I have no idea what was that shown in this video ) Someone in comments wrote that the installer put some "extension" for browser, but no further information so far )

@@user-od4gs3iu4t You have zero clue what you are talking about and are just waffling nonsense In answer to the actual question, yes they steal cookies from most majour browsers and what browser you have makes no difference

@@sylussquared9724 hello. Are you my stalker?

Isolated programs are one way, but it isn't easy

don't install info stealers ) use "noscript" extension in your browser to get a tailored control about the scripts running in your browser

looks like just an installer. After that it does everything itself according to its ps script

yes, it's possible. Called malicious scripts. First extension that should be installed on any browser is "noscript". Then some ad blocker with malicious/phishing filter list. Helps greatly to improve your browser security. Any downloads should be carefully checked, including digital signature, its signer and validity, file integrity etc. And remember that it's always better to download from a reputable file source that just from a file exchange server

Theoretically yes its possible, practically no. To get hacked by just clicking on a link you need to be targeted by a vulnerability worth tens of millions. Said vulnerability are only used against companies and people governments hate, so just don't be either of them @@user-od4gs3iu4t It may surprise you to learn this but ALL scripts on browsers are sandboxed meaning they cannot access the machine in any way (unless allowed in very specific ways by the user)

Sylus, have you heard about XSS? probably not. Your another statement is wrong as well. Your browser may access to your file, but after your authorization. Which may be done by you if you by mistake went to a wrong web site and thought that it is your bank web site, for example. This is a kind of misnomer/phishing attack. And "noscript" gives you one more chance to recognize that you went wrong ) No security is perfect, and unlike your statement something like "user will just click ok and proceed" this one more notification might be of great value for people who need a secure system running

Put the hash of the file into virus total: bb7c3b78f2784a7ac3c090331326279476c748087188aeb69f431bbd70ac6407 Its detected by kaspersky

cool. is this digitally signed installer, or without it, or not a trustworthy company? any other signals about malicious origin of this utility?

​@user-od4gs3iu4t It's a normal .msi installation that most antivirus programs will not flag any kind .msi. The .msi simply runs a CMD code that installs an extension in all the browsers on your PC, which also isn't flagged by any antivirus. The extension in Chrome can actually steal your data. It bypasses Windows Defender and other antivirus programs because it doesn't steal from your PC directly by running malicious code.. its steals from your browser hope you understand what i mean ...

@@UmarFarooq-qi6qj yeah, I understand what you mean. My question was about signature. These type of installers may or may not have a digital signature, hash tag and other security information. Did you check it? Pretty sure that there is no or some shady signature, just interesting

​@@UmarFarooq-qi6qjCan Kaspersky stop it?

I would check this file by my own, but my Portmaster blocked FB/meta completely ) I enjoy this freedom and don't want to touch my settings )

reporting it needs a certain volume untill it goes to human review. its just not recommended to similar audiences or just goes away from your personal feeed. it's all systems , plus Google and FB having fired all the human review teams means that thing is going to be around for a very long time.

Facebook just doesn't care Their platform is full of malware and scams and they do nothing about it

uhu. Very scarce info

Listening to what Pegasus ( NSO group) does from the various reports . you don't even need to click anything. As long as the device is on. it just targets you remotely based on your phone number or esim. I have heard it works on Android and IOs both. initially it had the limitation of having to send via email or what'sapp and telegram chat applications but there was mention of zero click install. It only get removed when the device is factory reset.

@@tanmaypanadi1414 While you are correct, said malware uses exploits worth tens of millions and pegasus doesn't waste them on average everyday people Unless a government is after you, you are not going to get hacked from just clicking a link

malicious scripts. Get some protection with "noscript" browser extension

@@user-od4gs3iu4t No, research what a sandbox is and how browsers use it

@@sylussquared9724 just interesting: do you have a security studies certificate?

that's why they password protect the archive, so that Google cannot scan it.

Well damn maybe google should make it a default feature to unpack everything uploaded to their cloud by passing password locked protected folders

@@Darkregen9545 do you expect them to brute force every single archive uploaded to their servers? That would take literally billions of years, it's not feasible.

who? where?

@@user-od4gs3iu4t You can see it running at 3:36. It does nothing it seems, it's just there. Can't find it elsewhere and I don't use it, but is running in background.

@@ianthehunter3532 he probably has MS office or whatever its new rebranded name is. I don't have it, long time LibreOffice works well for me

to begin with, you don't need to unplug anything if you have a configured firewall. The second thing: this is not always enough to protect your computer from malware. And third: it's more rational to let your AV stay connected to database and cloud center for a better protection

I just learned to use MSFT sandbox. it should keep things neatly contained for regular users who don't trust something and I don't need special permissions from the admin unless your company policy is different then reach out to them.

@@user-od4gs3iu4tFirewalls have nothing to do with this

@@sylussquared9724 firewalls won't allow any unknown applications to send/receive anything to internet. The newly installed utility thus has to use flaws and backdoors of the system to get what is supposed to be. It's not a perfect security feature, but the general system security is made of a bunch of hardened and restricted components, and can never protect from all the risks, instead reduces the risks according to swiss cheese model

This could have the unintended effect of stopping AV cloud analysis

Avast, avira, avg all owned by norton, all terrible

yeah. No guarantee that MS defender will stay in a good shape, or will have some paid version like subscription. But the base principle is not to rely on AV active defense, instead on HIPS and other proactive features. Cloud based defense is OK for an average user I guess as well

Well, of course. Most attacks are targeted at windows because realistically speaking, most people who used that link were windows users. Probably 95% of them or even more

Isn't Microsoft Defender Enough? Why not?

@@lifeindivine check at 05:18 : it said that windows defender didn't detect the threat.