This loophole has always been in the explorer ever since. I can't believe they still haven't figured this out yet. Not completely sure about the intricacies of patching this up but surely they should know how malicious ransomwares work and should have thought about this.
Hey, so the United States users of Kaspersky will apparently be updated to something called “UltraAV” and I was wondering if we could get a review from you and maybe a malware test.
UltraAV may be credible since it’s a spinoff of Aura… is it using the Kaspersky engine..THaT is what I’m wondering. It’s why a test would be… enlightening. Kaspersky being so responsible in handing over US customers, regardless of any price paid… is sus
@@TheChillee I mean I honestly don't know the issue, I ran Kaspersky on a VM for months logging every single network package to see if it would spy or send out suspicious activities and it did nothing out of the ordinary, I even tried to trick it and created fake sensitive data to see if it would upload it, and it didn't. I even faked my location and made it seem like I was located close to a 3 letter agency but still nothing.
I heard loads of chat online that Windows Defender is enough without the need to buy another AV solution. Your videos really prove that to be quite untrue. Very grateful for your videos.
Only marginally smarter than those who keep saying, always in a patronizing manner too, that you only need "common sense" and nothing else. Maybe I'm paranoid, but I can't help but think that those people might be engaging in social engineering. The more people you convince that they don't need protection, the more potential victims.
Defender *could* be enough for the average home user if configured properly (group policies, VBS, controlled folder access and etc.), but again we're talking about the normal user who most likely doesn't even check if they're downloading said software from the original site or clicks 'Yes' on every UAC prompt just so it can stop bothering them.
Just use common sense. Try not to be paranoid downloading more security software for your computer. It will just bloat your PC and slows it down than a Typical Virus would. It's ironic too. No security software is perfect.
Sadly when you have controlled folder access and microsoft smart screen turned on they regularly flag microsoft apps, process'es, and etcetera! I Mean it seems to increase the false postitive rate.
@@JessicaFEREM yes but it gives you details. When your sitting there trying to update an app that's been on your computer for years and it defender suddenly starts trying to tell you it's a trojan or bundler and then immediately after that it flags it's own process'es as malware you know microsoft is playing games.
I like how people say that you dont really need an AV simply because they expect windows defender will keep them safe. No This isnt the case at all i personally prefer having an AV installed rather than relying on windows defender. Also as a person who rarely downloads stuff online this isnt an issue at all.
This reminds me of the WannaCry attack in 2017, which hit over 200,000 systems worldwide. Even the best security measures can be bypassed if hackers get creative enough.
Can't think of a way you could stop this. The only way would be to prevent process injection. That would break a LOT of other software though. And explorer isn't the only one here. Notice how you didn't get a warning when opening the pdf reader? Yeah, even if you protect Explorer, you could still spawn some other, already trusted peace of software and inject into that instead. Also, protecting Explorer would be hard since you can't run it with any of the fancy integrity features that other components can use. It's low integrity by design. Append only offsite backups, that's how you stop ransomware.
Thanks for the informative video. Would've appreciated if you had mentioned a tool that would detect this behaviour and blocked it. Do you think Malwarebyte's Ransomeware protection would've prevented this?
@@ScruffyMisguidedAndBlue You are correct; the video doesn't say Defender is bad, but it is implied. In any case, if in reality no other antimalware or antivirus could stop the malware used in this video, how should those using Defender respond to this test? Switch to another anti-malware/ anti-virus?
@@tsuketsu9889 Did he test it with this specific situation in mind? Or was it just in a general sense? I'm all for saying you need an AV, but the lets be real, if you aren't going to show examples and test with every alternative while providing documentations, then don't be surprised no one wants to take it seriously.
Dang Leo... why you do this 🤣 i want to cancel my kaspersky subscription to save some money, but you always launch these videos that makes me be sure to keep paying for a good antivirus.
@@runnergo1398 yes, the reason is that they are paranoid XD but i dont live in the US, i like Kaspersky, i know they have a good product, and the cleaning features that they have is better than bitdefender, and because of that i prefer
@@runnergo1398 yes, because USA is very much afraid because is a Russian company, and US do the same to spy on other countries XD but i don't live in the US, and i know Kaspersky is a very good anti-virus like shown in this channel many times, even better cleaning capabilities than bitdefender, what makes me prefer kaspersky a lot more.
Since win XP, I rely on pro active malware protection. It's not 100% secure, but I've managed to avoid all serious threats. Someday, they will get me. But not today, not while I do a little bit more - like using virustotal or watching your channel.
Is this second-layer Ransomware protection similar to Avast Free's Ransomware protection? So Avast Free's Ransomware protection is also weak on processes that may appear legitimate? Or does behavioral protection work better with Avast Free's second-layer Ransomware protection?
Wow. I had relied on Controlled Folder Access to serve as a "reasonable" protection for things Defender wouldn't block. So much for that. *sigh* Thanks for the video!
As always, the best protection is a good backup. OneDrive or any cloud storage is a good idea, and even better if you have a local NAS / fileserver you can sync to and from of.
@@MaximeDeClercq We actually do have a local NAS but can't use it for backups, due to a software issue on the NAS, itself. *sigh* We also use OneDrive but given how OneDrive works, as soon as a file gets encrypted, it would be uploaded to Microsoft's server. What I'll have to check is whether or not file versioning is working. That would be our saving grace.
I wonder... Does the ransomware encrypt only the user folders? Or looks for files in different folders in different drives not associated with the windows user folders??
I created it, so im gonna answer this real quick: "%USERPROFILE%\Desktop" "%USERPROFILE%\Documents" "%USERPROFILE%\Pictures" "%USERPROFILE%\Music" "%USERPROFILE%\Videos" "%USERPROFILE%\Downloads" are the folders that are encrypted before anything else. then the rest on the C drive. Specific formats only, by the way.
Please test it again with DefenderUI on Aggressive Profile. Windows Defender can very likely do better. A few Months ago you already made a Video about Ransomware vs Defender and u used DefenderUI and had a 100% Detection Rate.
Microsoft said ALL this was supposed to be fixed, because Microsoft was going to re-code the entire windows operating system in RUST Language. Because as they put it, RUST has a specific mechanic within its language called Ownership, which basically in laymen terms supposed to prevent files and folders from being manipulated, specially Windows operating system as a whole and every part within the operating system, without express permission from the actual user aka owner of the computer. Microsoft said it is supposed to make Windows more secured. They also mentioned that the first re-coding was intended to be the firewall and defender. We are still waiting for that.
Nothing surprising here.. With ransomware, the focus should be recovery rather than prevention (not that you should neglect it of course). Layers of backups is the way to go: 1. A frequent and quick online backup of your most used/important files - The "oopsie, I was testing a script and I accidentally deleted this super important directory" saver 2. A slightly less frequent online full system backup - The classic "there were obvious signs but I ignored them" drive failure saver 3. A/multiple physical (different locations in case of disaster) full system offline backups - The "waste of time" (hopefully) Of course, all of them are reasonnably tested, recovery procedure included. Layers can be added or removed depending on how much you care.. But at least always have an offline backup of your most imporant files!
2:35 so what's stopping sm1 from running it from trustedinstaller child process and fucking up system files as well (im not sure if it's called child process)
Good one, but what if in the protected folders the user puts also the C:\windows ? in that case i think you won't be able to call the explorer.exe and start the process
i got tired of paying for AV but what sucks is the free software that "enhances" defender always breaks defender for me, i find it turned off or not able to finish a scan.
And this is why I say that windows defender isn't good enough and using an 3rd party antivirus is better. One mis click and your files could be encrypted. Like in the video with the unknown ransomware, bitdefener and sophos stopped the encryption despite it not being known. Not to mention malware can just straight up disable windows defender. But 3rd party antiviruses see that malware is trying to disable it. The anti virus is like: "Uh no, what the heck are you doing, get out of here"
only if you allow to run some unknown untrustworthy apps using admin account, like shown in the video. Otherwise you will be asked multiple times. If you use DefenderUI and configure a good enough cloud scan, and zero trust, then most likely you will have not less than 60 seconds to stop the task, or by that time it might be already marked as a threat. So Defender is not that bad
@@ТоварищКамрадовСоциалистКоммунHowever you have to remember that exploits exist and UAC can be exploited and bypassed. Also remember the average user isn’t going to do the most highest security practices. Most people run on their admin account anyway, and those that don’t, well what’s stopping them from just putting in their admin password anyway when a program needs it and completely ignoring common sense.
@@TheawesomeMCB completely ignoring common sense is exactly the reason. These people trade their privacy, and also pay money for a program that may save them from their mistakes
@@ТоварищКамрадовСоциалистКоммун Isn’t that like car insurance? You can be a perfect driver and accidentally get in an accident that was your fault. Even the most advanced most common sense techs make mistakes sometimes. And not all 3rd party anti viruses cost money. Yeah there is paid plans for them. But in most cases they are WAY better than Windows Defender.
@@TheawesomeMCB to begin with, no AV make an official insurance that your data will be preserved. They don't guarantee that you and only you will have access to them. A good guarantee to preserve your data is to make regular backups. Which has little to do with any modern AV companies. Data preservation is much better realized using some server backup running under linux or BSD. And the data will much less likely leak as well. It looks more like paying for protection (wild west style lol)
Been a while since I last tried it. it often allowed too many things giving me no alerts, and denied too many other things. I understand why explorer would be whitelisted, but at the same time I wish it disallowed any changes until it was approved. Perhaps it could be good if you can approve specific applications, and after logging off or restarting Windows, it will forget them?
i wonder if a solution could be that modifying the files under cfa would require a password or a windows hello thing so if you ran a ransomware the user can just choose to deny the access request
Is it a case of Microsoft trusting that people buy into OneDrive so that the files can be recovered using their ransomware recovery tool? They can turn around then and say well you didn’t enable this feature so no restore for you
Fine for malware detection mostly, but not very good at blocking dangerous websites, and against ransomware and other threats through behavioral monitoring.
there is only 1 good protection against data encryption. It's a second (for example, your old) PC running linux as a data server which store your backed up data. It will also help you to restore your data if some other, including technical malfunctions would appear. Everything else is a compromise. Don't make mistakes of trusting any, even the best AV or security packs. If you are using Defender, the main rule is using non admin account for non admin task, setting UAC to the high enough alert level, and desirably using DefenderUI or similar utility to improve your protection. And yeah, of course. Since you have a linux PC, the most important business should be done from it ) Use your Windows PC as a disposal material, since you would be able to restore it any moment you like )
just an example, all these cost me literally 0 dollars. Just some efforts to install linux to my old laptop, and I use old HDD disks 1-2 TB for these backups
it's not complex at all. You need just to install linux, and pick a method of sharing a volume or a folder. All took me no more than half a day, including several hours of finding a distro which included proprietary wifi drivers. If your PC is a desktop pc, or has a non -proprietary drivers, it could be even faster. And since that time linux just simply WORKS. It doesn't show some lame errors, or crashes. Updates run smoothly. Critical updates are rare. So as a summary it requires much less investment (time, efforts) than windows platform. A capable sysadmin is all required to stay secure. And it's a much better long term investment in a personal sysadmin skills than having "fun" with windows. You might be right that most users just remain windows users, because you know people are lazy, and it's kind of normal
normally every windows file has microsoft signature, if win defender allowed it based on the name it's very stupid, if the ransomware add that signature that means it's very smart
you just shouldn't use admin account for daily tasks. And make sure you set UAC to a high enough alert level. Finally if you still have a plan to allow unsigned app to run on your PC, make sure you got a good cloud scan and zero trust, this can be easily configured using DefenderUI or similar utilities
@@jibberjabber6919 I did, admin rights does not disable uac/smart screen prompts, an exe needs to be signed to not trigger the prompt. Or you have to specifically disable it in settings/registry. Atleast tell me where he said that info, maybe I did not caught it
Shouldn’t customers expect a product to protect all folder location. Why should you need to tell a product which folders you want protection on? When you buy alarm monitoring, you don’t tell them to monitor the front door and not to worry about the back door. You expect them to monitor the whole system.
With them and dropbox/googleDrive/etc you can undelete the files, or roll back the files (depending what the ransomware did), after of course logging out of the app so it doesen't re-do it whilst you're fixing other things.
Windows Defender is the most widely distributed protection software, so it makes sense that hackers would target it. It's the same reason Windows is the most targeted OS. If BitDefender or Linux were the most used protection software and OS, then they would be the most targeted by hackers. It's simple math, they go after the software with the largest user base, because it means more potential victims.
@@wildbill4496 It’s the most widely distributed protection simply because it’s pre-installed in Windows. Aka you’re FORCED to use it. Use your brain if you have one
What I don't understand is how do people manage to download these. Edge and windows defender does a great job blocking shady websites, a simple adblocker stops almost every ad that would take you to a shady website and edge does a great job at flagging and blocking untrustworthy files either .exe, archives or pdf files. Like for example I tried downloading a pdf and a password protected .rar file I sent to myself via WeTransfer from a pc to another and edge flagged it as unsafe to open and would warn me it could be malware. Like how do people manage to get these by accident?
I feel like MS is in bed with a lot of AV companies because if they created an AV that had high detection, those companies would fold. To be fair, when MS developers don't close loopholes in the code, this can happen as well. Maybe they should start from scratch with a 5 year project to create an entirely new OS.
I run fedora gnome. other than clamtk (which is unmaintained now ig) how to protect my pc from these !? ofc, own caution can only protect me somewhat but other than that, any specialized software is there per se for protection!?
1. Clam does not protect your Fedora. It protects other PCs in case you use your Fedora as a file or mail server 2. Nope, you don't need to install any AV. Fedora as any linux doesn't require any ) 3. Sure you can increase the overall security, but this depends on the role of this PC. IF you use it as a desktop, all standard advises apply to any platform, which include: 3.1. secure DNS 3.2. Configured firewall 3.3. Hardened browser (firefox based, with uBO, "noscript", turned off telemetry etc) 3.4. Password manager 3.5. Configured AppArmor (Flatseal etc depending on repo) ^^^^^ looks like that's it ) there are of course bazillion of minor advises how to improve even further, but this should be enough )
@@ТоварищКамрадовСоциалистКоммун how can we say linux doesn't require any !? think about it, linux doesn't have any protection per se, unlike win AVs, so as an attacker if I wanted to even target the 4% of the users (cuz you have to mostly be a nerd to daily drive linux), there can be 2 possibilities, 1 social engineering failed successfully nerd safe, 2 vice versa. if second is the case (since a lot of newbies like me are entering linux), whats the best course of action other than formatting out pc !? problem is security should be proactive, and since everyone has their guard down because "Fedora as any linux doesn't require any" I believe, linux desktop users become an enticing target to the attackers out there who just want to watch the world burn.
@@ТоварищКамрадовСоциалистКоммун how can we say linux doesn't require any!? think about it, linux doesn't have any protection per se, unlike win AVs, so as an attacker if I wanted to even target the 4% of the users (cuz you have to mostly be a nerd to daily drive linux), there can be 2 possibilities, 1 social engineering failed successfully nerd safe, 2 vice versa. if second is the case (since a lot of newbies like me are entering linux), whats the best course of action other than formatting out pc !? problem is security should be proactive, and since everyone has their guard down because "Fedora as any linux doesn't require any" I believe, linux desktop users become an enticing target to the attackers out there who just want to watch the world burn.
@@0x4C3DD linux doesn't require AV protection. Which doesn't mean that it does not require any protection at all. Its protection utilities are mostly preinstalled and preconfigured, but as always everyone has its own needs and requirements which should be addressed by individual configuration. Its defense is actually proactive, cause it's based on minimal privilege principle. Social engineering targets on human, PC is secondary. So the only way to reduce success rate of this attack is an education and learning
What if I am already so hacked from exactly what you just explained? I’ve not been able to stop it for 6 yrs other than a day or two at a time. He has stolen over $16,000 from me and sold my id 14 times on dark web. Microsoft won’t help me at all.
as before, M$ defender can be recommended with the following options: 1. Non admin account for non admin tasks 2. UAC to the max 3. DefenderUI to improve the security, especially zero trust and more time for cloud scan
@@csongorszecska 1. Firewall is always a good recommendation. However ) I once had a small statistics, there were two posts near each other, my where I suggested firewall, and from another person who made a reply post to me and said that configuring a firewall is a complicated task. And this post get 10 times more likes than mine ) I don't make a conclusion that people who visit YT aren't capable to make a simple task like configuring firewall ) No, of course every one is individual. But since that time I try to give advises about firewall only if people ask how to improve security, and like this ) 2.The same applies to utilities like HIPS. People are probably too lazy to make their own informed decision ) 3. They ignore advises like backups, and consider that AV will save them, how is it possible to help them? It's not possible
Good video all the idiots that always say: "You don't need an AV. Windows Defender is good enough as long as you don't browse sketchy websites or download and run sketchy files".
How can malicious code run as admin if admin account has a password? Windows is certainly not the most secure OS out there. Never have been and will probably never be.
That helps you encrypt your files yourself. You need to unlock it when you want to use it, and have to lock/eject afterwords to protect your files. As for protection from ransomware etc, when locked it can't edit your files but at worst case it could just format the drive since it can't access it of course.
This does not surprise me at all, there is nothing that is not protected in computers anymore, because all files can be controlled in one way or another because people know here these things work, and personally I think there is only one way that no one has ever done to protect software/hardware atleast not for most end users, maybe some higher security sectors do things like I am thinking but nothing for the everyday user, which in todays world I think is just ridiculous, because people are now stealing very important data that should never be accessible or usable by these disgusting entities doing these things.
People going "See! Defender isn't good enough" is so cringe to me, like they completely missed the part of the video where no anti-malware service could detect the file as malicious. AVs are supposed to protect you from old and known viruses, while common sense is supposed to defend against new ones. Windows Defender plays that role perfectly, and you don't have to install other free "AVs" adware. That's how computers have always worked and will continue to
@@NikolasTheCuber aannndd that confidence is what gets people infected. It's too likely behavioral detection won't detect new ones. You should never assume it will
Loads of morons hating on MS Defender all of a sudden here. Defender actually does a reasonable job. It just fails at this particular ransomware at this moment in time. The weakest link is always the user. The best protection against ransomware is awareness of the possible attack vectors and not having important data on your system just sitting there that can be encrypted in the first place.
If you're that butthurt over people hating on Windows Defender, I can only imagine what you got to say about people hating on the entirety of Windows, or to take it to the next level...hating on Microsoft. 😂
Happy to see my sample :D
Russianovisky Haxor
so, i have a question about my pc :(
nice work dude
I'm Crow, wanted to see it for a while, seems like a nice sample
Making fud is not hard.
This loophole has always been in the explorer ever since. I can't believe they still haven't figured this out yet. Not completely sure about the intricacies of patching this up but surely they should know how malicious ransomwares work and should have thought about this.
they leave these loophole to get data from normal people
I mean CFA is for preventing "changes" to files. if it's just for it to "get data" then nothing needs to change and it doesn't need to be whitelisted.
@@joshimahan7497 wouldn't surprise me if this was true ngl
Hey, so the United States users of Kaspersky will apparently be updated to something called “UltraAV” and I was wondering if we could get a review from you and maybe a malware test.
ultraAV sounds like some generic crap. You can still use Kaspersky with ease, jut buy a reseller key
UltraAV may be credible since it’s a spinoff of Aura… is it using the Kaspersky engine..THaT is what I’m wondering. It’s why a test would be… enlightening. Kaspersky being so responsible in handing over US customers, regardless of any price paid… is sus
@@TheChillee I mean I honestly don't know the issue, I ran Kaspersky on a VM for months logging every single network package to see if it would spy or send out suspicious activities and it did nothing out of the ordinary, I even tried to trick it and created fake sensitive data to see if it would upload it, and it didn't. I even faked my location and made it seem like I was located close to a 3 letter agency but still nothing.
@@TheChillee exactly what I was thinking man.
@@Light-uw5esthat's because Kaspersky doesn't do any such thing. I have done the same experiment with Wireshark in the past
I heard loads of chat online that Windows Defender is enough without the need to buy another AV solution. Your videos really prove that to be quite untrue. Very grateful for your videos.
Only marginally smarter than those who keep saying, always in a patronizing manner too, that you only need "common sense" and nothing else.
Maybe I'm paranoid, but I can't help but think that those people might be engaging in social engineering. The more people you convince that they don't need protection, the more potential victims.
Defender *could* be enough for the average home user if configured properly (group policies, VBS, controlled folder access and etc.), but again we're talking about the normal user who most likely doesn't even check if they're downloading said software from the original site or clicks 'Yes' on every UAC prompt just so it can stop bothering them.
Just use common sense. Try not to be paranoid downloading more security software for your computer. It will just bloat your PC and slows it down than a Typical Virus would. It's ironic too. No security software is perfect.
Ok then what do you recommend? If you're pointing out a problem, Then offer a solution because you're no better than others when trying to gloat.
Don't be surprised that the people who makes the viruses are the same people who make the AV's.
Living off the land baby! Not surprised at all.
Sadly when you have controlled folder access and microsoft smart screen turned on they regularly flag microsoft apps, process'es, and etcetera! I Mean it seems to increase the false postitive rate.
Yep. Word gets blocked with no problem. Ransomware, on the other hand... I mean how bad could THAT be. *sigh*
that's because it blocks every app until you allow them
@@JessicaFEREM yes but it gives you details. When your sitting there trying to update an app that's been on your computer for years and it defender suddenly starts trying to tell you it's a trojan or bundler and then immediately after that it flags it's own process'es as malware you know microsoft is playing games.
Trust no one, not even yourself.
I like how people say that you dont really need an AV simply because they expect windows defender will keep them safe. No This isnt the case at all i personally prefer having an AV installed rather than relying on windows defender. Also as a person who rarely downloads stuff online this isnt an issue at all.
Thanks very much, Leo. I don't get a chance to say it enough. Your analysis of these products is always helpful to me. Keep it up!
This reminds me of the WannaCry attack in 2017, which hit over 200,000 systems worldwide. Even the best security measures can be bypassed if hackers get creative enough.
Great video Leo!
Can't think of a way you could stop this. The only way would be to prevent process injection. That would break a LOT of other software though. And explorer isn't the only one here. Notice how you didn't get a warning when opening the pdf reader? Yeah, even if you protect Explorer, you could still spawn some other, already trusted peace of software and inject into that instead. Also, protecting Explorer would be hard since you can't run it with any of the fancy integrity features that other components can use. It's low integrity by design. Append only offsite backups, that's how you stop ransomware.
Just send this video to M$ and hopefully they can patch things.
Microsoft as usual...
I reiterate the old addage: the day Microsoft no longer makes products that suck, is when they start selling vacuums
Underrated humor ;)
well said my friend well said.
But their products suck, like a vacuum, if they don't suck, why would they start selling products that also suck???
@@benwilkins2781 don't be that guy in real life.
@@benwilkins2781 - their vacuum wouldn’t suck (things in), because their products are not good …
Cool Video. Thanks Leo. The problem with this bug is i'm sure if they fix it they are going to break a lot of legitimate applications.
Hey whens the ransomware vs Kaspersky video coming?
you da real merican.
only American spyware is allowed and approved
🤣
@@ТоварищКамрадовСоциалистКоммун But it's *our* spyware.
oh yeah it's full of democracy as well as diversity, equity, and inclusion
@@ТоварищКамрадовСоциалистКоммун Yeah but it's *our* spyw*re.
@@ТоварищКамрадовСоциалистКоммун Yeah but it's *our* ***ware.
Thanks for the informative video. Would've appreciated if you had mentioned a tool that would detect this behaviour and blocked it. Do you think Malwarebyte's Ransomeware protection would've prevented this?
The problem with this test is that you can't conclude Windows Defender is bad without showing that another antivirus/ antimalware does better.
The video doesn't say it is bad, it is just stating it can be circumvented.
There is literal video proof of him testing bitdefender which actually restored files
Kaspersky would have been great if it was not banned in the United States
@@ScruffyMisguidedAndBlue You are correct; the video doesn't say Defender is bad, but it is implied.
In any case, if in reality no other antimalware or antivirus could stop the malware used in this video, how should those using Defender respond to this test? Switch to another anti-malware/ anti-virus?
@@tsuketsu9889 Did he test it with this specific situation in mind? Or was it just in a general sense? I'm all for saying you need an AV, but the lets be real, if you aren't going to show examples and test with every alternative while providing documentations, then don't be surprised no one wants to take it seriously.
This one took me by surprise.
And my fear grows bigger and bigger
Thanks a lot for this educational video. 🙏🙏
Dang Leo... why you do this 🤣 i want to cancel my kaspersky subscription to save some money, but you always launch these videos that makes me be sure to keep paying for a good antivirus.
There's a reason why the US government is banning Kaspersky. Maybe you should look into that.
@@runnergo1398 yes, the reason is that they are paranoid XD but i dont live in the US, i like Kaspersky, i know they have a good product, and the cleaning features that they have is better than bitdefender, and because of that i prefer
Em he did once show Bitdefender free has an amazing behaviour analysis block, so why are you paying money? Also he did review free antivirus.
@@runnergo1398 yes, because USA is very much afraid because is a Russian company, and US do the same to spy on other countries XD
but i don't live in the US, and i know Kaspersky is a very good anti-virus like shown in this channel many times, even better cleaning capabilities than bitdefender, what makes me prefer kaspersky a lot more.
@TheShugoBR didn't he showcased malwarebytes a while ago, I believe it's free, though it has more false positive
I remember when DCS stood for Doesn't Catch Shit. When did that change?
DCS stands for Digital Combat Simulator
@@AmazoneProfihopper wrong situation. We're talking about Microsoft DCS.
Are you talking about windows defender or defender for endpoint? Precision in speech matters.
they're the same
Awesome Thank you for Sharing 💯✴
Since win XP, I rely on pro active malware protection. It's not 100% secure, but I've managed to avoid all serious threats. Someday, they will get me. But not today, not while I do a little bit more - like using virustotal or watching your channel.
if you mean zero trust, this is the best choice for any advance user
Is this second-layer Ransomware protection similar to Avast Free's Ransomware protection? So Avast Free's Ransomware protection is also weak on processes that may appear legitimate? Or does behavioral protection work better with Avast Free's second-layer Ransomware protection?
Wow. I had relied on Controlled Folder Access to serve as a "reasonable" protection for things Defender wouldn't block. So much for that. *sigh* Thanks for the video!
As always, the best protection is a good backup.
OneDrive or any cloud storage is a good idea, and even better if you have a local NAS / fileserver you can sync to and from of.
@@MaximeDeClercq We actually do have a local NAS but can't use it for backups, due to a software issue on the NAS, itself. *sigh* We also use OneDrive but given how OneDrive works, as soon as a file gets encrypted, it would be uploaded to Microsoft's server. What I'll have to check is whether or not file versioning is working. That would be our saving grace.
@@TheCocoaDaddy I use a bootable drive with EaseUs Todo Backups to an external drive. The easiest tool I've used personally
I wonder... Does the ransomware encrypt only the user folders? Or looks for files in different folders in different drives not associated with the windows user folders??
I created it, so im gonna answer this real quick:
"%USERPROFILE%\Desktop"
"%USERPROFILE%\Documents"
"%USERPROFILE%\Pictures"
"%USERPROFILE%\Music"
"%USERPROFILE%\Videos"
"%USERPROFILE%\Downloads"
are the folders that are encrypted before anything else. then the rest on the C drive. Specific formats only, by the way.
How does Bitdefender Free cope with this? Also using Defender I to tighten security further, would that help?
Please test it again with DefenderUI on Aggressive Profile. Windows Defender can very likely do better. A few Months ago you already made a Video about Ransomware vs Defender and u used DefenderUI and had a 100% Detection Rate.
Microsoft said ALL this was supposed to be fixed, because Microsoft was going to re-code the entire windows operating system in RUST Language.
Because as they put it, RUST has a specific mechanic within its language called Ownership, which basically in laymen terms supposed to prevent files and folders
from being manipulated, specially Windows operating system as a whole and every part within the operating system, without express permission from the actual user aka owner of the computer. Microsoft said it is supposed to make Windows more secured. They also mentioned that the first re-coding was intended to be the firewall and defender.
We are still waiting for that.
When was this vulnerability discovered?
Nothing surprising here.. With ransomware, the focus should be recovery rather than prevention (not that you should neglect it of course). Layers of backups is the way to go:
1. A frequent and quick online backup of your most used/important files - The "oopsie, I was testing a script and I accidentally deleted this super important directory" saver
2. A slightly less frequent online full system backup - The classic "there were obvious signs but I ignored them" drive failure saver
3. A/multiple physical (different locations in case of disaster) full system offline backups - The "waste of time" (hopefully)
Of course, all of them are reasonnably tested, recovery procedure included. Layers can be added or removed depending on how much you care..
But at least always have an offline backup of your most imporant files!
2:35 so what's stopping sm1 from running it from trustedinstaller child process and fucking up system files as well (im not sure if it's called child process)
test this with Emsisoft Enterprise Security
I was expecting 0 protection from defender so I am glad I was not wrong
Why can't Windows defender block all incoming traffic unless is was originally from the pc?
Good one, but what if in the protected folders the user puts also the C:\windows ? in that case i think you won't be able to call the explorer.exe and start the process
i got tired of paying for AV but what sucks is the free software that "enhances" defender always breaks defender for me, i find it turned off or not able to finish a scan.
Have you tried DefenderUI?
How would Defender for Endpoint fare? With shown policies
It always seems to react after the event.
That is how pretty much all computer security has developed over the years.
why does Windows firewall has stuff in the incoming section ????
And this is why I say that windows defender isn't good enough and using an 3rd party antivirus is better. One mis click and your files could be encrypted. Like in the video with the unknown ransomware, bitdefener and sophos stopped the encryption despite it not being known. Not to mention malware can just straight up disable windows defender. But 3rd party antiviruses see that malware is trying to disable it. The anti virus is like: "Uh no, what the heck are you doing, get out of here"
only if you allow to run some unknown untrustworthy apps using admin account, like shown in the video. Otherwise you will be asked multiple times. If you use DefenderUI and configure a good enough cloud scan, and zero trust, then most likely you will have not less than 60 seconds to stop the task, or by that time it might be already marked as a threat.
So Defender is not that bad
@@ТоварищКамрадовСоциалистКоммунHowever you have to remember that exploits exist and UAC can be exploited and bypassed. Also remember the average user isn’t going to do the most highest security practices. Most people run on their admin account anyway, and those that don’t, well what’s stopping them from just putting in their admin password anyway when a program needs it and completely ignoring common sense.
@@TheawesomeMCB completely ignoring common sense is exactly the reason. These people trade their privacy, and also pay money for a program that may save them from their mistakes
@@ТоварищКамрадовСоциалистКоммун Isn’t that like car insurance? You can be a perfect driver and accidentally get in an accident that was your fault. Even the most advanced most common sense techs make mistakes sometimes. And not all 3rd party anti viruses cost money. Yeah there is paid plans for them. But in most cases they are WAY better than Windows Defender.
@@TheawesomeMCB to begin with, no AV make an official insurance that your data will be preserved. They don't guarantee that you and only you will have access to them.
A good guarantee to preserve your data is to make regular backups. Which has little to do with any modern AV companies.
Data preservation is much better realized using some server backup running under linux or BSD. And the data will much less likely leak as well.
It looks more like paying for protection (wild west style lol)
Been a while since I last tried it. it often allowed too many things giving me no alerts, and denied too many other things.
I understand why explorer would be whitelisted, but at the same time I wish it disallowed any changes until it was approved.
Perhaps it could be good if you can approve specific applications, and after logging off or restarting Windows, it will forget them?
i wonder if a solution could be that modifying the files under cfa would require a password or a windows hello thing so if you ran a ransomware the user can just choose to deny the access request
wasn't the memory integrity feature supposed to block tampering with core apps of windows?
Whats the best AV besides kaspersky
Common sense
Bitdefender could be one of them
@@UmVtCg knew this comment was coming lol
@@nelsone.hernandez6654 thanks
@@UmVtCgnope
Is it a case of Microsoft trusting that people buy into OneDrive so that the files can be recovered using their ransomware recovery tool?
They can turn around then and say well you didn’t enable this feature so no restore for you
What happens when you have the ASR rule "Advanced Ransomware Protection" enabled?
still no guarantee. The best protection is data backup
@@ТоварищКамрадовСоциалистКоммунOf course. But it would be nice to see the result with this setting enabled.
Fine for malware detection mostly, but not very good at blocking dangerous websites, and against ransomware and other threats through behavioral monitoring.
Would love to see malware analysis of this file.
there is only 1 good protection against data encryption. It's a second (for example, your old) PC running linux as a data server which store your backed up data.
It will also help you to restore your data if some other, including technical malfunctions would appear.
Everything else is a compromise.
Don't make mistakes of trusting any, even the best AV or security packs.
If you are using Defender, the main rule is using non admin account for non admin task, setting UAC to the high enough alert level, and desirably using DefenderUI or similar utility to improve your protection.
And yeah, of course. Since you have a linux PC, the most important business should be done from it )
Use your Windows PC as a disposal material, since you would be able to restore it any moment you like )
just an example, all these cost me literally 0 dollars. Just some efforts to install linux to my old laptop, and I use old HDD disks 1-2 TB for these backups
will never be done by your average user. too complicated, too cumbersome. Also there are now plenty of malware examples for *nix and Apple ;)
it's not complex at all. You need just to install linux, and pick a method of sharing a volume or a folder. All took me no more than half a day, including several hours of finding a distro which included proprietary wifi drivers. If your PC is a desktop pc, or has a non -proprietary drivers, it could be even faster. And since that time linux just simply WORKS. It doesn't show some lame errors, or crashes. Updates run smoothly. Critical updates are rare.
So as a summary it requires much less investment (time, efforts) than windows platform.
A capable sysadmin is all required to stay secure. And it's a much better long term investment in a personal sysadmin skills than having "fun" with windows.
You might be right that most users just remain windows users, because you know people are lazy, and it's kind of normal
normally every windows file has microsoft signature, if win defender allowed it based on the name it's very stupid, if the ransomware add that signature that means it's very smart
you just shouldn't use admin account for daily tasks. And make sure you set UAC to a high enough alert level. Finally if you still have a plan to allow unsigned app to run on your PC, make sure you got a good cloud scan and zero trust, this can be easily configured using DefenderUI or similar utilities
Do multiple vm s for a different task would make it safer?
In terms of isolating them yes (getting a virus would only effect that one vm etc) but of course make sure they can't connect to each other.
Why is there no uac popup? Or atleast a popup that the file may not be secure due to no legal certificate?
Or is that exe signed?
you clearly didn't watch the whole video
@@jibberjabber6919 I did, admin rights does not disable uac/smart screen prompts, an exe needs to be signed to not trigger the prompt. Or you have to specifically disable it in settings/registry.
Atleast tell me where he said that info, maybe I did not caught it
Shouldn’t customers expect a product to protect all folder location. Why should you need to tell a product which folders you want protection on? When you buy alarm monitoring, you don’t tell them to monitor the front door and not to worry about the back door. You expect them to monitor the whole system.
Exactly why I still never really trust defender that much.
"Defender is good enough"
Yeah right.
that's what reddit loves to tell people
Provide an alternative or shut up, honestly. You're no better than the clout chasers at that point.
Does ransomware usually only encrypt files on C: or also on the other internal drives?
I would assume it looks on every drive, locally and on the network and not just C: drive.
please review of Quick Heal Total security
So if you have OneDrive backing up files how robust is that for file recovery? 🙂🤷♂️
With them and dropbox/googleDrive/etc you can undelete the files, or roll back the files (depending what the ransomware did), after of course logging out of the app so it doesen't re-do it whilst you're fixing other things.
It shocked me only partially
And everyone and their grandma still saying defender is enough. Yeah, enough to get you hacked lmao
100% this.
Reddit will literally call you an idiot if you tell them to use Bitdefender, or Kaspersky Free instead of Windows Defender.
Windows Defender is the most widely distributed protection software, so it makes sense that hackers would target it. It's the same reason Windows is the most targeted OS. If BitDefender or Linux were the most used protection software and OS, then they would be the most targeted by hackers. It's simple math, they go after the software with the largest user base, because it means more potential victims.
@@wildbill4496 It’s the most widely distributed protection simply because it’s pre-installed in Windows. Aka you’re FORCED to use it. Use your brain if you have one
What I don't understand is how do people manage to download these. Edge and windows defender does a great job blocking shady websites, a simple adblocker stops almost every ad that would take you to a shady website and edge does a great job at flagging and blocking untrustworthy files either .exe, archives or pdf files. Like for example I tried downloading a pdf and a password protected .rar file I sent to myself via WeTransfer from a pc to another and edge flagged it as unsafe to open and would warn me it could be malware. Like how do people manage to get these by accident?
@@wildbill4496 Maybe because it’s installed by default meaning you’re forced to use it? lol?
what if you submit your sample and retest after a few days?
this doesn't help in real life scenarios
What to use then?
Please test this with Hardened Defender.
I feel like MS is in bed with a lot of AV companies because if they created an AV that had high detection, those companies would fold. To be fair, when MS developers don't close loopholes in the code, this can happen as well. Maybe they should start from scratch with a 5 year project to create an entirely new OS.
An entirely new OS comparable to Windows in just 5 years? Good luck. No company can do that and especially not Microsoft.
Same test with bitdefender protected folder
The worst deadliest ransomware I've ever encountered is made by Adobe, all of it 😡
hey how about try to use UI Defender, i heard that app can unlock hidden feature of windef
I tried that yesterday, the ransomware got detected however only after already encrypting lots of files.
I run fedora gnome. other than clamtk (which is unmaintained now ig) how to protect my pc from these !? ofc, own caution can only protect me somewhat but other than that, any specialized software is there per se for protection!?
1. Clam does not protect your Fedora. It protects other PCs in case you use your Fedora as a file or mail server
2. Nope, you don't need to install any AV. Fedora as any linux doesn't require any )
3. Sure you can increase the overall security, but this depends on the role of this PC. IF you use it as a desktop, all standard advises apply to any platform, which include:
3.1. secure DNS
3.2. Configured firewall
3.3. Hardened browser (firefox based, with uBO, "noscript", turned off telemetry etc)
3.4. Password manager
3.5. Configured AppArmor (Flatseal etc depending on repo)
^^^^^
looks like that's it ) there are of course bazillion of minor advises how to improve even further, but this should be enough )
@@ТоварищКамрадовСоциалистКоммун how can we say linux doesn't require any !? think about it, linux doesn't have any protection per se, unlike win AVs, so as an attacker if I wanted to even target the 4% of the users (cuz you have to mostly be a nerd to daily drive linux), there can be 2 possibilities, 1 social engineering failed successfully nerd safe, 2 vice versa. if second is the case (since a lot of newbies like me are entering linux), whats the best course of action other than formatting out pc !?
problem is security should be proactive, and since everyone has their guard down because "Fedora as any linux doesn't require any" I believe, linux desktop users become an enticing target to the attackers out there who just want to watch the world burn.
@@ТоварищКамрадовСоциалистКоммун how can we say linux doesn't require any!? think about it, linux doesn't have any protection per se, unlike win AVs, so as an attacker if I wanted to even target the 4% of the users (cuz you have to mostly be a nerd to daily drive linux), there can be 2 possibilities, 1 social engineering failed successfully nerd safe, 2 vice versa. if second is the case (since a lot of newbies like me are entering linux), whats the best course of action other than formatting out pc !? problem is security should be proactive, and since everyone has their guard down because "Fedora as any linux doesn't require any" I believe, linux desktop users become an enticing target to the attackers out there who just want to watch the world burn.
@@0x4C3DD linux doesn't require AV protection. Which doesn't mean that it does not require any protection at all. Its protection utilities are mostly preinstalled and preconfigured, but as always everyone has its own needs and requirements which should be addressed by individual configuration.
Its defense is actually proactive, cause it's based on minimal privilege principle.
Social engineering targets on human, PC is secondary. So the only way to reduce success rate of this attack is an education and learning
What if I am already so hacked from exactly what you just explained? I’ve not been able to stop it for 6 yrs other than a day or two at a time. He has stolen over $16,000 from me and sold my id 14 times on dark web. Microsoft won’t help me at all.
Where is all of the "defender is good enough" "professionals"
as before, M$ defender can be recommended with the following options:
1. Non admin account for non admin tasks
2. UAC to the max
3. DefenderUI to improve the security, especially zero trust and more time for cloud scan
@user
At that point you are better off with a firewall or program that monitors and blocks access to resources
@@csongorszecska
1. Firewall is always a good recommendation. However )
I once had a small statistics, there were two posts near each other, my where I suggested firewall, and from another person who made a reply post to me and said that configuring a firewall is a complicated task. And this post get 10 times more likes than mine )
I don't make a conclusion that people who visit YT aren't capable to make a simple task like configuring firewall )
No, of course every one is individual. But since that time I try to give advises about firewall only if people ask how to improve security, and like this )
2.The same applies to utilities like HIPS. People are probably too lazy to make their own informed decision )
3. They ignore advises like backups, and consider that AV will save them, how is it possible to help them? It's not possible
Those "professionals" just got fired from Indonesia CERT after the hilarious Ransomware in July
Defender is good enough if you're not braindead
I trust Microsoft operating systems.
well I mean it's Defender
What in God's name is that emoji
greeting sir, can I get this ransomware to practice on
Luckily I'm using Bitdefender, are they better in this regard
Why I don't use microcooks defender, cause it's not defending anything.
can u test kasprysky
Good video all the idiots that always say: "You don't need an AV. Windows Defender is good enough as long as you don't browse sketchy websites or download and run sketchy files".
How can malicious code run as admin if admin account has a password?
Windows is certainly not the most secure OS out there. Never have been and will probably never be.
For starters!?
If you use free stuff and expect greatness…well.
what about windows bitlock?
That helps you encrypt your files yourself. You need to unlock it when you want to use it, and have to lock/eject afterwords to protect your files.
As for protection from ransomware etc, when locked it can't edit your files but at worst case it could just format the drive since it can't access it of course.
I use Kaspersky Endpoint Point Security
Putin knows everything about you now.
Me too, Great piece of software.
@@avyam7509 If you say so, "comrade."
this stuff is so nasty and scary to see working. people that make these malwares are disgusting.
Just don't be a dodgy surfer.
tanks
ZFS snapshots
Report this to Microsoft
Better off either with malwarebytes or using Linux with Malwarebytes
I would compile all my important documents and burn them into a Mini CD-R 100% ransomeware proof future bypass proof also. 😂
Why are there only 2023 likes on this video, when it's year 2024.
Let me make it right.
Always nice to see how Windows excels at sucking.
This does not surprise me at all, there is nothing that is not protected in computers anymore, because all files can be controlled in one way or another because people know here these things work, and personally I think there is only one way that no one has ever done to protect software/hardware atleast not for most end users, maybe some higher security sectors do things like I am thinking but nothing for the everyday user, which in todays world I think is just ridiculous, because people are now stealing very important data that should never be accessible or usable by these disgusting entities doing these things.
👍!
Getting "access to the site has been blocked" using your vmray link
Most people run windows on admin so it is a realistic test.
People going "See! Defender isn't good enough" is so cringe to me, like they completely missed the part of the video where no anti-malware service could detect the file as malicious.
AVs are supposed to protect you from old and known viruses, while common sense is supposed to defend against new ones. Windows Defender plays that role perfectly, and you don't have to install other free "AVs" adware. That's how computers have always worked and will continue to
other antiviruses have a feature called 'behavioral detection'. It won't detect the file in a scan, but it will detect and block it when run.
@@NikolasTheCuber aannndd that confidence is what gets people infected.
It's too likely behavioral detection won't detect new ones. You should never assume it will
@@MiyazakisPVPexperience most of the time it does, but I agree sometimes malware slips past
@@NikolasTheCuber Can't I use the same thing you just said to defend Windows Defender in this situation?
@@MiyazakisPVPexperiencewon't it depend on how many slip past in each av case. The higher the detection rate the better the av?
MicroSloth.
So.. it's a useless setting.
Loads of morons hating on MS Defender all of a sudden here. Defender actually does a reasonable job. It just fails at this particular ransomware at this moment in time. The weakest link is always the user. The best protection against ransomware is awareness of the possible attack vectors and not having important data on your system just sitting there that can be encrypted in the first place.
I hated on Defender since 2007
defender is very weak since it's birth, but if there are the correct policy in windows it become very strong
@@ghostbiker7391 post policy
If you're that butthurt over people hating on Windows Defender, I can only imagine what you got to say about people hating on the entirety of Windows, or to take it to the next level...hating on Microsoft. 😂
@@iamyourgreatgreatgreatgrea6291 average bad faith reply. accusing OP of being "butthurt" and COMPLETELY ignoring the good points they made