@osnikoThis was an issue in the XP days, where the whole filename and extension was selected, but since vista the name part is selected and you must manually move the cursor to the extension part.
I would argue it’s best to turn “ask me where to save each file” on because while it may be a little annoying, it will show you the file extension when you download it and it’s useful to ensure a site isn’t downloading files in the background.
The people that are most in need of watching this video aren't watching it. The people that are hyper-aware of virus/scams (me) are watching it. That's life.
@@chrisseal1467there also maybe file somexe.pdf that is actually an exe (som\u202Efdp.exe) with RTLO in filename, so showing file type in table view is a great tip.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
I'm fortunate I've never "accidentally" clicked or run an infected file and I've never been hit, personally, with a malware infection. Several of my friends have but I haven't. I think videos like this can really be helpful so thanks for posting!
The fact that you watched this video means you are not noob, so the probability of this happening to you is lower. You're not lucky, you're smart enough to use a pc unlike the majority of people.
Think before you click! And scan ANYTHING that you download from the Internet! Be paranoid about it, and opt for a guilty, until proven innocent stance! Works for me!
Worst thing Microsoft ever did was hide the file extension by default. Would that really have confused anyone? What they should set explorer to do is have all executable show up in an obvious contrast color or highlight scheme with a 'caution this is an app' identifier next to it. Make people look and go why is that highlighted like that.
@@ayoCCExactly!, the question then becomes if you and I can see this almost immediately multiple people at Microsoft must have as well. They then decided that, no were not going to implement this obvious and simple fix. My question becomes, why? There must be some overriding motivation to not do this, I just don't see what it could be.
Former game dev here. I've heard horror stories of my colleagues who think they're interacting with a potential business investor, open what they thought was a pdf to check the details in the proposal, and end up losing access to the only PC in the studio that has the one license key for a program that we needed to essentually make sure we can deliver the product on time. They did not make the deadline. Goes to show you should never put all your eggs into one basket. This is a good video to get us used to changing our mindset, and hopefully get rid bad habits of jumping the gun, clicking something we assume to be what it is. I personally use the "Ask to save" and scrutinize it. Way too many instances of saving an image preview, only for it to be a webp I have no use for.
Three things I like about your channel 1. Informative for both noobs and pros. 2. Ads placed at start or at the end. 3. Explaining things with an example with less distraction and without external softwares Interesting of them all using your sponsor to showcase your example
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Adding to this, you can also use the group by type function for files. adding that clear separation that you can collapse and expand at will is very helpful
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
In our country we got bear issues - picking up trash. So they are trying to develop better trash bins. There was an article interview with one of the developer when he was asked question why he just simply do not make more sophisticated mechanism. Here is his answer - you know the boundaries between the smartest bear and dumbest human is pretty narrow. In other words if I set up in our company group policy to show file extensions in few days I will have a dozens of tickets on IT people complaining they cannot open their powerpoint, excel or word document, because during renaming process they deleted file extension.
Windows gives warnings when you're about to change the extension, and in more modern releases leaves the extension unselected by default when you go to rename the file.
Anytime I have to log into a new computer, I always turn on file extensions. It's a habit from using DOS, I think.. It takes me 10 to 15 minutes changing all the settings from default - because I hate most of the default Windows settings.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Configuring windows explorer to show file extensions is the first thing I do after windows installation. Show type in the table view is also a great tip because of the RTLO attack.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
As somebody who's studied network security and as a web developer who makes sure client's websites are secure and had clients get hacked before, I can definitely say these simple steps are a great first line of defense. May hacks like the one that took down Linus Tech Tips last fall could have been prevented just by doing these simple steps.
Since you studied network security, let me ask you this. Can I block port 443 and 80 on router without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled? I am getting a lot of DoS Attacks on port 443 when I check router log.
@@pirateofpacific Ask your question to google like this "without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled can I block port 443 and 80 on router?" The answer for your particular setup will be on the list of options. (I think probably port forwarding is the answer, but best to see what you need.)
@@pirateofpacificdepending on what you mean by “block”. If you truly block all 443 and 80 traffic you won’t be able to use the internet. Decent routers should all drop the DDOS packets anyway. If you aren’t hosting anything on 443 or 80 you’ll have nothing to worry about.
Great video for security awareness! I just keep the "show downloads when a download starts" switched on so that I know when something is downloading when there shouldn't be anything downloading. Using this, I find out about the strange javascript downloads some sites drop on my computer. I've also been using all the other tips since a few years ago. I also scan files typically infected with malware like PDFs, Microsoft office files, and executables before I run them. Kept me pretty safe the past few years.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
file name extensions enabled is just in general a practical must for so many usecases. mostly to figure out what fileformats you are trying to open where or what they can, especially with photos or videos
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
2:05 This is why I dislike hiding file extensions...it makes it a bit more difficult to tell what the file type is at a glance. If you're not looking at a detail view that shows the Type column, this can be potentially confusing for an end user.
The only issue with removing the download prompts on an browser is if you have very poor internet connection, the user will not know if the download has failed and will not allow the user to have a chance to restart the download. On a legit file that is. Guess there is really no full proof way here. It also assumes that the user also knows the differences as well. An older person or person with very little computer knowledge will not know that difference. The true way is for the computer to be smarter than the individual using it with system policies and software that can prevent things like this from occurring. Still I do like some of the tips you provide here and thank you for tips!
I highly disagree with turning off "Ask to Save" in browsers. Not only can it show the type of file you are even saving, it also can stop random files being downloaded automatically if you happen to click a wrong link, since it now always tries to ask about the file, overall giving the chance of saving you from even having the chance to click the file to begin with.
Maybe turn it off temporarily if you're scraping a ton of files from one site real quick, but ftmp, the daily driver setting should be to ask for any downloaded file.
I can see why he's suggesting this, because it creates the habit of you needing to open explorer before opening anything, meaning you WILL see the extensionand the type for sure (which many non teccy people don't), but yeah it's never a good idea to not be able to stop something to be downloaded.
@@ArkenGAMES File extensions can be bogus. Gotta check the magic and default program for each file type. The fact that 30+ years later this is still a problem because of basic computer knowledge being too troublesome to teach (not really) is a problem yet everything being computerized.
Really useful, espeacially after I realized that just enabling extensions might make me even more vulnerable to tricks with rtlo characters in filenames
I’ve already learned all this the hard way 15 years ago, but I think every kid or teen should learn this before using a computer. Also getting an AdBlocker like ublock origin, an antivirus with realtime protection and shady website alerts like malwarebytes (and the extension), and knowing about fake download buttons on those crappy link shortener websites is also very important for them to know. Learn from my mistakes and don’t kill 2 laptops, and have to factory reset your pc at least 4 different times like I had to when I was younger.
I always set my machine to display extensions and file type and always View in Details. It really annoys me when LoseDoze changes it back to Icons or some other view for certain file types. It just wastes my time. {:o:O:}
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Some of these steps I've always done such as always open a recently downloaded file on windows explorer download folder. As I watched the video, I changed the view settings to show the extension. Very useful tips. Thanks.
The first thing I do when I sit in front of a new computer is go to file explorer >visualization options> activate - show hidden folders, units, and files, and deactivate - hide extensions+hide operating system protected files. Then I slap an usb drive in it, copy a word file into it and check the usb drive. Most viruses will immediately add their poison into the usb drive, sign of an already infected windows pc.
You check the extension but even if they change the type, try opening it up in notepad Notepad never opens it up as an application, even pdf's open up as a pure text file and you can look at the contents header and see a pdf type in the file with pdf version number etc. An application will open as a text file, and you can quickly see the data section of the file and the payload etc, and you can then exit and delete the file
Most important thing is that to make sure the computer mouse is functioning without any problems in its buttons because sometime if if you click one the file using your moue your mouse buttons got dirt between then there is a chance that you doouble clickj the file/application without noticing that you aleady did that, so the teporary solution is that you still can use your keyboard to move up/down with your arrow keys on your keyboard and when use your keyboard to investigate do normale task whether riht click or double click but with the keyboard capabilities, this will ensure that you don't make anyting wring by mistake to your pc.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
I've always had my system display file extensions and haven't been tricked into running mailware this way. I guess the reason why Windows doesn't come like that by default is because less experienced users can accidently change or delete a file extension while renaming a file, and not know what happened, or how to fix it.
it won't happen "accidently" cause explorer asks if you want to change a file extension. But yeah this might be a "security" feature for masses, just in case
@@ТоварищКамрадовСоциалистКоммун People rarely read warnings like that. It's not beyond the realm of probability that they're just going to click "Ok", and then wonder what happened to their file.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
I don't understand why people use icon/thumbnails, it is much faster to go through details. Since I have used detail view I had stuck with it for many years now. Never had an issue with any virus.
@@Sonario648 That's good. But for all the files if you use this view you will take time to search through when looking for something. You give a try for detailed view.
ABSOLUTELY SPOT ON ! i DO MOST OF THE THINGS THIS GENTLEMAN SUGGESTS AND THEY HELP!!! i LEARNED OVER THE YEARS BY MAKING A FEW BAD MISTAKES TO DO THE SIMPLE THINGS HES SUGGESTING ...DON'T YOU MAKE THE SAME MISTAKES AND FOLLOW THIS MANS ADVICE. THANK YOU!
The sad thing is that we used to joke about "Linkin Park-Numb.mp3.exe" 15 years ago, and apparently, it's still relevant. I guess that Microsoft didn't get the memo that hiding file extensions by default is a horrible idea.
And can a normal PDF include malware? For example, I usually open PDF files on the web browser by default (so the icon changes for the web browser icon instead the one showed in the video) but can I PDF, which displays content, still include malware? P.S. Thanks for the tips
Not sure if it's possible to have an infected PDF (with correct extension) but I think the icon of an EXE file can be dynamically generated (just like picture thumbnails) so the malicious executable could easily look up what is the default app for opening a PDF on your computer and set it's own icon to look exactly the same.
Or even have an exe files disguising as a .pdf file extension ? So windows tells you it's a pdf, but when you click on it instead of opening pdf reader it launches itself ? Are we really safer if we display the extension ?
Yes, it can. In fact, Adobe thought for some reason that is was a good ideia to add a scripting langauge to a PDF document (is is similar to JS). I will later add the name of the scripting langauge, because I don't remember right now. Edit: Adobe added actual support for JavaScrpit... 💀
scripts macros and like this are a huge security flaw for any office suit, as well as for pdf suit. Small correction: if file has a .pdf extention, then windows will ATTEMPT to open it with your default pdf reader. However your .pdf file may have some metadata which will open some more information about the file, and windows may automatically find a right way to proceed. Displaying the extension, and - not less important - the size, and other metadata will give you an idea about the file and might become an important signal about the way how to handle it. So answer is Yes, displaying extension, size, creation date, permissions etc are a sign of a good practice for file handling As for JS, and other scripts and macros, for most users it would be advisable to go through your office/adobe or other suits that you use and carefully look through all the security/privacy settings and disable/harden your settings. Disable JS by default. You will get prompt if your file asks to run the script. Disable internet access. You will be asked if file has a link or requires connection. And so on
Totally agree with viewing file extensions before opening new files. But I prefer to use the browser’s download window where it shows the file with extension and I can choose to view it in it’s destination folder before running it. Eliminates a couple steps. And I often like to see download progress and keep track of where file is going. Seems like the browsers have already addressed these issues.. with a couple less steps.
One of the advantages to being a computer user since the early 90s is that I was used to all those settings, and didn't like the new less secure defaults when Microsoft introduced them, so I've always changed them back out of preference.
Windows is actively screwing up users by hiding the extensions by default, I never understood the logic of it, it's too annoying! Every linux OS has extensions by default...
the fact that a malware attack happened RIGHT AFTER windows 95 turned off “show file extensions” by default and they DIDNT immediately switch it back is unbelievable
1. I ever have enabled the option details 2. I never save sensible files on the internal disk 3. I never open for me unknown files 4. I use as much as possible my - especially for bank account transactions - my Mac or my Unix-Based-Machine (with Mate GUI) ….yes I know Mac is based on Unix …I mean my dedicated Unix machine. 5. If I need to use my Windows PC I do the recommended security checks / updates as much as possible 6. If this is a file I need and still unsure safe or not - I transfer it to a special Notebook with minimal software equipped that machine I can re-build quickly Hope this will help as much as possible but I cannot close out my self to make failure too
This is very valuable. I use those settings for so long time I didnt even thought about it beeing a thing because thats just soooooooo basic things. I can also recommend to not use default browser with you critical logins. Use another browser
Bless all people that make the world a safer place. You never know when someone just wants to give back to others and give a helping hand. Life is harsh and those that suffered know it well.
If it's still on my PC at this time, which I would be quite surprised about having proper security software, I usually right-click and scan it with my security software. It's amazing that windows hides file extensions by default since two decades, it's an insanely dangerous practice.
I've always had file extensions turned visible on all my computers over the years, that's one of the first things I do on a new PC. Not only for safety but I also need to see that info quickly while working.
thank you, had me 2nd guessing all my pdf's, checked them and im good but i put these good prevention methods that i looked. and personally i missed seeing extensions in my old pc
I always have "ask me where to save each file" on. That way i can see what I'm downloading before it even downloads. One time i clicked on a fake link that automatically tried to download something, thanks to my setting i could prevent that from happening
I have a question Is exe file with pdf icon, same as pdf virus who infected linustech ? I heard the pdf not in exe extension, but literally pdf, open like pdf, but has malware inside it Second question Are Windows defender not enough ?
Most of these suggestions are equally applicable to MacOS machines. The fact that an exe file won't run at all is a bit an added advantage, and the OS does warn you if you double-click on a downloaded application.
This, in a nutshell, is why you should never open ANY e-mail attachments from unknown/unverifiable sources or from parties you do not expect to hear from. Delete them on the spot.
No, do not enable preview. The issues with Explorer and this "feature" are enough to set yourself up with triggering self-executing trojans. Enable detailed view defaults and have a little common sense when reading file types. It will carry you further than probably deserved.
preview does not execute any code nor does it visit links Literally all it does it does it read the file and display text and images Nothing more, nothing less If you see someone on ticktock showcasing some insane way to get hacked by previewing malware, its fake
YES, thank you !!! I'm forced to harass my entourage because Microsoft chose to hide by default the most important property of a file... Who the F complained about seeing extentions? Even if you're not tech savvy, you've probably heard that .exe can be dangerous, you alse probably know that a pdf ends with .pdf, but you probably don't take the time to go through every settings. Settings pages which are themselves increasingly fragmented and hidden behind layers of menus. This is so frustrating, we're talking about an issue that could be fixed in a few minutes !
Thank you so much for the tutorial. Yes, this was helpful and very easy for a non IT person to understand. My husband works for a company that’s been hit by ransomware twice. That had to pay up a good sum of money. Maybe it’s time they invest in a top-notch IT professional-if they can pry open the budget that’s been locked tighter than their servers!
Some day? This has been an issue since WinXP. That they STILL haven't fixed. A simple change to the default behavior(back to what it WAS) would fix this instantly.
PDF malware has become one of the leading causes of ransomware infections on PC’s. As an MS MVP (Most Valued Professional), I believe you have well addressed these most important fail-safe settings to prevent PDF malware infections. But I feel that the prompt in your browser to "Ask to Save" should remain enabled. I also use MWB pro (have for many years) and it is well worth the price.
I honestly don't bother with PDFs anymore! It's not just the security flaws, but the constant updates of software, like Adobe, which also makes my blood boil!
@@sdwoneIt's hard to avoid them, as they are basically used by almost everyone and are everywhere now. Adobe has become the Spawn of Satan to me with their Machiavellian subscription model.
Very informative! Took me a while to figure out you must be in Edge (not Chrome) to change the download settings. Just wish it had been clarified in the beginning. Thx for the info!
Turning on show file extensions for known file types should be the first thing done, along with details view, for Windows computers. And while Malwarebytes has made some improvements, I still consider it a secondary security app. Maybe it's because I've had the licenses for a long time, well before they went from a 'forever' license to subscription. They were lackluster back then, but I kept them installed because it can't hurt and heck it is free lifetime anyway. I use another product with it and so far so good. I've been on the internet since dial up, and before that, to BBS's and never had an infection but it's 90% knowing what the score is and following best practice and 10% luck. The rest is education of family members...
Running Linux here, teaching Windows users how to program and manage their files. This idea of hiding the file extension to the user annoys me no end. Pupils complaining about their hosts files not working (needed for some tasks in network programming) and the file browser hiding the fact that the name is actually hosts.txt. In Linux you cannot get rid of viewing the file extension, you cannot change the icon of the file, and you cannot run exes from the file browser!
3:54 Turning off "Ask me what to do with each download", which is off by default anyway, is a terrible advice. There are some sites that will initiate a download without you clicking "download" first and with this setting off, a browser just mindlessly accepts all downloads initiated by a website. A download should ALWAYS require a user's consent. You should have started this video by enabling File Extensions, rather than saving it for the end. That way, when a file browser opens a file picker/save window, users would see whether they are downloading a .pdf or a .pdf.exe.
Instinctively I always modified file viewing options on Windows Explorer to enable me to see the details of each file and sorting them by file type. Another option I always turn on as well is to show file extensions. Just these 2 modifications have been more than enough to avoid me falling for these pests.
Sorry, the entire premise is just wrong. If your big organization relies on individual non-technical workers to be paying attention every minute of every day to which types of files they open, as a deterrence strategy not to get infected, then you are dead lost already. Due to the law of large numbers someone will eventually be inattentive due to some kind of human factor: they were sick/sleepy/inattentive/having stressful family/personal relationship/stressful deadline issues that day and just clicked the infected file without giving security considerations a thought. Big organizations have dedicated security departments with dedicated enterprise security software to prevent exactly this scenario from happening.
I have been saying this for ages but Microsoft should enable file extensions by default on their crapy os. I don't care you don't use it or you screw something up. File extensions help users learn different file types early on and are just extremely helpful. Especially for windows 7.
If you use other file explorers, check if color filters can be applied to file types. For example, I use Dopus, and every executable file automatically gets a red background.
Or just or go to your downloads folder, click "sort", then "group by" and select "type". All items will then be grouped by file extension, regardless of having windows show file extensions on or off, and seeing a PDF, image or video file under applications should set the alarm bells off.
file extensions should be enabled by default, the fact that it is even an option is a major windows security flaw.
@osniko How can you expect such tiny little startup like MS to simply allow rename A file, not THE file. Of course they can't.
@osnikoThis was an issue in the XP days, where the whole filename and extension was selected, but since vista the name part is selected and you must manually move the cursor to the extension part.
File extension doesn't have to be at the end of the file ,it can be in the middle, like apdf.exe can be exepdf.a
I'm okay with it being an /option/, but it should be an opt-IN not an opt-OUT.
@@alphatech__ True. I think I have seen some do that, where they name it "totallynotsketchy.pdf.scr"
I would argue it’s best to turn “ask me where to save each file” on because while it may be a little annoying, it will show you the file extension when you download it and it’s useful to ensure a site isn’t downloading files in the background.
This is about not instinctively open it in your browser by taking away the button if you don’t you still can
browsers these days actualy warn you if you download exes.
Great suggestion
I have on not just for that but I don’t want to clutter my downloads folder. I only use it for exe. The rest go into other folders.
@@rizkyadiyanto7922 does it? I have only downloaded trustable exe so I have yet to see that error
The people that are most in need of watching this video aren't watching it. The people that are hyper-aware of virus/scams (me) are watching it. That's life.
Showing file extensions is the first tip I would suggest, it would immediately distinguish between the 2 files in the video
Yes, why is this not step one in the video. The rest of the things are unnecessary.
@@chrisseal1467there also maybe file somexe.pdf that is actually an exe (som\u202Efdp.exe) with RTLO in filename, so showing file type in table view is a great tip.
I don’t think he’d have a very long video if he did that.
I still found it useful, though.
And turning preview pane off..... it can execute malware jyst by previewing it
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
I'm fortunate I've never "accidentally" clicked or run an infected file and I've never been hit, personally, with a malware infection. Several of my friends have but I haven't. I think videos like this can really be helpful so thanks for posting!
The fact that you watched this video means you are not noob, so the probability of this happening to you is lower. You're not lucky, you're smart enough to use a pc unlike the majority of people.
Well you're obviously not reverse engineering enough malwarw
Send this to your grandma
Think before you click! And scan ANYTHING that you download from the Internet! Be paranoid about it, and opt for a guilty, until proven innocent stance!
Works for me!
@@sdwone virus total is a useful tool...
Worst thing Microsoft ever did was hide the file extension by default. Would that really have confused anyone? What they should set explorer to do is have all executable show up in an obvious contrast color or highlight scheme with a 'caution this is an app' identifier next to it. Make people look and go why is that highlighted like that.
Microsoft is owned by Israel, so nevermind clicking a pdf, if you're running Windows you're already infected with state sponsored malware
Wasn't it default in windows xp?
Could maybe show it separately or inside the file icon or recolored as well so that it pops out.
@@ayoCCExactly!, the question then becomes if you and I can see this almost immediately multiple people at Microsoft must have as well. They then decided that, no were not going to implement this obvious and simple fix. My question becomes, why? There must be some overriding motivation to not do this, I just don't see what it could be.
Directory opus does this, and sadly it is not cheap to purchase a license in some places
Former game dev here. I've heard horror stories of my colleagues who think they're interacting with a potential business investor, open what they thought was a pdf to check the details in the proposal, and end up losing access to the only PC in the studio that has the one license key for a program that we needed to essentually make sure we can deliver the product on time. They did not make the deadline. Goes to show you should never put all your eggs into one basket. This is a good video to get us used to changing our mindset, and hopefully get rid bad habits of jumping the gun, clicking something we assume to be what it is.
I personally use the "Ask to save" and scrutinize it. Way too many instances of saving an image preview, only for it to be a webp I have no use for.
holy shit gonna be careful next time.
Three things I like about your channel
1. Informative for both noobs and pros.
2. Ads placed at start or at the end.
3. Explaining things with an example with less distraction and without external softwares
Interesting of them all using your sponsor to showcase your example
I always found Microsofts idea to hide the extensions ridiculous, it was always shown in 95 98 and 2000 after all
That is the reason more of these attack are like this as normal users don't use the details view anymore
Most users don't know what it means anyway and they only get irritated
98 SE, hidden by default
@@tarwod1098 Nobody should use a computer without some basic knowledge.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Adding to this, you can also use the group by type function for files. adding that clear separation that you can collapse and expand at will is very helpful
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
In our country we got bear issues - picking up trash. So they are trying to develop better trash bins. There was an article interview with one of the developer when he was asked question why he just simply do not make more sophisticated mechanism. Here is his answer - you know the boundaries between the smartest bear and dumbest human is pretty narrow. In other words if I set up in our company group policy to show file extensions in few days I will have a dozens of tickets on IT people complaining they cannot open their powerpoint, excel or word document, because during renaming process they deleted file extension.
Sub 80 IQ barely functioning brain 😂
That developer (a smartest bear?) could write a renaming function which prevents to change a file extension or at least warnings about it
lmfao. the truth in this hurts
Windows gives warnings when you're about to change the extension, and in more modern releases leaves the extension unselected by default when you go to rename the file.
linux doesn't care it examines the header to determine the default app to use to open it.. but you can override it.
Anytime I have to log into a new computer, I always turn on file extensions. It's a habit from using DOS, I think.. It takes me 10 to 15 minutes changing all the settings from default - because I hate most of the default Windows settings.
Yes! And many other tweaks, such as resetting registry values, will speed up windows, allow me to reset file locations, etc.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Configuring windows explorer to show file extensions is the first thing I do after windows installation. Show type in the table view is also a great tip because of the RTLO attack.
And disabling preview pane, it can execute malware
@@samfkt Do you have any sources on that?
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
As somebody who's studied network security and as a web developer who makes sure client's websites are secure and had clients get hacked before, I can definitely say these simple steps are a great first line of defense. May hacks like the one that took down Linus Tech Tips last fall could have been prevented just by doing these simple steps.
Since you studied network security, let me ask you this. Can I block port 443 and 80 on router without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled? I am getting a lot of DoS Attacks on port 443 when I check router log.
@@pirateofpacific Ask your question to google like this "without affecting my ability to mange router from web browser on a local PC that has wired connection to router and wifi disabled can I block port 443 and 80 on router?" The answer for your particular setup will be on the list of options. (I think probably port forwarding is the answer, but best to see what you need.)
@@pirateofpacificdepending on what you mean by “block”. If you truly block all 443 and 80 traffic you won’t be able to use the internet. Decent routers should all drop the DDOS packets anyway. If you aren’t hosting anything on 443 or 80 you’ll have nothing to worry about.
@@pirateofpacific just send your login page to a defferet port
your videos put me right to sleep thank you so much. I haven't been able to sleep for the past three years and your videos fixed my sleep
Great video for security awareness!
I just keep the "show downloads when a download starts" switched on so that I know when something is downloading when there shouldn't be anything downloading. Using this, I find out about the strange javascript downloads some sites drop on my computer.
I've also been using all the other tips since a few years ago. I also scan files typically infected with malware like PDFs, Microsoft office files, and executables before I run them. Kept me pretty safe the past few years.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
file name extensions enabled is just in general a practical must for so many usecases. mostly to figure out what fileformats you are trying to open where or what they can, especially with photos or videos
Never ever open ANY file when extensions are hidden.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
2:05 This is why I dislike hiding file extensions...it makes it a bit more difficult to tell what the file type is at a glance. If you're not looking at a detail view that shows the Type column, this can be potentially confusing for an end user.
The only issue with removing the download prompts on an browser is if you have very poor internet connection, the user will not know if the download has failed and will not allow the user to have a chance to restart the download.
On a legit file that is.
Guess there is really no full proof way here. It also assumes that the user also knows the differences as well. An older person or person with very little computer knowledge will not know that difference.
The true way is for the computer to be smarter than the individual using it with system policies and software that can prevent things like this from occurring.
Still I do like some of the tips you provide here and thank you for tips!
I highly disagree with turning off "Ask to Save" in browsers. Not only can it show the type of file you are even saving, it also can stop random files being downloaded automatically if you happen to click a wrong link, since it now always tries to ask about the file, overall giving the chance of saving you from even having the chance to click the file to begin with.
Maybe turn it off temporarily if you're scraping a ton of files from one site real quick, but ftmp, the daily driver setting should be to ask for any downloaded file.
I can see why he's suggesting this, because it creates the habit of you needing to open explorer before opening anything, meaning you WILL see the extensionand the type for sure (which many non teccy people don't), but yeah it's never a good idea to not be able to stop something to be downloaded.
Yup. What OP(Nonya) typed
Yeah I am using Chrome and it always shows the file type. If that can be faked too I'm done for.
@@ArkenGAMES File extensions can be bogus. Gotta check the magic and default program for each file type.
The fact that 30+ years later this is still a problem because of basic computer knowledge being too troublesome to teach (not really) is a problem yet everything being computerized.
Really useful, espeacially after I realized that just enabling extensions might make me even more vulnerable to tricks with rtlo characters in filenames
The company who build my computer, must have seen your video. All settings where as you said. But thanks for making me aware.
I’ve already learned all this the hard way 15 years ago, but I think every kid or teen should learn this before using a computer. Also getting an AdBlocker like ublock origin, an antivirus with realtime protection and shady website alerts like malwarebytes (and the extension), and knowing about fake download buttons on those crappy link shortener websites is also very important for them to know. Learn from my mistakes and don’t kill 2 laptops, and have to factory reset your pc at least 4 different times like I had to when I was younger.
I always set my machine to display extensions and file type and always View in Details.
It really annoys me when LoseDoze changes it back to Icons or some other view for certain file types. It just wastes my time.
{:o:O:}
Preview pane should be disabled too
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Some of these steps I've always done such as always open a recently downloaded file on windows explorer download folder. As I watched the video, I changed the view settings to show the extension. Very useful tips. Thanks.
The first thing I do when I sit in front of a new computer is go to file explorer >visualization options> activate - show hidden folders, units, and files, and deactivate - hide extensions+hide operating system protected files.
Then I slap an usb drive in it, copy a word file into it and check the usb drive. Most viruses will immediately add their poison into the usb drive, sign of an already infected windows pc.
its insane that view file extensions not only isn't the default but that its even an option to hide it at all
You check the extension but even if they change the type, try opening it up in notepad
Notepad never opens it up as an application, even pdf's open up as a pure text file and you can look at the contents header and see a pdf type in the file with pdf version number etc. An application will open as a text file, and you can quickly see the data section of the file and the payload etc, and you can then exit and delete the file
no one's be opening or analysing file contents in Notepad. impractical & cannot be understood
You mean a hex editor? If were going through that route might as well use the proper tool
lol, the 2453678765435678 notepad haks that have been evolving since windows 95 would disagree lm
fao
05:10 This is my default folder view since windows XP, a long time i have reached this conclusion. People are so unaware of the risks! 😥😥
Most important thing is that to make sure the computer mouse is functioning without any problems in its buttons because sometime if if you click one the file using your moue your mouse buttons got dirt between then there is a chance that you doouble clickj the file/application without noticing that you aleady did that, so the teporary solution is that you still can use your keyboard to move up/down with your arrow keys on your keyboard and when use your keyboard to investigate do normale task whether riht click or double click but with the keyboard capabilities, this will ensure that you don't make anyting wring by mistake to your pc.
if you think thats gonna help youre crazy bro. windows IS malware
Great video, Id only be hesitant to enable preview files since in some cases it was used to launch the malicious file
I recommend change the setting of "File Explorer" to show file extension, and scan any file before open it using right click menu on a file.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
Great tips 👍 Thanks too for giving a short glimpse of Malwarebytes.
This is a nice reminder for me. Most users have no idea about shit that seems instinctive to me. I should share this channel with family...
I've always had my system display file extensions and haven't been tricked into running mailware this way. I guess the reason why Windows doesn't come like that by default is because less experienced users can accidently change or delete a file extension while renaming a file, and not know what happened, or how to fix it.
it won't happen "accidently" cause explorer asks if you want to change a file extension. But yeah this might be a "security" feature for masses, just in case
@@ТоварищКамрадовСоциалистКоммун People rarely read warnings like that. It's not beyond the realm of probability that they're just going to click "Ok", and then wonder what happened to their file.
Excellent advice - thanks! Have made these changes and tweaks. Must get into cast-iron routine with downloads.
Yes! These kinds of details for security are much welcome! Thank you!
These very basic tips are invaluable even for advanced users.
i can spoof the extensions in 10 seconds. also, windows IS malware, if you run windows, youre already selling your privacy, why even care about hackers?
I don't understand why people use icon/thumbnails, it is much faster to go through details. Since I have used detail view I had stuck with it for many years now. Never had an issue with any virus.
I use Icon thumbnail for images and videos that I've saved. It helps me know which image/video is what.
@@Sonario648 That's good. But for all the files if you use this view you will take time to search through when looking for something. You give a try for detailed view.
Excellent! Just subscribed. Everything makes total sense. Thanks
Thanks for posting this. :) Made a couple of the changes recommended.
Basic but gold. Thank you for your service.
Two other things, if you're really on top of things. Have a completely separate local account for admin rights & do not disable UAC.
you are right. he messed with UAC and also probably with MS defender settings
ABSOLUTELY SPOT ON ! i DO MOST OF THE THINGS THIS GENTLEMAN SUGGESTS AND THEY HELP!!! i LEARNED OVER THE YEARS BY MAKING A FEW BAD MISTAKES TO DO THE SIMPLE THINGS HES SUGGESTING ...DON'T YOU MAKE THE SAME MISTAKES AND FOLLOW THIS MANS ADVICE. THANK YOU!
The sad thing is that we used to joke about "Linkin Park-Numb.mp3.exe" 15 years ago, and apparently, it's still relevant. I guess that Microsoft didn't get the memo that hiding file extensions by default is a horrible idea.
Even with that many users will be fooled into downloading it without a check from the IT team.
Simple but effective ideas to make your downloads safe to open. Thanks
It's a small tweak but very useful and helpful to have the habit not to rely on thumbnails
Awsome video! I already had vew file extentions on as i am a software developer and i like that feture already. Nice tips!
you develop on windows? no wonder so many softwaare companies cant keep their corporate secrets secret
And can a normal PDF include malware?
For example, I usually open PDF files on the web browser by default (so the icon changes for the web browser icon instead the one showed in the video) but can I PDF, which displays content, still include malware?
P.S. Thanks for the tips
Not sure if it's possible to have an infected PDF (with correct extension) but I think the icon of an EXE file can be dynamically generated (just like picture thumbnails) so the malicious executable could easily look up what is the default app for opening a PDF on your computer and set it's own icon to look exactly the same.
Or even have an exe files disguising as a .pdf file extension ? So windows tells you it's a pdf, but when you click on it instead of opening pdf reader it launches itself ? Are we really safer if we display the extension ?
@@machintrucGaming No. That won't work. If file extension is indeed pdf then Windows will open it with whatever your default pdf viewer is.
Yes, it can. In fact, Adobe thought for some reason that is was a good ideia to add a scripting langauge to a PDF document (is is similar to JS).
I will later add the name of the scripting langauge, because I don't remember right now.
Edit: Adobe added actual support for JavaScrpit... 💀
scripts macros and like this are a huge security flaw for any office suit, as well as for pdf suit.
Small correction: if file has a .pdf extention, then windows will ATTEMPT to open it with your default pdf reader. However your .pdf file may have some metadata which will open some more information about the file, and windows may automatically find a right way to proceed.
Displaying the extension, and - not less important - the size, and other metadata will give you an idea about the file and might become an important signal about the way how to handle it.
So answer is Yes, displaying extension, size, creation date, permissions etc are a sign of a good practice for file handling
As for JS, and other scripts and macros, for most users it would be advisable to go through your office/adobe or other suits that you use and carefully look through all the security/privacy settings and disable/harden your settings. Disable JS by default. You will get prompt if your file asks to run the script.
Disable internet access. You will be asked if file has a link or requires connection.
And so on
Really good video, viewing file ext is a MUST.
I follow this guide each time i set up an employee laptop now - thanks
Totally agree with viewing file extensions before opening new files. But I prefer to use the browser’s download window where it shows the file with extension and I can choose to view it in it’s destination folder before running it. Eliminates a couple steps. And I often like to see download progress and keep track of where file is going.
Seems like the browsers have already addressed these issues.. with a couple less steps.
One of the advantages to being a computer user since the early 90s is that I was used to all those settings, and didn't like the new less secure defaults when Microsoft introduced them, so I've always changed them back out of preference.
This is brilliant I have learned how to protect and not accidentally open malware thanks
Excellent video and tips! Thanks for sharing
You can also group files by their type, there's a banner on top, separating the application from the rest of the PDF/RTF/DOC file or whatever
Another good video for malware security, thank you!
Windows is actively screwing up users by hiding the extensions by default, I never understood the logic of it, it's too annoying! Every linux OS has extensions by default...
When using windows....first, go into Control Panel -> Folder options -> Disable "Hide extensions for known file types"
when using wndows, understand that your entire OS is malware from a malicious company. then stop using it.
@@dgggghfhfhfg ok cope
the fact that a malware attack happened RIGHT AFTER windows 95 turned off “show file extensions” by default and they DIDNT immediately switch it back is unbelievable
That's just a coincidence. You think an average Joe/Jane blow would know what they are even looking at when it comes to extensions?
1. I ever have enabled the option details
2. I never save sensible files on the internal disk
3. I never open for me unknown files
4. I use as much as possible my - especially for bank account transactions - my Mac or my Unix-Based-Machine (with Mate GUI) ….yes I know Mac is based on Unix …I mean my dedicated Unix machine.
5. If I need to use my Windows PC I do the recommended security checks / updates as much as possible
6. If this is a file I need and still unsure safe or not - I transfer it to a special Notebook with minimal software equipped that machine I can re-build quickly
Hope this will help as much as possible but I cannot close out my self to make failure too
This is very valuable. I use those settings for so long time I didnt even thought about it beeing a thing because thats just soooooooo basic things. I can also recommend to not use default browser with you critical logins. Use another browser
Excellent tips, I will share this with my friends.
Bless all people that make the world a safer place.
You never know when someone just wants to give back to others and give a helping hand.
Life is harsh and those that suffered know it well.
Great advice, thank you for sharing.
If it's still on my PC at this time, which I would be quite surprised about having proper security software, I usually right-click and scan it with my security software.
It's amazing that windows hides file extensions by default since two decades, it's an insanely dangerous practice.
I've always had file extensions turned visible on all my computers over the years, that's one of the first things I do on a new PC.
Not only for safety but I also need to see that info quickly while working.
Very good basic tweaks 👍
File extensions by default is a thing, but also remove the large icons viewing mode. Who uses that ? It's like asking for malware.
Easier to make sure you hit the one you intend with large icons.
Thanks very much for this information. I’ve set up my PC accordingly.
Never look at files in large like that, always look at them in details.
thank you, had me 2nd guessing all my pdf's, checked them and im good but i put these good prevention methods that i looked. and personally i missed seeing extensions in my old pc
1:41
the one on the right is slightly brighter, very obvious on the red and the top right corner of the page where it is folded
I always have "ask me where to save each file" on. That way i can see what I'm downloading before it even downloads. One time i clicked on a fake link that automatically tried to download something, thanks to my setting i could prevent that from happening
I have a question
Is exe file with pdf icon, same as pdf virus who infected linustech ? I heard the pdf not in exe extension, but literally pdf, open like pdf, but has malware inside it
Second question
Are Windows defender not enough ?
Yeah, you can hide malware in files and as soon as they open, they also execute.
@@IIGrayfoxII windows defender cant detect it ?
@@PizzaInGameDefender is shit.
Plus any anti malware does not do much when you gave something PERMISSION to run
@@IIGrayfoxII may explain little bit ? Give permission to malware to run ? Like click the pdf ?
@@PizzaInGameYeah, opening a file is giving it permission to run since you told it to run.
Most of these suggestions are equally applicable to MacOS machines. The fact that an exe file won't run at all is a bit an added advantage, and the OS does warn you if you double-click on a downloaded application.
My gf reccomend me this and I'm surprised me and you both use an Asus brand PC, shout-out to her and you my good sir!
This, in a nutshell, is why you should never open ANY e-mail attachments from unknown/unverifiable sources or from parties you do not expect to hear from. Delete them on the spot.
No, do not enable preview. The issues with Explorer and this "feature" are enough to set yourself up with triggering self-executing trojans. Enable detailed view defaults and have a little common sense when reading file types. It will carry you further than probably deserved.
preview does not execute any code nor does it visit links
Literally all it does it does it read the file and display text and images
Nothing more, nothing less
If you see someone on ticktock showcasing some insane way to get hacked by previewing malware, its fake
@@sylussquared9724 Wrong
YES, thank you !!! I'm forced to harass my entourage because Microsoft chose to hide by default the most important property of a file... Who the F complained about seeing extentions?
Even if you're not tech savvy, you've probably heard that .exe can be dangerous, you alse probably know that a pdf ends with .pdf, but you probably don't take the time to go through every settings.
Settings pages which are themselves increasingly fragmented and hidden behind layers of menus. This is so frustrating, we're talking about an issue that could be fixed in a few minutes !
Thank you so much for the tutorial. Yes, this was helpful and very easy for a non IT person to understand.
My husband works for a company that’s been hit by ransomware twice. That had to pay up a good sum of money. Maybe it’s time they invest in a top-notch IT professional-if they can pry open the budget that’s been locked tighter than their servers!
Another awesome video. Thank you.
That is an amazing tips to learn. Should definitely inform our peers about these basic tips that could someday come in handy.
Some day? This has been an issue since WinXP. That they STILL haven't fixed. A simple change to the default behavior(back to what it WAS) would fix this instantly.
PDF malware has become one of the leading causes of ransomware infections on PC’s. As an MS MVP (Most Valued Professional), I believe you have well addressed these most important fail-safe settings to prevent PDF malware infections. But I feel that the prompt in your browser to "Ask to Save" should remain enabled. I also use MWB pro (have for many years) and it is well worth the price.
I honestly don't bother with PDFs anymore! It's not just the security flaws, but the constant updates of software, like Adobe, which also makes my blood boil!
Have you tried the other free, low bloat, pdf viewers on Google play store? @@sdwone
@@sdwoneIt's hard to avoid them, as they are basically used by almost everyone and are everywhere now. Adobe has become the Spawn of Satan to me with their Machiavellian subscription model.
This is an awesome video and very informative.
Very informative! Took me a while to figure out you must be in Edge (not Chrome) to change the download settings. Just wish it had been clarified in the beginning. Thx for the info!
Turning on show file extensions for known file types should be the first thing done, along with details view, for Windows computers. And while Malwarebytes has made some improvements, I still consider it a secondary security app. Maybe it's because I've had the licenses for a long time, well before they went from a 'forever' license to subscription. They were lackluster back then, but I kept them installed because it can't hurt and heck it is free lifetime anyway. I use another product with it and so far so good. I've been on the internet since dial up, and before that, to BBS's and never had an infection but it's 90% knowing what the score is and following best practice and 10% luck. The rest is education of family members...
Very good advice thanks. Should be taught to every new employee and all students and pensioners like myself.
Running Linux here, teaching Windows users how to program and manage their files. This idea of hiding the file extension to the user annoys me no end. Pupils complaining about their hosts files not working (needed for some tasks in network programming) and the file browser hiding the fact that the name is actually hosts.txt. In Linux you cannot get rid of viewing the file extension, you cannot change the icon of the file, and you cannot run exes from the file browser!
Awesome! Thank you for Sharing! 💯✴
Extremely helpful, thank you!
Thank you so much for such excellent videos
3:54 Turning off "Ask me what to do with each download", which is off by default anyway, is a terrible advice. There are some sites that will initiate a download without you clicking "download" first and with this setting off, a browser just mindlessly accepts all downloads initiated by a website. A download should ALWAYS require a user's consent.
You should have started this video by enabling File Extensions, rather than saving it for the end. That way, when a file browser opens a file picker/save window, users would see whether they are downloading a .pdf or a .pdf.exe.
Instinctively I always modified file viewing options on Windows Explorer to enable me to see the details of each file and sorting them by file type. Another option I always turn on as well is to show file extensions. Just these 2 modifications have been more than enough to avoid me falling for these pests.
Sorry, the entire premise is just wrong.
If your big organization relies on individual non-technical workers to be paying attention every minute of every day to which types of files they open, as a deterrence strategy not to get infected, then you are dead lost already.
Due to the law of large numbers someone will eventually be inattentive due to some kind of human factor: they were sick/sleepy/inattentive/having stressful family/personal relationship/stressful deadline issues that day and just clicked the infected file without giving security considerations a thought.
Big organizations have dedicated security departments with dedicated enterprise security software to prevent exactly this scenario from happening.
I have been saying this for ages but Microsoft should enable file extensions by default on their crapy os. I don't care you don't use it or you screw something up. File extensions help users learn different file types early on and are just extremely helpful. Especially for windows 7.
If you use other file explorers, check if color filters can be applied to file types. For example, I use Dopus, and every executable file automatically gets a red background.
Or just or go to your downloads folder, click "sort", then "group by" and select "type". All items will then be grouped by file extension, regardless of having windows show file extensions on or off, and seeing a PDF, image or video file under applications should set the alarm bells off.
Useful information 👍