@ 9:30 Congrats, you all are now a computer GLENUIS

@minecrafter7850

Жыл бұрын

lol

@minecrafter7850

Жыл бұрын

*GLENUIS*

@PushyPawn

Жыл бұрын

Escellent.

@abhishekjoy469

Жыл бұрын

Can you make a video on cracked version of windows 10 and KMspico and is it a virus or not?

@Fafr

Жыл бұрын

ayy I'm a glenuis now 10:40 the proof that I am one is that I'm not clicking any linieeks, ninks and lincks

As a 35-year software developer, let me give you props on a good video. You hit the nails on the head and got good points across without diving into too much techspeak.

@taavi948

Жыл бұрын

As a 68 year old cleaner I agree

@EinChris75

Жыл бұрын

Let me agree to that as well. 30 years in the business.

@RockyPeroxide

Жыл бұрын

Us IT guys never stop learning ^^ It's why I chose this path.

@soygolpista

Жыл бұрын

Nah this guy is a corporate shill

@MGBOI2011

Жыл бұрын

But bro u are 12 year old

As I learned in college getting my cybersecurity degree: The user is the weakest link to security. You can have all the best practices and procotols in place, but even those can't prevent everything.

@writerpatrick

Жыл бұрын

Viruses can only get onto a computer when a user installs them. About every method scammers and hackers use involves getting the user to run or install something that gives them that access.

@MenelBOT

Жыл бұрын

@@writerpatrick not exactly, there existed some stuff that didn't even need the user to download anything to get infected

@edkhil

Жыл бұрын

@@writerpatrick That's wrong. There's malware that can infect computers without user interaction. Check out "zero-click" attacks. An example of a zero-click malware is Pegasus.

@BoGy1980

Жыл бұрын

That's why updates should always be run ASAR (as soon as released), because they often close the holes that zero-days are using. With Microsoft it's sadly the case that they patch AFTER it's being abused, with Linux most stuff gets fixed before it's abused because someone was overlooking the source code and found something that's exploitable. But zero days have also existed on Linux and it's software, though a lot less are abused compared to windows. Apart from these zero-days (zero day means, it's day 0 after finding the exploit in the system/software, it's not yet patched because they don't know about it yet), it's a good idea to not use an account with admin-rights if you don't exactly know what you're doing (and this means; if you don't know how to solve problems by yourself and you understand why the problem existed, googlefixing everything doesn't count). It's better to use a normal account and have the admin account only there to install updates on software or to change certain system settings. If multiple people use that computer, everyone should have a normal user account, and one person should have access to admin, so that 'accidents' are avoided, and even 'no-click' viruses get less chance to install themselves and change settings to run them at startup. My father his pc is set up that way, and he had tons of issues when he had access to admin-rights, even after that windows pop-up telling you that you're doing something with admin rights and should look out... Most non-tech people don't even know what that window means, they don't read anything, they just want access to whatever they clicked on and will OK everything without knowing what they're doing. After my dad destroyed his windows within 3 days (it booted but was laden with viruses and was very slow), I decided he should only have user access and in case something really needs admin rights, I'll just remotely take over his computer (with tools like TeamViewer) and type in the password when asked for it (of course I make sure I started the updater myself, not relying on his "this window asks for a password"-question as he's not a techie and doesn't understand the concept of updates, even after I explained it 50x). Firefox auto-updates on his machine, so does thunderbird, and I'll check monthly if other software on his machine is outdated. Since I started using these rules, things hardly went south again. No more viruses that installed themselves, no more sudden "my computer is acting strange" after he thought windows settings was just something to play with like changing volume on the TV. The only problems I now get from him, is when he wants to know 'how do I do this or that' or when some hardware fails. I try to avoid explaining stuff to him as much as possible. That's because he just doesn't want to write anything down and forgets it by the next/same day because of lack of interest from him (his excuse is that he didn't grow up with computers, though I know people 30 years older than him who learned it just fine and when I explain things to them and ask to write it down, they do so and they try it a few times when I'm gone, so they actually understand what they're doing and how to do it)

@repeekyraidcero

Жыл бұрын

In germany DAU (stupidest possible user) basically means this xD "error is sitting infront of the keyboard"

As a network security professional, I can tell you that most companies still enforce myth 1 religiously. This has the unintended consequence of people choosing weak password, re-using the same password but just incrementing any numbers that are used, or worse of all, writing them down (my favorite is the sticky on the bottom of the keyboard--no one will EVER look there!).

@mythiclys

Жыл бұрын

My school when I was younger used to enforce this all the time. It was awful, I never actually followed this guideline and stuck to one secure password. A few people did follow it and well... Quite a few trips to the technician.

@morganjohannisson2789

Жыл бұрын

Do people still stick passwords under their keyboards? I remember it was pretty common during the mid- to late nineties. I use pass-phrases a lot. Some of them are padded-cell-crazy on purpose. 🎃

@TheHellis

Жыл бұрын

We also are forced to change password every 90 days. The funny thing is that our company also encourage us to use the same password in other business softwares dor convince and so that they don't have to reset password so often. (How about that huh?) When our computer boot up most people open SAP and start typing the password just as Teams open with the last conversation. So every week we have a few who type out their [Company].55 passwords in to the last Teams conversations.

@johnduncan5117

Жыл бұрын

@@morganjohannisson2789 I still see this all the time. It's a thing. Even managers and finance people.

@waynereed5473

Жыл бұрын

As recently as two years ago I have seen security audits related to cyber insurance that ask for a password retention policy. This forces companies to keep enforcing password change policies even if the IT department responsible for security wants to follow better guidelines.

I used to maintain a website. In the website logs are the unencrypted usernames of everyone who logged in. Every once in a while someone accidently put their password where their username should go and vice versa. Of course, the server denied them access. Then a few seconds later there was another login attempt with the username and password in the correct order. The password isn't logged. By searching the logs for gibberish usernames, followed by proper usernames from the same IP address I was easily able to find several passwords a week. I reported this vulnerability to my management, but I don't know what they did about it (if anything).

@rbrucebicknell5038

Жыл бұрын

Eeek, usernames, passwords, and other things like SSNs and credit card numbers shouldn't be written to the logs at all, encrypted or otherwise. What you'll see in my company's logs is [filtered] where these things would be. We get audited regularly to ensure our logs, and many other things, are clean. As not everywhere is as diligent speaks to the necessity of not reusing passwords across sites.

I work in IT and you'd be amazed how many clients get angry and demand to know how they got infected when they have an antivirus installed. No antivirus software is going to catch 100% of stuff, especially if you're going around downloading and installing everything you come across online.

@ThioJoe

Жыл бұрын

Yup, it’s basically just a last defense

@MatrixMode42

Жыл бұрын

As a kid, I would install everything. It installed some weird chrome browser and to this say, it's still on my old computer.

@GeekIWG

Жыл бұрын

@@MatrixMode42 I see a lot of modified Chromium-based browsers get unknowingly installed by people that are seemingly used to show ads everywhere.

@jacksoncremean1664

Жыл бұрын

many anti viruses are actually pretty poorly implemented and end up making your security worse as they end up increasing attack surface

@R.K_Chalkboard

Жыл бұрын

Thing is even if it catches stuff, it's called a virus for a reason. You can't just delete the root of the virus, it'll be in other places or it'll just reproduce itself before the AV can fully delete it. Only way is to reset.

Also VPNs aren't really completely private. They're great for getting around geo-restrictions, and for remote work, but as you mentioned in another myth - if you log in or if a website uses cookies, they can still gather information about you. Generally speaking, if you want security or privacy, you can't rely on only a single piece of software - you use multiple strategies that cover different aspects of security and privacy.

@ailivac

Жыл бұрын

Of course, but they're the ones paying the bills so why would he include that? "Use our sponsor to mask your IP address, except they will still track you with cookies, oh and they can still fingerprint you just as easily with private browser mode."

@lordelliott42

Жыл бұрын

@@ailivac And more and more countries are _requiring_ VPN's to keep logs.

@Izofeu

Жыл бұрын

What a VPN does is it changes who tracks you. Now your ISP won't track you, but the VPN company will. I hate youtubers advertising vpns as a way to stop being tracked where it only changes who you get tracked by, not if you get tracked.

@Twisted_Code

Жыл бұрын

sponsorships are ironic sometimes aren't they?

@Twisted_Code

Жыл бұрын

@@Izofeu I mean, allegedly this one doesn't keep logs of anything, but they could always just be saying that right?

An important note on the last point: Formatting an SSD will not write zeros across the whole drive. SSDs have their own controllers and maps that strategically write data to their flash chips, the OS doesn't have access to the true locations of the files. I have heard of an alternative protocol that does allow the OS to control the SSD more directly but as far as I know it's not really in use anywhere. The reason SSDs are setup to manage their own data is to ensure proper wear leveling which preserves the life of the drive for as long as possible. Having said all that, for better or worse, it should also be much harder to recover data that was deleted from the recycling bin.

@repeekyraidcero

Жыл бұрын

Still very possible to recover many files. Better use multipass erasure

@wasd____

Жыл бұрын

@@repeekyraidcero Multipass erasure doesn't necessarily do anything on SSDs. Wear leveling is automatic and may cause the multiple writes to go out to different blocks than the one with the data you're trying to erase.

@futuza

Жыл бұрын

Best actually to physically destroy the SSD to be safe.

@ishrod_tweaks

Жыл бұрын

There is an OS instruction to delete sentitive data called SANITIZE. But, be aware that using it to much shortens the life-span of SSD and usually requires to format the whole SSD.

You did a good job trying to inform people on the myths you listed. I have been working in IT since 1978 and have seen so many changes in the industry overall. My focus currently is with network security in business environments. It amazes me how many business owners either believe these myths or know little to nothing about their network environment. Sometimes the hardest part is getting them to invest in their own security. The alternative can be far more devastating. Thanks for putting this video out!

@deadlee0b1

Жыл бұрын

I did a server upgrade for a client, but the quote didn't include a backup solution. We warned them of this, and they said "Its okay, Greg handles our backups". Greg being one of the managers who "knows a little bit of IT". We got them to sign off and all was well. A year later they got hit with ransomware. I went in to help with the restoring their data, checked their backup software, and lo and behold, the logs just showed 6 months of failed backups attempts.

@FireAngelOfLondon

Жыл бұрын

Thanks for that list; a summary helps to remember information like this and the video didn't include one. I am surprised people questioned your reason for posting it, but I guess none of us knows it all - I sure don't.

Here's one I heard too many times in my IT career: "I don't need antivirus, I have a Mac!" I deliver auto parts now. Much less stressful than arguing with idiots.

@repeekyraidcero

Жыл бұрын

Well.. Mac is its own can of worms... And that myth is long dead

@kevinwong_2016

Жыл бұрын

@@repeekyraidcero yes

@buji1

Жыл бұрын

@@repeekyraidcero Some people still say that though

@TrekkerUK

Жыл бұрын

Anecdote time! I've had a MacBook for about 10 years (And love it!) but one time years back I was having a problem with it. I can't remember exactly, but something was acting weird. So - I thought I'd post on the official Apple support forums for some help. A self-proclaimed expert user with something like *11,000* posts replied along the lines of "Do you have anti-virus installed? That can cause issues and isn't needed on Macs so just uninstall it." I just replied with a rant about how that was utterly terrible advice and I sincerely hoped other users did not listen to his 'solutions'.

@serbiagamingiscool515

Жыл бұрын

@@TrekkerUK the thing is, he is not all that wrong. Antiviruses can cause A LOT of issues, and its a headache to deal with them. I myself only have the windows one and occasionally install malwarebytes just to check if i fucked up or something, but thats about it. Dedicated anti viruses also end up slowing your pc down.

Overall, pretty good. A few technical issues I have though. Myth #2, the "padlock icon" or "secured notice" in your browser just means that the browser is detecting that the SSL cert info matches the web server info and is saying that it's "verifed". It does NOT however mean that "no-one is in the middle messing with it". Man in the middle attacks still intercept secure traffic links to harvest PII. The attacker spoofs the secure connection and you browser can't detect that there is an third party in the mix. Myth 8, more of a technicality, but keyloggers don't take over your computer, they just collect info on what you type to harvest passwords and other PII. Rootkits allow other software to take advantage of vulnerabilities. They allow other malicious software and users to exploit vulnerabilities and gain access to a machine. Technically, neither are capable on their own to take over your computer.

Note that even a "*slow*" format doesn't do a secure delete. Some drives might have a secure delete operation, but most consumer drives do not. With spinning-rust drives, you're generally fine if you ensure the disk actually writes out 0s to the physical sectors. With SSDs, wear leveling can keep you from ever writing the physical sector again. Bottom line, you should keep sensitive data encrypted, and keep the encryption keys somewhere you *can* delete them (like a hardware key), or at the least keep _them_ encrypted with a password.

@AttilaAsztalos

Жыл бұрын

...or you can use purpose-built wiper software that merrily proceeds to write garbage data into every byte of "unused space", necessarily overwriting anything that was supposed to be deleted. Yes, some data may still survive by ending up on a spot that was replaced by the drive with spare capacity that drives keep just to be able to hide minor damage from you, but hey nothing is ever 100% secure and as levels of paranoia go this is a pretty efficient solution.

@lperkins2

Жыл бұрын

@@AttilaAsztalos Doesn't take special wiper software, just boot from a different drive and have `dd` write from /dev/random to the head of the target disk. If you don't want to erase the files currently on the disk, doing it to a new file within the disks FS works for the logical portions of the disk managed by that FS. That gets you to where recovery of the data will require specialized tools, which is generally good enough unless your threat model includes state actors or others who will use SEMs and physically disect your drives. Just remember it _does_ leave any cells "parked" for wear leveling, and if your random number source isn't good enough, and at only a single pass, an SEM may be able to recover what the state of the individual cells were before you scrambled them.

@achtsekundenfurz7876

Жыл бұрын

BTW, two passes are usually good enough. If there was a way to write data to disk, then overwrite that chunk, and read both back, HDD manufacturers would have exploited that trick decades ago to double their capacity without adding to cost. Why _twice_ then? Because it might be impossible to read both versions back _reliably: but could work once in a blue moon if the newer data follows a simple pattern. It just _might_ happen on a chunk containing sensitive data... The old guidelines about 7 passes or more account for OLD hardware (i.e. 1980s or older -- governments tends to keep some of those for a longer time than any individual or company would). Those would sometimes practice "shingled magnetic recording" accidentally due to wandering alignment of the head or (if applicable) tape used.

@lperkins2

Жыл бұрын

@@achtsekundenfurz7876 If you are a device manufacturer, you need to, within the rated service life of the device, have a near 100% recovery rate of the data, so double-writing and guessing isn't a good option. If you are trying to erase state secrets, you need to have a near 0% recovery rate of the data, so writing over it once may not be enough. And remember, in the state-actor case, the final "read" procedure may be damaging to the drive (as it is when using an SEM to do the read). That said, if one pass (or certainly if two passes) haven't removed the data, it will be because of the device firmware. More passes won't help.

Myth 1: You need to change your password frequently. (Creating a single really strong password is better than using weak passwords that you change often). Myth 2: The padlock icon means a site is safe or trustworthy. (It only means the connection is secured). Myth 3: Incognito mode makes your internet activity untraceable. (Websites can still track your IP address or recognize you when you login). Myth 4: Strong passwords are just to stop people from guessing it. (If a website gets hacked, all the encrypted passwords will be shared with hackers who use computers to try to crack them). Myth 5: A strong password must be complex. (Making your passwords longer is often better than just adding numbers or symbols, unless you're using words alone). Myth 6: If you're good with computers, you don't need anti-virus. (There are zero day exploits and vulnerabilities that can affect even the most careful users). Myth 7: Anti-virus will always protect you from everything. (Be careful and use common sense.) Myth 8: If you have a virus, you'll know it or it will be obvious. (Except for ransomware, most viruses or malware today are spyware that you won't know is on your device). Myth 9: A strong password is all you need to secure your accounts. (Two-factor authentication is very important). Myth 10: Deleted files or formatted drives can never be recovered. (Deleted files and quick-formatted drives can usually be recovered with special software).

@hAT81

Жыл бұрын

lol whats the point of making this comment? (no hate)

@silopante

Жыл бұрын

Boo

@davidt01

Жыл бұрын

@@hAT81 I wrote it out for people who don't want to watch the whole video. I actually wrote it out so I could share with my friends and family, but then I thought I might as well post it here. :)

@credulous2skeptic522

Жыл бұрын

@@davidt01 Thank you for posting this David. Even though I watched the whole video I can share your notes with my friends who might not want to watch it.

@marcusbk7317

Жыл бұрын

@@hAT81 because the OP did not make a summary

As someone currently working in infosec, I'd like to point out an issue with the NIST recommendation for never expiring passwords. NIST is designed for government agencies that are already following all of the other guidelines. This means that bodies who follow this will also have modern 2FA, good minimum complexity requirements with phrases, no one is reusing the same passwords, SSO is configured everywhere possible, and these passwords are not being stored in an insecure manner. Not changing passwords IS the best practice if every other best practice is also being followed. For example, I can guarantee you that many companies have not adopted 2FA more advanced that an SMS message and most users will still be reusing the same passwords for multiple accounts anyways. Also, many of those users will be using the infamous password spreadsheet instead of a manager.

@anon_y_mousse

Жыл бұрын

Good point, and I agree, a simple SMS based 2FA is not good enough. Especially if your phone gets stolen it'll be worse.

@johnt7665

Жыл бұрын

No apostrophe necessary. Many companies.

@zoetje9817

Жыл бұрын

@@BoGy1980 I mean, password managers store don’t store passwords in plain text. Spreadsheets do AFAIK.

@BoGy1980

Жыл бұрын

@@zoetje9817 that's why you need to password protect them of course. Office documents (Microsoft / Libre /open-office) indeed are merely xml files stored in a zip container. Those xml files are protected as good as the password is. At least they won't target that file as fast as the datafile from pwd managers, which is also plain text in its purest for, but is also encrypted with your password

@marcusbk7317

Жыл бұрын

Thank you! Everyone cherry-picks the NIST guidance about this.

Everything spot on except number 10. With modern flash storage, there is a feature called TRIM on the SSD itself which overwrites files as they are deleted so file recovery now is a bit complicated. An exception is with Full Disk Encryption because TRIM only works on entire files, so when it sees an encrypted file system , it sees a delete operation as an update rather than a delete so TRIM doesn't kick in.

I really appreciate that besides good information, concise, but clear, you have went through the length of mentioning every single edit, its source and provided even links to locations you went to for checking something. That's good editing, and crediting the spots elements you added to your video.

I like the way you explain stuff, it's very easy to follow along. Would you mind making a tutorial about those yubico authenticators including showing how to add them to various popular services?

@ThioJoe

Жыл бұрын

Possibly

@bharatmadho3742

Жыл бұрын

@@ThioJoe yayy

@Rmni2

Жыл бұрын

@@ThioJoe Ooooo i wounder if he did make the video it will make us get a key

@futuza

Жыл бұрын

Maybe also discuss weaknesses with using yubikeys, eg: the physical yubikey is stolen, or destroyed and you don't have any backups (because those would create weaker actor vectors, threat actors could use to their advantage)

I love how the AI interpreted the "sketchy link" prompt as a literal link that had been sketched.

@crowdemon_archives

Жыл бұрын

They...tried 😅

The LastPass password management suggestion really didn't age well in four months given what we've learned about the hack, their security practices, and their subpar browser extension. If the dev groups I frequent are an indication I think there's a mass exodus to Bitwarden, a company which seems to take security much more seriously by comparison. Also, Incognito Mode doesn't use the cookies/site data stored in the browser picked up during non-incognito mode. That's why you would need to log in to sites again if in incognito mode.

Great video. One more myth I would add is that security questions make your account more secure. This really isn't the case. A security question is most often a simpler, shorter password that you can find the answer to from looking at the person's social media account. I always treat security questions as passwords and generate long answers (stored in my password manager)

@barryschwarz

Жыл бұрын

The 2 ones I choose are definitely not in any of my social media accounts or anywhere else. Mother's maiden name, and the name of my first pet are impossible to get both unless you go to my parents' house and torture it out of them.

@KaptainCanuck

Жыл бұрын

@@barryschwarz, where was a parent born is pretty good or first school is also good is long as you do not have your city of birth on social sites.

Great content, as usual. Quick add-on: Incognito mode also deletes all cookies when you close the browser. Great for when you're wanting to log into the same site with different credentials, like when you're alpha testing a website.

@repeekyraidcero

Жыл бұрын

or just open a private tab...

@gragogflying-anvil3605

Жыл бұрын

@@repeekyraidcero That's the same thing with a different name.

Hey Joe, I just realized that I've been watching your videos for over 10 years now. From the troll videos I used to watch in primary school and actually trying them out and being disappointed/angry to today, where I'm studying computer engineering, I gotta say I always enjoyed your videos even if it's about something I understand to the core of it. You've always been one of my favorite tech youtubers as your videos are always entertaining to watch. Not much else to say besides cheers to another 10🍻

@nabh_agrawal

Жыл бұрын

can u suggest me some other tech tips channel like thioJoe ! This channel do a great job but if u could, it would helpful for me!

@emirkugic

Жыл бұрын

@@nabh_agrawal i don't know exactly about tech tips type of youtubers, the only one that comes to mind is computerphile, they teach you about various computer related stuff, but here are some of my fav learning/entertainment youtubers: Ben Eater is great for understanding how computer hardware even works, code bullet and michael reeves are hilarious, stuff made here is just mad impressive engineering videos and freeCodeCamp is a great source of useful tutorials if you're into comp sci. I hope you find this useful

@nabh_agrawal

Жыл бұрын

@@emirkugic Thank u !

@davebing11

Жыл бұрын

writing them down is fine, as long as it is in a book that you know had better be secured to be safe

Glad to know I already knew most of these. Only one I missed was part of number 1, that the best practices have shifted to only changing passwords when there's a suspended breach. The mention of password managers is somewhat lacking, because they're not infallible either. I recall LastPass had a pretty serious breach sometime in the last few years.

@johnd5398

Жыл бұрын

While password managers may not be infallible, they are extremely good at encouraging people to use unique passwords for sites as well as using more secure passwords; they are rarely ever breached and, when they are, most can automate the process of changing those same passwords. In the event of a breach, all sensitive user info is encrypted, as well. Aside from hardware-based security, nothing else compares, really.

@torinnbalasar6774

Жыл бұрын

@@johnd5398 I agree that password managers are a good thing, but am a lot more skeptical about their security than you. LastPass waited months before notifying their users of a breach, even longer of the severity, and was opaque through the whole process. The breach exposed an undisclosed amount of users vaults; containing both their encrypted passwords, and a host of unencrypted information (urls, billing addresses, etc.), and waited an extreme amount of time before warning anybody that they needed to change their leaked passwords, because they can still be decrypted through brute force in time. The problem with password managers is that they can become a single point of failure that is no more secure than any of what it's protecting, and it takes a lot of research to verify that a specific one is reliable and transparent, rather than taking their word for it.

The private browsing thing I find funny, because all incognito and private mode landing pages I've seen explicitly tell you what it does and doesn't do. Usually even explaining that your ISP, Employer/School, and the website you are visiting still see the activity.

Unless that changed recently, long formatting doesn't even overwrite the old data, it just checks every sector. The low-tech technique I use is to create a "filler" file with data from ond of my big files with nothing I worry about in. Then, once I've deleted everything, I re-fill the drive with that filler, and then re-delete it. The data left on the drive is now that filler repeated over and over, not my original files. Quite time-consuming, but worth doing before donating or discarding a PC.

@ailivac

Жыл бұрын

GNU coreutils comes with the shred program that will do this automatically over either a file or an entire disk. It actually overwrites it multiple times with different patterns of data, some random and some fixed, designed to physically scramble the media as much as possible. Of course that's only applicable to traditional filesystems on magnetic drives; on a CoW-based filesystem or SSD it won't do anything other than waste time. Some SSDs use internal encryption and have a fast secure erase command you can run that simply zeroizes the key without having to physically erase every block.

@lordelliott42

Жыл бұрын

I just destroy data drives. Hammer and fire is the way to go if you want to be *sure* your data is gone.

@jacquesmainguy1

Жыл бұрын

​@@lordelliott42 I have done that too, when discarding a PC or laptop.

@ThioJoe

Жыл бұрын

In my other video I tested the difference between Quick format and not, and at least for NTFS it did indeed write zeroes across the drive, I checked it with a hex viewer. I'd assume the same goes for other file systems but I didn't explicitly check those.

@ailivac

Жыл бұрын

I wonder if it just TRIMs every empty block on SSDs (which will make them default to 0) or actually overwrites everything

10:05 That guy holding the notebook deserves an Oscar

@human.earthling

Жыл бұрын

“But I have antivirus!!!”

Excellent information; clear and concise delivery !! Thanks !!!

The deleted files thing is a bit more complicated with SSDs. On mechanical hard drives, it's true deleting (or quick formatting) does not remove the actual data. On an SSD though, deleting a file will, sooner or later, also wipe the data due to the TRIM command. Windows sends this with every file IO (and for quick formats). Linux uses FSTRIM which is usually scheduled to run (ie once per day or whatever). And different SSDs handle the trim command differently.

I liked this video, it more or less echoes what I explain to people. You explain things in a very clear, concise and easy-to-follow way. Only thing I’d add is that these days with SSDs and TRIM, deleted files, whilst they may still be retrievable, are less likely to be so than with spinning rust disks. One more thing - nothing to do with your actual content - I do feel that VPNs don’t quite do what they say. Unless I’m missing something, they are no more private than using your ISP without a VPN. You’re just moving the breakout point to the internet from your ISP to the VPN provider. Who do I trust more? But yes, they’re useful for watching foreign Netflix stuff but I really can’t see what privacy they offer that really matters. Obviously you as a content creator who gets sponsored aren’t going to be able to reply much…

@liquidmagma0

Жыл бұрын

its a matter of do you trust your isp or the vpn service more? some vpn's are more trustworthy than isp's, some are not. vpn's are also useful if your government uses heavy censorship or has human rights violating laws which makes you unable to look up or consume something.

@sparkypikachu7776

Жыл бұрын

@@liquidmagma0 i hope over day we can tackle that issue in the world, forcing the govs to make there no banned shows

@Guilhem34

Жыл бұрын

@@liquidmagma0 Hiwever in my country (just blocking some « illegal » content, it is just a DNS block so just going through cloud flare or google dns is enough. And no one is ever gonna to go after you for visiting those websites (it is free streaming or others websites, of course not very very bad websites).

Thanks for the awesome video ThioJoe, keep it up!

Wow Thio. Super informative. I wish I could smash the like button many times. This was great. I love learning something new and you just offered me a few more sights for my arsenal. Thank you

Very good! As a software developer, yes: use a password manager, allow it to generate passwords as long and as complicated as the site will allow, rotate them regularly, don't click any links in emails from addresses you're not 100% sure off, don't visit websites you're not sure of, consider using a VPN, keep things up-to-date, and rock on.

Theo Joe: your browser history can be tracked even if you're using a VPN Theo Joe 13 seconds later: private internet access VPN will prevent your browser history from being logged

@anxiousearth680

Жыл бұрын

He was talking about incognito mode on your browser. Not the same as VPNs.

@Leonhart_93

Жыл бұрын

Yeah, you misunderstood completely what he said, I wonder how many people just completely miss information because they skipped words. He said: 1. incognito is not a VPN 2. if you log in to a website, you tell them who you are so not even a VPN will help you in that case Which infers a VPN should be good enough for any other case you don't input your data.

@eldrago19

Жыл бұрын

@@Leonhart_93 Though you will still need Incognito even if you are using a VPN (and a browser that blocks trackers in Incognito).

Thanks! A great video and very informative 👍🏼

@ThioJoe

Жыл бұрын

Appreciate it!

Good video. I was an IT support person for years, the number of times I saw passwords written on Post-Its attached to monitors... I'm convinced that in most cases, computer security merely prevents honest people from getting their work done. Half of a tech calls to corp IT are from users who locked themselves out during a mandatory password change. Management smiles and keeps the policies in place.

Nice video. Some years ago, the word got out that 95% of people who had Windows intrusions, would have avoided it if only they had been using a NON-ADMIN logon account to their local machine. This is why a lot of companies have moved to a stance of nobody having an admin account for everyday use. It's annoying when you can't even use Task Manager to knock a misbehaving app out of memory, or install an updated mouse driver, but when companies started getting tough on that point with their employees, those companies started seeing a lot fewer actual intrusions, especially the really devastating one, ransomware.

One of the reasons for changing passwords regularly is that people often see the first characters of a colleague typing their password. Over time they work out the whole password. It's definitely a valid procedure

@ThioJoe

Жыл бұрын

Except most people just change like 1 letter at the end so it doesn’t help

@chad4628

Жыл бұрын

It's not really the best idea of your changing your password change the entire thing

@markc6714

Жыл бұрын

@@ThioJoe well that comes down to staff education

@Kkooly

Жыл бұрын

@Mark C...multifactor authentication greatly reduces the need nowadays. A better solution is to use a random password generator and a password vault with MFA enabled. And in addition use MFA wherever possible.

@connorbeam2711

Жыл бұрын

This comment has been sponsored by Bitwarden.

I've never looked into what quick format does, but I figured it just overwrote the file table, and now that I went back and watched your older video, you confirmed exactly that. Neat that they just did the obvious.

@Cheepchipsable

Жыл бұрын

This was an implementation from back in the day when people would leave their computers running overnight to defrag. The CPU couldn't handle to many operations at once.

@anon_y_mousse

Жыл бұрын

@@Cheepchipsable I miss those days. I would start it defragging before I'd attempt to go to bed and watch it for a while and fall asleep at the desk.

15:25 - If you truly need data gone you can only do a few things: 1. Do a 7 -12 data pass, using a mix of random data, all 0s and all 1s. 2. FILL up your drive with dummy data, and then do that a few times (all free space after deleting the file). 3. Replacing the drive and destroying the old one 4. If the drive is a spinning drive (not SSD), using a DEGAUSS machine (takes around 60seconds to finish) to modify the magnetic properties of the platters. It's possible, using very sensitive forensics to recover data on platters, AS WELL as NAND flash used in SSDs, but obviously is expensive / used by higher agencies and targets. Also, it may not be possible to overwrite individual physical locations on an SSD unless the TRIM algorithm and memory controller have cycled through that cell enough times. SSDs usually have around 10%ish EXTRA flash cells for wear leveling, and may not "reuse" a cell for awhile if they instead use other cells to extend the life of the drive. The best option is to physically destroy the drive. For 99% of users, deleting a file, and then running a 7-12 pass of random data (you can download free programs that do this) is enough to conceal files recovered via "sector based recovery" programs.

So helpful and informative. Thank you - subscribing now

About the last one, I believe that if you use SSD and you have TRIM enabled, it's much harder to read that "deleted" data (but NOT impossible!)

@johnd5398

Жыл бұрын

More harder? I see you've been failed by public school, also...

@Klusio19

Жыл бұрын

@@johnd5398 ?

While private browsing isn't perfect, it does more than you give it credit for. Cookies are session only, so your searches aren't linked to your Google account and logins from private will be removed when switching back. No data is stored clientside. Web trackers get blocked. Plugins are restricted. The most important thing it doesn't protect is ip of you and the servers you're connecting to.

@cake0539

Жыл бұрын

I use it on sites, that require me to activate cookies. Easiest way to get rid of the cookies once I leave the page

@m1k3y_m1

Жыл бұрын

@@cake0539 If you have Firefox, cookie containers in combination with Cookie Quick Manager works well. I clean up the default container regularly and sites where I want cookies get their own containers(sometimes multiple for alt accounts)

Excellent job of quickly going through those things! WELL DONE.

Very good advise and clear explanations. Thanks.

The password one is such a good one, the company I work for enforces a 30 day password expiration policy with no resuse for 6 months so all that happens is everyone has myfaveword1, myfaveword2 etc and then when they get to 6 or 7 they loop back around the first 1.

@TheHellis

Жыл бұрын

I use the same strategy. As long as they require me to change password then I will never create a secure password. Complete waste of energy

Another security myth is that having strict password rules makes it more difficult to crack passwords. In reality, it just makes it easier for hackers because they can narrow down what the passwords will contain. Also, requiring very long passwords is a terrible idea because most users will just go with the bare minimum length. IE: If the minimum length is 16, then most will just go with a 16, 17 or at most 18 character password. Now the hackers know the most likely length, and will know it must contain certain characters. This is why tech giants like Google and Apple have fairly lax password requirements, I believe both of them require 8 characters, and may require at least one number. This greatly increases entropy because the hackers have very little information they can use to narrow down the possibilities.

@AnonyMous-gt8vq

Жыл бұрын

A password with length 16 is impossible to brute force anyway, even if the hacker knows the length. A password with length 12 takes a few days, while length 8 takes mere minutes. So, forcing a minimum length of 12 should be required.

Great video. Didn't really learn anything, but I know many people, including in the IT department at work who could use this knowledge. I especially liked when you said the length of a password is more important than complexity. I was very angry at my bank a few years ago when they wouldn't let me use my password because it was too long. It was 10 words long, not 10 characters, 10 words. I was also annoyed that I was not allowed to use the space bar in my password. Password rules are often preventing good passwords. One other tip I would definitely add to computer security. Only be admin when you have to be. I have a separate admin account that I have to promote myself with with a password whenever I am making any meaningful changes to my home PC. It is amazing how many issues get blocked when I realize that no, I don't want to promote myself to admin for that.

I'm going to binge your videos and claim the hours for work.... I teach a computer school for seniors and people with disabilities at a non profit and most of it is pretty basic stuff that I, as a millennial with a bachelor degree in business/marketing could do in my sleep. However, every once in awhile the more technical problems come up and you've summed up some of those answers really well just in this one video. Thank you!

Myth #6 is applicable to Linux. Sure, Linux has some additional protection because it's only about 1% of the operating system market and it relies on software repositories more heavily, but there has been an increase in supply chain attacks that threaten repositories.

@kevinwong_2016

Жыл бұрын

And mobile devices

@xselimxxjd

Жыл бұрын

Isnt linux is an OS for hackers?

@Nelo390

Жыл бұрын

@@xselimxxjd No. More hackers use it for the control it gives you, but the vast majority is non hackers, and completely law abiding, techie citizens.

@Nelo390

Жыл бұрын

@SHAKTI PRASAD SAHOO Open source code also means that vulnerabilities are caught by good people checking the code too, and so major hidden vulnerabilities being abused for long periods of time are impossible to form.

@relims

Жыл бұрын

@SHAKTI PRASAD SAHOO Open-source software means that community can read, identify and patch bugs before they are used maliciously. Sure, in some cases, the bad guys gets the exploit first and hide it from everyone else but that's the trade off for having a patches released early. Your arguments about getting hacked and your settings changed doesn't make any sense because it is usually your fault in the first place that lead to you getting hacked.

A friend of mine was once going through his task manager when he noticed a program with no icon called "Internet Explorer". After some investigating it turned out that it was infact a crypto miner. He tried to delete it but it came back all the time. Windows defender didnt detect it. Then he installed Malwarebytes which finally fixed the problem...

coming back 2 years later watching a video this guy is this making legendary videos.

3:23 Regarding Myth 3. Incognito mode AKA private browsing also has separate cookies from the regular mode and starts off with no cookies but can accumulate them. Private mode cookies are cleared when you close all private tabs/windows.

I think a pretty big security myth is that security questions are anything but a super easy express lane to stealing your information. People will use basic biographical security questions such as "the city where you met your spouse" or "name of your first pet" which can be located on their public Facebook page in 5 minutes.

@futuza

Жыл бұрын

Sure, but most of these security questions don't have to be answered truthfully or insanely. Yes, I grew up in H5h$oso;5M0aFXwoap'Sn2K so what? That said companies/sites that use security questions are evil and trying to get their user's information stolen.

Thanks for the video. I’m concerned about password management sites like 1Password. What if these sites get hacked themselves then don’t all your passwords from emails to bank accounts get exposed all at once? Isn’t that inherent risk very serious?

@declan_youtube

Жыл бұрын

On most password managers, even if they get hacked the hackers will STILL require your Master Password to access your passwords. You see, the passwords are encrypted (hashed) with an algorithm that can only be reversed with a key, your Master Password. Your master password is hashed as well, but with no key, and when you enter it the software will compare the hashes. This way, even if they got hacked, there is no way hackers could access your saved passwords without knowing your Master Key. - This assumes you have a secure master key

4:51 hash functions are one way. "decrypting" in this context just means guessing the password a bunch of times, though obviously if the database is leaked the attacker is unlimited in the number of guesses they can do, unlike if they were to try to log on directly to the website.

Thanks 👍 Thio. . . Really so complete... Helpful... A Video Very Well Done!😇

In my experience all third party antiviruses are pointless because the built in Windows one is fine, and it doesn't slow down Windows too much. I still disable it because as a software dev it makes my life miserable.

@declan_youtube

Жыл бұрын

As another software dev here, just add an exception to your build and source code repositories.

Just have unique password per account tbh thats enough using same passwords everywhere is one of the biggest risks

Thank you very much for your videos and knowledge! Very helpful!

I learn new computer tricks and stuff with every video that Thio uploads, so thank you man for sharing your knowledge. That said, I have a question: is there a way to lowering the shutdown time of my windows 10? It takes forever to shutdown despite the thousands of tweak I did on my comuter. I could write the list of tweaks I did on my computer to deal with the slow shutdow but it would be too long and we'd be here for a week lol. So, do you know any good trick to make my comuter shutdow faster? Even with my computer knowledge I'm still not able to figure out what's causing this issues.

Your videos are very good. Keep up the good work! ✊🏻

*U recommended a password manager. How can one guy trust some password manager more than his memory. Cuz what if the password manager is not really secure and all of ur unremembrable passwords are store there may get leaked all at once by it. Can u please make a video on "Password Managers" on how they are more safe than having many unique passwords remembered. Is there any really free way to completely secure urself on the internet without buying a VPN or physical key?*

instant subscribe wow i love the way you explain, straight to the point

10:13 I love how the guy slamming the MacBook had flipped the lid upside down and using keyboard as his screen lol 😂

SMS authentication is the WORSE 2-factor. Always avoid it if the site/service allows other methods

@CiabattaSensei

Жыл бұрын

and why is that? I'm not trying to be rude, I am genuinely curious because I know basically nothing about this topic

@MarcioHuser

Жыл бұрын

@@CiabattaSensei because they are fragile. Cellphone numbers can be "stolen" (actualy transfered into a new chip, if you have someone inside the cell company to do that for you, or if you can fake away the necessary documents to do that in a store) and thieves/scammers can use it to receive any sms authentication message

Some minor nitpicks: LastPass and 1Password are proprietary and should NOT be trusted with your passwords. Also, both of them do cloud synchronization afaik which is another red flag. Also, AntiVirus software is useless and does more harm than good. The same goes for 2FA (most of the time).

@Madinko12

Жыл бұрын

Agreed on the crappy proprietary password managers. Could you explain why 2FA would do more harm than good though? It's just an extra layer of authentication isn't it? How could that be harmful?

@4cps777

Жыл бұрын

@@Madinko12 2FA works great in theory. That's it. Now let's look at one of my favourite crappy implementations of 2FA: Discord. - In order to use 2FA, you have to give your phone number to the CCP (or rather a company controlled by the CCP) - At this point, you might as well post it on doxbin yourself because that is wher it will end up invitably because - Token stealing still works perfectly fine and since tokens grant access over the whole account (plus some things that aren't accessible through the app) and lare only renwed when the password is changed, you're still fucked - Someone getting access to my phone number will now result in me getting locked out of my account because the same phone number can now be used to reset the password - I now have to carry a mobile spying device with me at all times - I also have to trust my phone provider to not screw up (which is bound to happen because phone providers have a local monopoly and are thus allowed to suck infinitely) - I don't have any real gains in security over simply using a secure password And the reality is that most implementations of 2FA are trash because someone decided to play the good ol' buzzword game and change the meaning of "2FA" from "two factor authentication" (literally) to "please give us a unique identifier which cannot be changed easily and that has already been used to build social graphs for decades and will continue do be used so indefinitely instead of learning how to use a password manager".

@Madinko12

Жыл бұрын

@@4cps777 Thanks for your thoughtful answer. That's insightful :) . Yeah, non-standard 2FA are most definitely trash.

Well done. Quite informative. I remember when Norton was selling his undelete utility in a ziplock bag. Some things never change.

@2:51 it does a bit more than that.. on Firefox, it prevents service workers from being run. It also prevents cookies and other local storage methods from retaining data beyond the session. It also restricts certain JS related things and prevents some forms of user tracking and a few others I'm not mentioning..but saying it's the only thing is an incorrect blanket statement.

Really nice video! For myth 5, 15 character with lowercase symbols is 6.2X stronger than 11 character with lower and uppercase, numbers and symbols on shift number keys (not 10x). Myth 10 is becoming true for SSDs. Once you delete a file and empty the recycling bin, Windowos sends a TRIM signal. This causes the SSD to immediately return 0. However, behind the scenes, the data may not be garbage collected by the flash controller immediately. But to access the data, you need to contact data recovery (and they don't support all controllers. Unlike hard drives, you can't wait more than a year as SSDs lose their data when unplugged over time)

@BoGy1980

Жыл бұрын

It's not a good idea to trim every time after something was deleted. It IS a good idea to trim weekly or once per day. This way you still have the time to realize you just deleted some files by accident after clearing the garbage bin (or using shift-delete on the files). If you trim every time after deletion, it removes your timeframe to recover any lost data. If you remove daily (let's say on boot, after login, max 1x per day) then you can still boot your machine up again after you had this "Ohhh no, I deleted that tooo... damn"-moment and restore the files. (Or take the drive/computer to a repair specialist who can recover those files for you) I trim weekly on a system that's running 24/7 and never had issues. If you trim because the disk is almost full, and you want the system to give fast access when writing, you're wearing out the little remaining space on your drive by always using the same few memory-cells... you should at least have 10% or more disk space free on your system drive, the more the better, because there's a lot more writing and deleting going on than you probably realize, this causes memory cells to eventually wear out if they get overwritten many times. The more free diskspace you have, the more the diskwrites are spaced out over the available free cells, thus trying to avoid that cells wear out fast.

@ckingpro

Жыл бұрын

@@BoGy1980 I mean by not trimming you are just increasing write amplification. You already have recycling bin as a safety net. That the file is not actually deleted is just an implementation detail on hard drives (SMR are changing it so even hard drives have a version of TRIM). Not to mention VSS can also act as another safety net.

Im so happy whenever this man uploads. Lets go dude, keep it up

Your info is so thorough. I just subscribed.

Excellent video! Only thing I would say is that multifactor authentication is a must for your email... Easiest way to break into other "secure" accounts is by hacking your email, and using forgot password link. Email password should be unique to that one site, and protected by multifactor... If you don't have a password manager, I personally think it's fine to use same password on stupid sites that don't matter much (aka don't have any personal or financial info). But your email, social media and financial sites should follow all recommendations he gave here.

For the password thing: The reason stronger passwords are more secure is because of how they get the passwords. When a password is hashed, it can't just be 'unhashed', so hackers will use the algorithm and out in passwords to see what hashes they get out of it for that password. However, they won't go aaaaaaaa, aaaaaaab, etc. They will go in order of most used passwords so that they can get more passwords out faster. By using a unique password, it is going to be further down in the list, and thus will be less likely to have been generated and hackers know what the password is.

@pdempsey

Жыл бұрын

That's exactly my understanding, if you don't mind, I'll restate it in a similar way: Understand this first, the hash of "password123" is the same for all logins. If a site is hacked and they get the login names and hashed (encrypted) passwords, what the bad people do is: They sort the logins by hashed passwords so ones that match (that must be the same) end up next to each other on the sorted list (i.e. 327 matched hashes and the login names right next to each other). Then they take those login names and try the most common passwords with them until they get a match. If YOUR password is very uncommon, your login name will be way down the list with all the one-off hashes and too much trouble for the bad people to try to decipher. In other words, long complex uncommon passwords makes you too much of a hassle to follow up on.

@TazerXI

Жыл бұрын

@@pdempsey Yea, that is exactly what I meant. When the password "Password1" is at the top, they are going to try that rather than try the one person down the list. You not only get more people for less effort, but also those with the weaker passwords are less likely to be knowledgeable in these things, and thus are more likely to not have 2fa, fall for scams, etc.

@pdempsey

Жыл бұрын

@@TazerXI Dig that buddy, cheers. "more likely to not have 2fa" ... one hundred effing percent! Keep on keeping on

To be fair a web server should NEVER encrypt passwords but hash them with a password hashing function with a salt.

The stock video of the "sneaky hacker" made my day!

A few comments I have (corresponding to each myth): 1. My school does this, it's so annoying! They should watch this video lol 4. Very well explained, thanks, I'll keep this in mind! 5. Good point! 9. I knew about physical security keys before, but I had no idea how good they were! Thanks, I'll keep this in mind as I might purchase one in the future. 10. Woah I actually had no idea, yet it makes so much sense! Thanks again!!

Good to know that channel that was once known for click baits is now making such great informative videos!! I'm loving these 🤩

@joshbrookes6439

Жыл бұрын

What complete rubbish! This channel has always been the best source for useful and relevant tech information on KZread especially for those who aren't necessarily computer gurus or technology experts. If you really must make such negative statements the inclusion of proof usually does wonders for your credibility jus sayin

@digdeep28

Жыл бұрын

@@joshbrookes6439 It is true what Stephen is saying, ThioJoe had videos like: How to download RAM, How to speed up internet for free and many more lying videos.

@hegedusuk

Жыл бұрын

@digdeep how do you download more RAM?

@fredericapanon207

Жыл бұрын

@@hegedusuk you don't download RAM. RAM is a physical integrated circuit on a physical card that plug into your computer's motherboard. That is the joke.

#6 & 7 i don't particularly agree with. Anti-Viruses are a pain for me as the local town tech. Most common day users in my area install anti-viruses without knowing what it does everyday, What most likely happens is they go off and buy a premium version thinking they need it but just ends up constantly scanning the disk daily, taking up disk resources and over all making it slower. The worst is when this goes on for a long period of time. Hard drives only have a 3-6 year life span and anti-viruses do not help this. Windows has one already built in, you don't need a third party anti virus unless you've disabled windows defender. As you mentioned before sites like VirusTotal are out there to help users determine if a file is trust worthy. Personally I have windows defender disabled in the registry because i have malware on my system in a contained environment that i like to mess with on VMs. If i do scan for viruses, it's with malwarebytes. I scan once a year, then make sure it is closed in the task manager after use and disabled on startup.

@alphanumeric6582

Жыл бұрын

Right on! Following this guy's tip being Crazy Suspicious of anything also comes to mind as these antiviruses can be a ploy to collect your data and sell it to third parties without your consent or at least because someone didn't read their terms of service. VirusTotal is a blessing

Awesome job Joe, thank you for informing us .

You kind of can backup Google authenticator. You can generate a QR code, and transfer/copy your accounts to a secondary phone, and keep that as a backup. I've been doing it for a couple years now. My new everyday phone has it, and then my older one that I keep as a backup phone is also my Google authenticator backup. Any new accounts I add to one I can either scan the new code with both phones at the same time, or just do the transfer again, and it will keep all the old accounts, but add any new ones that I've added with the new phone.

*The fact that many government websites in India doesn't have "Padlock" encryption certification and I have to click "Continue to unsafe site" and then enter my "Secure" information anyway. So it's useless. Even some websites are unopenable because of such security thingy.*

They biggest myth of all is that it's possible to keep your Microsoft Windows PC secure.

@IIGrayfoxII

Жыл бұрын

It is possible, one just as to tiptoe and be willing to make changes to make it so.

@tysloo81

Жыл бұрын

It can be secure, just not your data. What go online stay online, you can run your browser in sandbox, use onscreen keybroad to prevent keylogger to log what you type, what you type in fishing or scam website still stay on the site.

@KenJackson_US

Жыл бұрын

The point is, @@tysloo81, Microsoft unavoidably has access. And Bill Gates is one of the least trustworthy people on earth.

@vipervidsgamingplus5723

Жыл бұрын

Every computer can be secure, just don't connect it to internet.

@IIGrayfoxII

Жыл бұрын

@@vipervidsgamingplus5723 Still not good enough. You can still have issues without internet. An infected USB drive plugged into the PC. A stupid user causing problems

#1 really hit home. On my work, due to company policy and cause its a requirement from most of our clients, our passwords expire every 90 days. And the have to be a min of 12 characters with at least on capital, one symbol and one number in them. It make such a pain in the ass every 90 days to come up with something new, and then remember it.

On the quick format: What about encrypted drives? Wouldn't the quick format overwrite the encryption key so that the newly-free space is essentially unreadable (AKA you need to find a backup of the overwritten key in order to recover stuff from there)? I mean I believe the SATA secure erase command relies on encryption to do so quickly.

Remember that malware can be well-obfuscated and have little to no VirusTotal detections

@crowdemon_archives

Жыл бұрын

@notfiveo tbh I imagine it's more like "headache in occupation form"

pro tip: if you really need/want to change frequently ur passwords, change for a really secure password and note them in a physical notebook. No one in the digital world can mess with your analog stuff :)

@pokeyjojo5691

Жыл бұрын

Until the notebook gets lost :(

@CoreDreamStudios

Жыл бұрын

@@pokeyjojo5691 Or dog eats it, or worse, a demogorgon. :(

I use long gibberish passwords (different one for each website), and 2FA on my most important accounts, though the one type of malware that worries me are web injects (which are designed to hack your browser to trick you into using 2FA for the wrong action, i.e. transferring money to some other account). Would be cool to have an up-to-date video on how these work and how you can spot them in action if your antivirus fails.

Great information Thanks Although I miss your funny videos, these are good to watch.

I wouldn’t recommend being *crazy* suspicious, but yes, if you see something that looks weird, then stop and think where your vulnerabilities lie. I know people who are convinced that everything they experience that seems weird must mean that somebody has hacked into their computers. Most importantly, be aware by watching lots of ThioJoe videos!

Well looks like I didn't really believe in much of those myths. Some I did in the past, but I learned on my own that it's false. Like whenever I would update my passwords at least twice a year, I mostly try to make it longer. And I would possibly change them whenever there might have been a data breach. As for Antiviruses, it seems quite obvious that you would always need one even if you're good with tech. Plus whenever there's new malware, then of course your antivirus isn't going to know about it. I remember some frustrating things that happen whenever I make normal non-harmful applications. My antivirus can be like "Hold on! This file looks suspicious!", and I'm like "Come on! This isn't even a virus!". One time when I made an audio converter program, when I made it delete the old audio file. My antivirus saw it was ransomware. And I did of course get to restore it, since it wasn't ransomware. Sometimes an antivirus can get in the way of even the most normal stuff. But it's better to have one, than to get an actual virus or malware on your system.

@damnstupidoldidiot8776

Жыл бұрын

I can only think of rare cases when an antivirus would catch a malicious program that gets past me, and even in that case I'd probably think it's a false positive like it usually is and override it anyways. Don't think antivirus is necessary, gets in the way too much, and I don't think it can protect you from attacks that don't require user interaction.

An interesting note: I worked for a big company who used a mainframe as their password server: they only had space for 8 characters, it would not accept special characters, including spaces(!), and was not case sensitive, so good luck creating a secure password. Oh, and you had to change it every 3 months 🙄. I still have to occasionally use their system for financial information.

My KZread password hasn't changed in at least 10 years. It's a very long password. I've never been hacked. Now, I know why. Thanks for this informative video!

@Leonhart_93

Жыл бұрын

Not necessarily just because of that, it's just that Google didn't and shouldn't get hacked, potentially ever. If they don't have the best security in the world, then who would? Your passwords can always be attempted to be guessed in brute force attacks, but the databases can't be stolen by your average hacker attacks like with most other sites.

Last Pass is part of a data breach.

My favorite myth is that everyone needs a VPN. You only need a VPN if you travel frequently and/or have a high security job. There are reasons to want a VPN like accessing region locked content or get around content filters. Privacy really isn't a reason to use VPN because you'll still be tracked around the web.

Interesting video. One thing you didn't mention was sandboxing programs. I use Sandboxie,and have for many years. My browser and email client are both sandboxed all the time,and I have had no issues with malware infection. When I turn in for the night,I just delete the sandbox contents.

“never underestimate windows security”

Knew most of this but it was a very good reminder esp the security key, had not come across these, so thank you. Great video, thank you for putting in the work.

Nice summary. Thanks!

With regard to Virus Total - what happens to documents (e.g. docs, pdfs, etc.) you upload there? Are they retained on the site and would they then be available to others? If so one should be careful not to check any with sensitive information in them.

Very enlightening, thank you! A quick question: if my computer is frozen due to ransomware are my passwords at risk and will I still be able to access my cloud stored files from a different computer?