How to Catch A Hacker In Your Computer
Ғылым және технология
Sponsored: Get 25% off Blinkist premium and enjoy 2 memberships for the price of 1! Start your 7-day free trial by clicking here: www.blinkist.com/thiojoe
In this video we discuss how to detect if someone is snooping around your computer, whether a hacker or anyone else. The first method is a cool service called "Canary Tokens" which lets you set traps or "canarys" that will send you an email if they are accessed. These can be files of various types, Windows folders, links, and many more. Then I show you a method I came up with, where if someone accesses a specific file or folder in any way (even copying it without opening it), it will trigger an immediate shutdown of the computer and/or disable all network adapters to cut off remote access. This method is done using the Auditing security features in Windows.
ADDITIONAL NOTES / UPDATES:
• Many commenters have suggested adding the "-f" (force) parameter to the shutdown command, which prevents any programs from blocking the shutdown. So I'll add that to the command below.
• Many commenters have also mentioned that the Windows folder canary token wasn't working for them, so it might not be very reliable
Commands for copying:
• Disable All Network Adapters ⇨ Get-NetAdapter | Disable-NetAdapter -Confirm:$false
• Timed Shutdown With Message ⇨ shutdown -s -f -t 30 -c "Your message here"
• Cancel Shutdown ⇨ shutdown -a
• Apply Group Policy Changes ⇨ GPUpdate /Force
▼ Time Stamps: ▼
0:00 - Intro
0:51 - An Excellent Thing
2:19 - Canary Tokens
6:26 - My Method
7:31 - The Steps
7:56 - Enable Auditing
9:58 - Task Scheduler Tasks
11:35 - Setting Actions When Triggered
14:29 - Event Viewer Log
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Пікірлер: 553
Sponsored: Get 25% off Blinkist premium and enjoy 2 memberships for the price of 1! Start your 7-day free trial by clicking here: www.blinkist.com/thiojoe
@artembon0
Жыл бұрын
Bruh
@Jacob9335wastaken
Жыл бұрын
I think I just might!
@TheOneAndOnlyEpicStick
Жыл бұрын
3rd
@dertythegrower
Жыл бұрын
Good work, Joe 💡
@ItsRobbeh.
Жыл бұрын
"that dang thio Joe always exposing me" 🧔
The hacker watching me watch this video :
@MalieDon
Жыл бұрын
That's me rn💀
@tcmine
Жыл бұрын
@@MalieDon 🤨
@virtual2288
Жыл бұрын
@@testvideos4837 I mean the computer itself. I don't even have a webcam on my monitor... Who even has a webcam with their PC. And even so just put it in the wall and bring it out when you need.
@Redo-it
Жыл бұрын
@TESTVIDEOS I have a web cam that pops up when I click it
@0AThijs
Жыл бұрын
@@testvideos4837 🤯
The folder trick made me laugh, one guy who annoys scammers had a folder called “nudes” the scammer took a look and it was naked mole rats 🤣
@trog871
Жыл бұрын
This implies that mole rats wear clothes...
@nubidubi23
Жыл бұрын
Kitboga :))
@I.____.....__...__
Жыл бұрын
I've seen a different scam-baiter have a similar folder full of photos of Indians. I think it was Lewis or one of the other ones that stopped baiting a long time ago. 🤔
@itsmanasK
Жыл бұрын
Oh yeah clicking photos of naked rats is absolutely immoral.
@Windows7-fz3ws
10 ай бұрын
bro u actually got scammed 💀
Another trap potential: an autohotkey macro. You let the script run while you AFK, and if any button is pressed except the one specified, another script runs.
@-El.Inexperto
Жыл бұрын
uh i like it!
@walksanator
Жыл бұрын
So basically a "temp lockout" where if any key except the disable key is pressed a action occurs
@Lofote
Жыл бұрын
I don't get this trick however... why not just using Windows password and lock the computer when leaving the computer via Win+L or something like that?
@Amonimus
Жыл бұрын
@@Lofote This video is about when that level has breached (or not set up). Maybe you just forgot to log out, someone has guessed the password, or hacked into remote desktop. Naturally, people normally wouldn't let others get to their computers, but there are additional ways to make it completely unusable to anyone beside you.
@lastchance1036
12 күн бұрын
Make it F13 😉
Hackers watching this: 💀 Edit: Guys stop liking this my notifications explode.......... (Btw yes, my comment has 10x more likes than the creators lol)
@oye4103
Жыл бұрын
💀
@CraftBlack
Жыл бұрын
💀🗿
@Stormie21
Жыл бұрын
💀🗿☠️
@lauriekimani
Жыл бұрын
Now we know....
@yashkulkarni718
Жыл бұрын
Fr fr 💀
6:39 A way to effect group policy editing changes on a Home edition is to do it on a Pro/Enterprise/Server version then go to the registry and export the policy that was set, copy the exported .reg file to a Home version and then merge into its registry.
@QuorraPlays
Жыл бұрын
Thank you for this. Will definitely try it out next time I need it.🤯
@Valorshine
Жыл бұрын
You can "hack" home edition and add group policy to this version of windows
@vnc.t
Жыл бұрын
@@Valorshine yes
@I.____.....__...__
Жыл бұрын
@@Valorshine Indeed. It only takes two lines of code and doesn't require downloading anything, the files are already present, they just need to be installed. Almost like using the "Windows Features" dialog.
@nuchemweinstock9978
Жыл бұрын
You can also enable auditing by running the following commands as administrator Auditpol /set /subcategory:"Detailed File Share" /success:enable Auditpol /set /subcategory:"File System" /success:enable Auditpol /set /subcategory:"Detailed File Share" /failure:enable Auditpol /set /subcategory:"File System" /failure:enable
It would also be useful to set up a trigger for if anyone tries to change Group Policy, as smarter malware might mess with that before copying anything.
Simply don't leave your computer unlocked. Create a desktop shortcut to immediately lock the OS and use it. You can even create a script to not only lock the screen but to display a fake background of some kind of work/development taking place to throw off the nosy busy bodies.
@FusionDeveloper
Жыл бұрын
Hahaha, that reminds me of a prank I did on my friends computer (while he watched me do it, so it was just for laughs) where I took a screenshot of the desktop with all the icons and then used photo editing to mildly warp the screen/icons, then set that as the wallpaper. Unfortunately, I didn't know the computer was used by other people and another person called their tech support friend to troubleshoot the problem with the distorted icons. Of course the normal looking icons were on top of the distorted ones, but it still looked messed up.
@SKCro.
Жыл бұрын
Even better, use WinKey+L to instantly lock your computer. If you get into a habit of using it every time you walk away (and have bitlocker enabled), you'd have yourself a pretty secure PC :P
@AltonV
Жыл бұрын
With dynamic lock in windows you can pair your phone with bluetooth and have the computer automatically lock when the phone gets disconnected
@Lofote
Жыл бұрын
Exactly. Btw there is no need for a lock desktop icon, just use Win+L on the keyboard :)...
@CesarPeron
Жыл бұрын
@@Lofote Better to set it to activate the screensaver automatically after some downtime, it is much more user-proof. At least in 2 minutes, the session will be blocked.
Thank you. This is definitely bookmarked in case I need to use it and follow the instructions closer. Really appreciate your time in making this.
Here's an easy-to-make "silent alarm" type of trap: Make a shortcut to a batch script that looks like a folder, and make that batch script write a file somewhere or otherwise alert you, then open the folder as normal. I dunno how to make CMD run silently though. You could also pull a prank and make it do the shutdown command instead, preferably with a custom message :P
@wojtekpolska1013
Жыл бұрын
"I dunno how to make CMD run silently though." just add " @echo off " at the start of a .bat file
@IsaacGeorgeYT
Жыл бұрын
That stops the command being entered being shown, im pretty sure @SKCro wants to hide the CMD window entirely.
@wojtekpolska1013
Жыл бұрын
@@IsaacGeorgeYT nope, it hides the cmd prompt aswel (if echo off is at the very top)
@IsaacGeorgeYT
Жыл бұрын
@@wojtekpolska1013 not if there’s echo output though, right??? When I start my mc server I have echo off but I still get console output
@SKCro.
Жыл бұрын
@@wojtekpolska1013 That just hides the output, it doesn't hide the command prompt window itself. I guess I could configure it to run minimized but 1) they might notice the taskbar icon flash, and 2) it might start the explorer window minimized as well.
Windows will cache icons so the folder token probably stopped working for that reason. I imagine the idea is once it's triggered once you don't necessarily care if you miss subsequent triggers, so it's fine if the icon cache causes it not to retrigger. Keep in mind auditing is off by default as it tends to slow down file access. So this may not be the best solution depending on your hardware. That said if you set it up for only specific files you're probably ok. Also keep in mind as you said lots of applications have legitimate reasons to sneak a peak at arbitrary files, but this extends beyond the search indexer. For example AV scanners, Windows Explorer trying to generate a thumbnail, etc so audits may not be as useful as you might think.
I think every Group Policy setting can be changed directly in the registry if you know where, regardless of whether you have Home or Pro versions of Windows. So that might be worth looking into for anybody stuck with Home.
Canary token can also be used for defenders and security professionals because they can use to lure attackers into revealing their presence or actions. great content!
Thank you. Very clever traps and alerts using Windows files and folders.
I do have to say I'm so glad you got away from troll content, as much as I loved it back then too, to something so much more useful overall to everyone. Definitely seems like a good pay it forward!
excellent video! this is all great information to have and I would love to learn more about what I can do with task scheduler!
My message for the shutdown would be something like "Warning! the self destruct sequence has been activated. The computer will explode in (seconds)
Your channel got a shout out by Linus Tech Tips Well done and well deserved because of your excellent content
Good ideas, thanks for this info.
Hello Joe. Thank you for all the great tips!
Thanks for the in depth info. Will refer back for reference. 👍
Thanks for the video on auditing file access.
So this could help solve a very niche problem where I want to log every time a computer opens edits or changes ANY file and save the result to a .CSV file (yes I'm aware this would create billions of entries) I've been trying to narrow down what a malware is doing - and logging everything it touches is very valuable.
That is really useful. I was wondering if something could be similarly made for USB Drives, where it can log whoever accesses the drive, whether on the network or outside. Maybe even stopping access entirely?
wow great video keep up the awesome work👍
Thanks for this information!
@ThioJoe I'm still going to like the video cause I do. I'm just upset that you just NOW made this video. This should've been your 1st video. Great information
Nice - big shout out! THX!
Pretty cool ! Thanks for the video !
Great video! I'll actually setup this honeypot, it seems very handy
Now thats an actual reason to consider getting the Pro Versions of Windows
@DFPercush
Жыл бұрын
pro gives you the nice management console gui, but you can still do all these things from cmd/powershell and registry if you have a good reference handy. Some people in the comments are saying it's possible to install those features even in home, might want to come back and browse the comments section again. I will say though, when I did buy Windows I always bought Pro, but after all the BS with 11 I'm just done.
@internetdoggo4839
Жыл бұрын
Microsoft-Activation-Scripts. look it up
Saw this tech on a another tech KZreadr channel. Still gonna watch it anyways !
If a hacker gets access to your machine and lists files not via RDP session with GUI but via some API calls or command line - the "token" won't be triggered, because there will be no showing of the icon. So it's rather unlikely this "token" will help you to know when you've been hacked - let alone CATCH the hacker.
This will be interesting to experiment with
nice and helpful, this is something new, this is has give me a nice use case
Thats a good idea 💡 thanks 😀
Cool! Does this work if someone runs a command like tree, or indexes a list of file names on the computer using a Python script, for example? Or does it just trigger when the file is directly read?
this is good.. thank you! 👍👍
Interesting video. Quite a bit new stuff here 👍🏽
Many thanks for this video. Highly informative. Actually there is a way to add group policy editor to Windows 10 & 11 Home Editions which I came across and it works like a treat. As I have Windows 11 Home, by installing group policy editor as a batch file, I was able to undertake all the steps you outlined in this video. Thanks again. I feel more secure knowing that if a hack took place, I have a good chance to stop the hacker in their tracks.
Theo dropping the heat 🔥
Awesome video
The enable auditing one allowed me to make failed logins make a loud noise play, thanks
I think there's got to be a way to just make an EXE, VBS or whatever just be associated with a different file extension and icon. So it could appear as a folder, but it's actually code that runs and you could make it do whatever you want. This is actually a sketch thing though cause malware could potentially use the same idea.
@gabrielloredodematosfelix7807
Жыл бұрын
That only works with people that have the setting disabled, and if the person is acessing your computer, probably they know if they have extensions enabled, and they will probably check if it's actually a folder(and if they see it in explorer, it will appear as X.exe)
@joeshmoe000
Жыл бұрын
@@gabrielloredodematosfelix7807 Maybe, but I'm wondering what would happen if you went in the registry and made a new file type, copy the folder file type data into it, and copy only the action part from the EXE file type. Now because folders never have a file extension, it would get hidden regardless of that setting, but it would run with the action of an EXE. It might not work, but I might try it sometime. I just don't want to completely mess up my system.
@Biggerman159
Жыл бұрын
@@joeshmoe000 siiiiiiiiiick
So you just monitor an action on a file. Anyway, the idea is interesting . Thank you for this video
Your method is so smart! Out of curiosity, is there any real reason to shutdown the computer as opposed to just disabling the network adapters? Especially if you're likely to restore a backup anyway? Seems like false positives would be less annoying if all you have to do is reenable your network when you ascertain why it happened through event viewer.
@trueriver1950
Жыл бұрын
Shutdown stops the malware doing any more local bad things it has on its to do list. However, with fast start, you might restart the malware on start. Ideally you want a full shutdown without any of the fast start stuff...
Damn helpful.
Thanks TJ~
That is really cool wow =)
Here's an idea for unattended machines... Upon trigger, using powershell, add firewall rule that blocks all incoming/outgoing traffic, wait X minutes, then disable the rule...
@Lofote
Жыл бұрын
Or just disable the network card via PowerShell :)... No need for firewall rules.
@eliotcougar
Жыл бұрын
@@Lofote If you do that, you may lose all the custom non-persistent routes you may have added using route add commands on that network interface...
You don't need group policy. If you know programming you can simply subscribe to file events and then you can get your custom code called every time something happens. Kinda like Process Monitor by Sysinternals but write it yourself.
I love ❤ this saga! Thanks joe,You are our antivirus 😂
I don't know if you have a trojan virus and you want to remove it then the trigger activates, right? I think this will be a problem, because it will trigger it always when you turn up the pc (especially for shutdown task)
@DFPercush
Жыл бұрын
That's when you boot into safe mode, or in extreme cases mount the partition offline and use dism or a live linux cd. But it only triggers if the trojan tries to access that same file again. It might, or it could take a while. Removing the trojan file wouldn't by itself trigger it, and anyway it's best to remove things when they aren't running.
Very interesting.
Policy editor way and task schedule working is based on that Windows be running, booting with external OS will bypass that.
Can you make a method which doesn't require group policy editor though for people without pro editions. This is some very cool stuff which I would love to have on my laptop
I have set this up to trigger a batch file that creates a log file with a snapshot of the active network connections with PID and a snapshot of active process.
Very good .. how about you doing a blank desktop file without a name .... to hide these great tools, trick and more.
This is very cool
Hi joe!!
good job
thiojoe against the malware
My PC automatically turns off wifi when it goes to sleep, so hackers can only access my pc when it's awake and I'm on lmao
this is very interesting.
This was VERY helpfull. Thanks ThioJoe :)
3:16 if you pause and use the keys right to the right of the space bar and next to the ? key you can see the token lol
I do have a question. I noticed that my file will get triggered whenever a a gpu driver installs, a windows install or anything like that happens. Its a little sketchy to think that they are interacting with a txt file I have on my documents folder. Anyone have any clarifications or similar experiences???
Hey there... I don't understand, why you use the Group Poilicy Editor. Just edit the security of the file or folder itself, unter Advanced there is "Auditing". No need for any group policy. Group policies are there to deploy things over a complete domain, i.e. all computers in a company. Also this all should work with Windows Vista and after, because while Windows NT had auditing since 3.1 in 1993, the scheduled task being triggered by an event was added in Windows Vista.
I will use it to fix..... this --> "What do you mean a file is in used? I closed everything. I said safely remove hardware! Again WHICH FILE IS IN USED!??". (I know, Windows said you "don't need" to do it but it still give me peace of mind when I saw my spinning disk external HDD's light goes off before I unplug it.)
Hey Joe! I have gotten a ton of adds for apps that pay you for paying games, can you go over those?
On Linux you can take it as far as creating a custom service that encrypts your entire hdd with a public key if a file is accessed or some other conditions are met
@ascensionunlimited4182
Жыл бұрын
Anti ransomware ransomware
@sarpkaplan4449
Жыл бұрын
@@ascensionunlimited4182 ransomware can just encrypt it agaim
I would add a -f to the shutdown command in case something has been launched that interrupts normal shutdown.
Which Screen Recorder do you use my fellow Content Creator Your Video are Damn! Crips when you Pan Or Zoom them
I wound up in a shutdown loop, I had excluded the directory from indexing and from antivirus, but my PC was still shutting down within 5 seconds of booting, luckily gave me enough time to shift restart into safe mode to strip the task from scheduler and regedit. Wonder what was trying to access it...
@Lofote
Жыл бұрын
Maybe backup program? Or Dropbox, OneDrive or anything mirroring it to the cloud?
@PiesekChlebek
Жыл бұрын
i cant access task scheduler
@dontkillmejay8570
Жыл бұрын
@@PiesekChlebek you have to delete the task item from the sys32 directory it is in and also remove the regkey in safe mode
Most competent intruders are going to be using Powershell/SSH and not moving your mouse or using the Explorer GUI
@gblargg
Жыл бұрын
The second approach should detect this.
@CigsInABlanket
Жыл бұрын
Still works.
@internetdoggo4839
Жыл бұрын
This is defense-in-depth. Of course there's a way around it, but that doesn't mean it isn't worth implementing
@CigsInABlanket
Жыл бұрын
@@internetdoggo4839 Use the URL token, and have powershell request the url in the task scheduler. If you give a folder the same auditing perms as you would the txt file in the video, it will trigger as soon as someone tries to list the directory for the folder within powershell. Once you lock the task scheduler, the only way around it, far as I'm aware, is if they don't go into that folder.
@lower_level_gee-mah-tree-ah_TV
Жыл бұрын
So is it normal to have a ssh shell open port on a tp link router from wal mart,? Port 22 and 80 is open , and a random device keeps popping up on the fing app that says iphone 5, and iphone 7 same device , how can there even be iphone 5 and ,,7 same dam time , but nobody on the network has a iphone and for the life of me, can someone please go indepth with the iocs of this parent monitoring spyware Bs, my location seems like there is some kinda beacon some where that keeps sniffing every new device I get and side loads 300 something apks of B's that just spanks all my permissions to hell and back , samsung had 500 apps , and android forums flat out lie, why can't normies actually get any help with this bs,
the /force flag for gpupdate doesn't really do anything here, since all it will do is force all existing policies to also be re-applied, but gpupdate on it's own would apply the new policy you just made, all you are doing is increasing the processing load on your pc if you have other configurations enabled
great info dude... keep it comming.... ;-) 👍👍👍
If a hacker got into my pc, he’d be greeted by 20year old games. 😂
YAY NEW vid
If you just do the shutdown -s -t 4 -c "blah blah blah" it might take awhile for the computer to shutdown as it doesn't force close all the programs. My way to turn off the computer is to include the -f argument as it forces everything to close with no notice, so the command would look like : shutdown -s -f -t 4 -c "blah blah blah". Which will force all open programs to shutdown and speeds up the process allowing even less time for a hacker to do anything.
@KeinNiemand
8 ай бұрын
Also just use -t 0 zo just instantly shut down
best channel
My Task isn't triggering! It shows up on Event Viewer, and it's logging everything well, but cmd doesn't open up when I access the file. I've followed the tutorial 4 times now, restart from scratch every time, and the event viewer logging works, but the Task Scheduler isn't really working well. The History tab is empty in the task scheduler too.
@ThioJoe
Жыл бұрын
A couple things I can think of. Have you selected the option to "run whether user is logged in or not?" Because if that is selected, for some reason the Command Prompt window will not show even if the "echo" command is run. It will only run in the background. If you're just testing things out and want it to display the window to know when it's triggered, change it to "Run only when user is logged on". As for the history tab, you have to actually enable the tracking of history, so perhaps that isn't enabled. To enable event history tracking, at the top bar of the Task Scheduler window, click "Actions" and look for "Enable All History Tasks" and click that. Now it should show event history. Be aware though, this seems to cause lag on the computer when it is triggered, so probably only enable it for testing. Hope that helps, let me know if that solves it.
Don't try it with folders!! I don't know why but for some reason it executed the code everytime my computer restarted. It was a problem since i had it to shutdown, so i couldn't access computer and needed to use my bootable linux to fix it. It wasn't hard to fix i just needed to delete the files. Then i made it with a txt and it worked like a charm. I also did that it text you an SMS message every time you open the file(i did it with nexmo, but there ar others posible candidates). Great video just don't do it with folders or at least don't do it with shutdown task.
Oh man that thumbnail made me laugh so hard.
Interesting features I wasn't aware of. However I don't think this is too useful in catching hackers. I find it way too unlikely a hacker would open your trap file, and even if they did, they'd already caused you a lot of other damage by then. When you start your computer again, the hacker would continue where they left off, this time being cautious about your trap file. However it's likely you or the system will fall to your trap yourself, causing you even more damage, trouble, and loss of work. So I just don't find it worth it. Nice idea though.
@EQ_EnchantX
Жыл бұрын
Naming the folder something important like Crypto Wallet might cause a crypto wallet stealing virus to trigger the trap which could disable the internet and shutdown the computer and than warn you of such allowing you to fix it. Also if a hacker had remote access to your computer, they would most likely scan the hard drive to see what was on it, thus triggering the trap and disabling the network adapter causing them to be disconnected hopefully before they cause irreversible damage.
@thepolishtech1552
Жыл бұрын
@@EQ_EnchantXespecialy if you put it on the root directory of C: for it to act the fastest
lol i love that thumbnail
thiojoe goated
Thank god i finally watched this video.
I'm pretty sure your method works on previous versions of Windows as well, for example, Windows 8 Pro and not just Windows 10 or higher.
@Lofote
Жыл бұрын
Windows Vista or higher has those scheduled tasks depending on events.
The video on group policy editor is helpful if the method requires the group policy editor.
A similar technique used to be used in emails by both malicious actors and advertisers to effectively get read receipts on their emails. Ever wonder why image loading is disabled by default? Because by loading that image you're sending a signal to their servers.
Interesting thing that you're not using -f flag for the shutdown command...
Joe i'm very interested in your big things on secret computer , thank you
Does it also trigger when you access another hardlink to the file? 🤔
ThioJoe, Why do you not use audio tracks anymore?
what about intrusion detection software, like Tripwire? Also anti virus that detects keyloggers or screen/video capture viruses?
The scenario that immediately popped into my mind is accidentally triggering a shutdown loop. Say for instance that you didn't realize that a particular file is accessed on startup and that file triggers shutdown. Now just by booting up, you trigger the shutdown sequence. Could you fix that if it happened? Would booting into safe mode work?
@PiesekChlebek
Жыл бұрын
i got that problem
@itsmanasK
Жыл бұрын
@@PiesekChlebek So how did you fix it?
@itsmanasK
Жыл бұрын
Thanks bruh..I was about to set this up but after reading your comment I've changed my mind
@PiesekChlebek
Жыл бұрын
@@itsmanasK safe mode
@itsmanasK
Жыл бұрын
@@PiesekChlebek Genius 🧠
How do I know 100 % sure, that my PC is malware and virus free ? Thanks
@ThioJoe
Жыл бұрын
I suppose there is no way to be 100% certain unless you do a format and clean install
@RADIS370
Жыл бұрын
@@ThioJoe Not true.
@jmtradbr
Жыл бұрын
I'm on your system32 👁️👁️
@LazyGigolo
Жыл бұрын
@@ThioJoe OK, then 95 %....
@DFPercush
Жыл бұрын
Get any decent virus scanner, reboot into safe mode and run it. Even better, if you can boot from another partition or live cd/usb, run it from there. Just be sure to update the definitions. Offline scans like that prevent the malware from intercepting the file read operations and are the best way to detect root kits. Many years ago, McAffee had a boot CD called Stinger that you could boot from and scan your pc offline, I don't know if they still do that. Problem is it also detected pirated copies of Windows so we students had to figure out a way to spoof the results. XD
windows update seems to crawl the desktop files, do you have a solution for excluding the folder/file?
Eh, I dunno if I trust a third party website to automatically run an untrusted DLL for that canary thing. That seems like a recipe for disaster. Even if you currently trust that company, what if they sold off to a shadier one that doesn't respect its users? They could run cryptomining software on your box or worse.
@erikhicks07
Жыл бұрын
Good point. Not only that but they're effectively tracking your usage/location. Which is probably why they're offering it as a 'free' service.
@DFPercush
Жыл бұрын
I don't think it actually executes any code from the dll, the dll is just a resource container for the icon. Although it does seem a little suspicious that they wouldn't just use an .ico file.
@Anonymouzee
Жыл бұрын
intrusive strategy... they can refactor the .dll anytime... :-) if it was "baloon.dll" i'd be suspicious... ;-))
@erikhicks07
Жыл бұрын
@@DFPercush A malformed DLL might buffer overflow or exploit some other vulnerability.