This video shouldn't be *misinterpreted as advice not to use any firewall* especially if you're using a laptop and connecting to random Wifi networks. Also, since everyone is asking why I ran the sample in a Win 7 environment (yes, this happens the same way in Windows 8/10). The purpose here isn't to bash Windows Firewall. It is a demonstration of the problem with a security model relying on the firewall on the same system the malware is executing from a cybersecurity perspective with real backdoor example.
What the hell is this about? This setup can only work if the user you run this under has actual admin rights... and if it does then ANY solution is purely gimmick. What are you trying to teach here other than you not being aware of what an administrator is...? Please upload another video doing the same procedure but with the user being an actual user... And yes, UAC / Admin will stop this kind of bs - and if it did not (due to other exploits stacked, privilige escalation issues etc.) then ALL other solutions aside from a hardened and unexploitable (lol good luck) hardware firewall with DPI and other layers on top will not stop the threat either. So in summary your video says: basic threats will be dealt with unless you're being hacked by the FBI - and if you are... well... nothing will stop the attack. In the worst case people will just visit you, smash your teeth in and kindly ask for the password again. Get REAL.
Honestly the firewall doesn't make that much differnce on a local LAN. It's more for hosts on the public internet that are being continuously scanned for vulnerabilities. You could very well disable it and it wouldn't make any difference. You are already behind a NAT firewall, your home router. And the host-based firewall in windows is designed for programs that run with administrator privilges can create exceptions for itself.
So don't use an account in the Administrators group for everyday use? Then malware running as that user won't have the elevated privileges to run netsh and compromise the Windows firewall. Am I correct on this point? Of course, an (additional) external firewall is still preferable, but on a mobile device, you have to use what you've got available.
However, everyone with private desktops and laptops are kinda screwed. I think he used administrator to demonstrate the market consumer average when it comes to Windows usage, which are often the common home usage Windows.
@@psychcisco then they should also have the operating system labelled. As well as installed updates and OS versions. And really, it shouldn't need to be said. Every laptop in the world is sold to automatically set up your primary account as an Administrator, and every PC is preferably set up as one. And this is primarily a problem caused by user account control, antivirus and firewall permissions. If you're currently running a non-administrator windows, I have no idea what you're doing
I used to have deep freeze but the problem is it burns out the read and write of HDD platter disk in the long run but good against virus that overwrite the system very effective, if you know how to use it, just dont use a virtual disk as a storage, use a second physical drive,
If uac is turned off and the user is silly enough to have their account run as admin or if the uac did pop up and they clicked yes when they initially launched the file
Yes it's a domino effect when the user runs at all times as local admin with UAC off. In this case using Windows Firewall is the *least* of security concern. Interesting walkthrough a Trojan but I dont get the point of this video and may be dangerous if viewers misconstrue this as turning WF off!
People usually just elevate the original malware executable without checking what it is when they run it initially. After that there's no more prompts because it has access.
please make more videos about malware analytics techniques , and it will be much better if you make a series from beginner to advanced. your channel is really great thank you
UAC was supposed to protect against that. But people kept complaining about annoying prompts so Windows made the default security level for never OSes "medium" which doesn't ask about built-in programs running with Admin priviledges. Instead they now use safe screen stuff that looks a program trying to run on up on the internet to determine if it should display an additional prompt. Basically just turn UAC to high first thing on a new PC and never have an issue like the one displayed.
You are testing your assertion using Windows 7 32-bit, which has entered end-of-life Jan-2020 and has not been receiving any meaningful updates for quite some time. It would have been more relevant if you run this experiment on an up to date Windows 10. Then see that the assertion you make does not hold true, at least for this test.
Since more and more people are running smartphone devices, I was just wondering if you could make in the future a video about Antivirus software for Android/iOS?
@Dex4Sure well.... There was some instances were devs put malware and bypass Apple/Google protection. And don't get me started how many times ios users were attacked by hackers using exploits.
@@БрухБрух-щ7и Yeah and its been real bad recently for android anyways... ( it's almost like google don't give a **** ) I don't know too much on apple as I don't hear as much about them. ( side note . . I'm not a fan of Apple and their crappy broken products ... Customer: Something broke/ not working? Apple: Buy a whole new computer )
So, I've just never heard of that site until this video. It's very interesting to see what it can do. Are there any other sites of this type that you are aware of? Maybe you could do a video on such sites which you think are beneficial to people interested in cyber security. Thanks.
Virus Total is THE website for these things, it was bought by google long ago and has a massive database, if there is any other website I doubt it's any more powerfull.
@@pcsecuritychannel I'm not sure if a Raspberry Pi would be useful for that, since solutions like PiHole exist for other purposes. Just a thought for the video.
@@abandonedmuse My modem router combo from my ISP is really basic and doesn't have anything like that. If I go in the setting there is nothing for firewall but my cousins they have a different ISP and they have firewall options and stuff.
Someone clearly has a rather limited knowledge about firewalls and security in general. As an IT security guy for over 17 years this was quite painful to watch.
As suggested in the video, a hardware firewall is preferable, though that is pretty benign advice. A better (i.e., more possible/likely to be done, not "superior") suggestion, also in the video, is to have some other software firewall. Generally this will be bundled with some antivirus software.
Comodo firewall free, but good luck trying to find the correct download, nowadays the official web tries to spam you with "Complete Antivirus with Firewall" not the "firewall free" I am telling you.
@@el_tate Took me the best part of 2 seconds to find it. I googled "comodo free firewall" and got this link www.comodo.com/home/internet-security/firewall.php
@@el_tate Okay so I retract my comment slightly, but it does appear that to get the firewall you need to install the AV product as well. I wouldn't say thats too bad considering comodo AV is actually pretty good.
If you are someone who use the Windows Firewall at least in a corporate environment, one other thing you can do is use a GPO to control the Windows Firewall and tell the firewall to ignore any locally made rules. Is not a guarantee obviously but would provide some minor to moderate additional resistance to this attack. Ideally though, ya you want a hardware firewall that can actually scan into the packets and an IPS on the host that will run hashs against executables.
I think the point of the video was to use "security through obscurity". In other words, If you switch it up and use a different firewall the malware likely won't be written to specifically shut down that alternative firewall. If you are using common applications (MS Office)/OS (Windows)/Firewall (built-in) your system is what most malware are designed to attack.
@@sooocheesy People are better off just purchasing a tiny mini PC, with a cheap CPU, but not too old. and install Linux OS as the host-OS of that Tiny / Mini PC and then install OpenSense or pfSense with Saracata, and place the tiny / mini pc between the main computer and the router. You can get some pretty awesome protection.
@@nitaihat12 Just look at CVEs And of course it requires admin privileges. As much as I appreciate this channel, he often seems to blatantly skip things that would make you worry less. This might be either due to him targeting less experienced users that indeed shouldn't get a false sense of security with all the malware out there, or if it is to help sales of security software. If you are an experienced user, you can spend less money on security software and instead just keep your eyes open. But sure, don't do as root.
I use Private Firewall on my laptop. It lets nothing through that's not part of the operating system and lets you know if something is trying to get onto your system. It's a learning curve to use it.
@@lukasvincourcz7043 May be true, but thats actually their problem. Microsoft even released Windows 10 for free at first and clearly said that Windows 7 won't get supported anymore after some time, as every older Windows version. So I really don't see the point of making the test on an outdated windows version... Hope you get my point.
@@brunopaquin5637 While true, one should NEVER update to windows 10 through an already installed windows 7. windows 10 should ALWAYS be installed fresh from scratch and never as an update. my friends and hundreds of people I know have gone through hell doing it that way. then weeks later microsoft themselves posted on their website saying the same thing. And I only use windows for pc gaming.
There is a software (more like a gui) called Windows Firewall Control. It has an option called Secure Profile that deletes or disable any firewall rule that was not created using that software, even if created using cmd running as admin. But I'm not sure if it is that secure. It's now owened by Malwarebytes too. And I double down on asking you to do a video about good firewalls =)
Windows Firewall + Simplewall works great!! Older versios allowed you to disable Windows Frewall, but now they coexist and you can block all telematry as well. Nothing is allowed unkess you approve it.
1:30 *SERIOUSLY WTF!!!???* Why doesn't that command AT LEAST require some kind of password to execute!? (as a parameter or a separate popup window or something.)
Well obviously you use an anti virus software preferably with a firewall or one that modifies the Windows one, but you are right a firewall in the router would be the better idea, some internet providers also have firewalls at their base which seems to become more and more widepsread. I would really like to see you explore more GNU Linux safety aspects etc, interesting to see which are really more secure, with or without AV.
I set "outbound" to default to "blocked" in order to deal with spyware like windows. I know that if infected spyware could easily disable this. I want to find a solution where the PC tells an external firewall the name of the process for each outbound connection attempt.
Couldn't you just... set up a standard user account and use that for everything and require separate admin credentials? That said, I have glasswire on my desktop. It uses the Windows Firewall, but you can set it to ask to connect. So it blocks by default requiring your input to accept. It also provides a quick snip of where the application is connecting and its rating with Virustotal. It's kind of hands on at first, but once you figure it out it is pretty helpful at identifying shady programs. It does a whole lot of other things but I mainly like it because it makes managing the Windows Firewall possible.
I can’t really say that I would agree with the title and conclusion. The WF is z a great addition to Windows and can do multiple levels of authentication. What you demonstrated is a local infection that connects to an external source, it could do that by utilizing a session and skip any host based fw. I do agree on net network based fw. BTW, in a corporate environment always set the firewall to enable and manage it.
It took me until now to realise that the ISP supplied router does not seem to have a built in firewall, at least as far as i can tell The router which i am using as an access point does have a firewall though, although because i had it in access point mode, the firewall was automatically turned off (since in access point mode the WAN port becomes another LAN port) Just now i switched a few Ethernet cables around so everything is now connected through the router that i was using as an access point, and changed the router back over to router mode, so now the ISP supplied router is basically being used as a modem All the devices i have were already either connected to Ethernet, or the router which i used to have set up as an access point, this router is upstairs, while the ISP supplied router is in the kitchen, the WiFi signal of the ISP supplied router drops out in certain areas of the living room, and does not reach upstairs, whereas the router i have upstairs covers all parts of the house except for the kitchen, but this doesn’t bother me, as I don’t have any devices in the kitchen that connect to WiFi
The good thing about default windows firewall is to block remote code execution vulnerabilitis. in my opinion, directly bind connections are denied, but the problem is when the connection is from inside to outside, windows firewall will just look and says "ok"
1. Can you differentiate between Windows Firewall, Windows Defender, and Microsoft Security Essentials in Windows 7? 2. Is Microsoft Security Essentials adequate when used in Windows 10?
Why is this so misleading? Executing the "netsh advfirewall firewall add rule" requires elevation, so unless you disabled UAC you will be perfectly protected by Windows firewall. Also it seems that in order to execute the Fire.exe you would need to disable the AV as well.
actually windows 10 as well as windows server 2003 have basically the same firewall and most malware that affected server 2003 surprise works in windows 10 i highly recommend another firewall program as well as anti malware and anti virus as well
The end say not trying to bash Windows Firewall. But that is not even a question when it comes to objective reporting. The question is whether or not users should simply disable it and use something else.
@@RWBY Right? I wonder why TPSC didn't think about it. If you are testing, you need to have consistency. And that would be a REALLY stupid step from Microsoft to just let any program control Firewall, especially now that they invested so much money and time in Defender. And well, if the user gives it Admin right... then they are screwed. BUT TPSC didn't mention that - he just said that the problem could do it by itself, which is not true. That program needs admin rights.
Because I'm just demonstrating a basic point about security model which is independent of OS, be it Windows 7/8/10. For everyone saying it requires admin access, sure, but most malware/ransomware executes with admin access anyway, be it through privilege escallation or user grant, if you watch TPSC often you know this already. My objective is to make people aware of several cybersecurity scenarios. If you take it as a universal bashing of something, that's on you.
@@pcsecuritychannel want you to run it using the latest version. Since win 7 already expired. Need to show to anyone that say default windows protection is enough
@@pcsecuritychannel Yeah but if the malware executes with admin access anyways, which is not always the case but have it your way. The point is, there is no software firewall product that is going to protect you against this or with other words windows firewall does not do less of a job than other firewall products. So he's right, this video is a joke and you are mispresenting information. Also who says a hardware firewall will deny this traffic, depends on how you set it up.
If you add the "Windows Firewall Control" add-on, this should improve the situation of protecting the network from malicious activity. Kettles will boil from add-on requests for creating rules for each network action, but this will be effective to limit the actions of the malware and legitimate programs that should not have access to the network.
Great video, have been looking for something along these lines for sometime, also caught your video on Win11 and agree with the concerns you posed. Because of the risks of using Windows Firewall I installed Norton 360 and use that instead about five years ago. One feature I liked about Norton was the ease at which you could block out bound traffic from specific apps. And for a while I thought I had plugged most of the holes that Windows Telemetry was using. But nearly two years ago I noticed NF was not logging blocked traffic on the Window Telemetry settings I had entered, and wondered if MS had moved telemetry services deeper into the OS in order to bypass any firewall. But my knowledge doesn't take many any further than that, so I'm not sure what MS is doing now, but I do know the amount telemetry being collected has only increased. And you can't disable it any longer either. So, if you could add some suggestions on alternative firewalls, preferably hardware ones, that would allow someone to block outbound traffic, that would be great. Keep up the work and I'll share the links.
Hm.. I think this problem happens only if you use administrative windows account. AFAIK simple user account, unless asked to so, does not allow changing system settings, firewall rules included. It is not a problem of a windows firewall, the problem is in windows itself, because some programs required administrative environment to run properly.
I see you’re using Windows 7 in the virtual machine. You probably shouldn’t use this at this point as it is no longer supported. You may get a different result in Windows 10 defender/firewall. I use MacOS so this won’t happen to me. Saying another software firewall might’ve worked isn’t saying much unless you show it working. As well as router firewalls which I believe I have. What is the likelihood of this happening if you avoid sketchy sites I would say don’t lose any sleep over it.
The PC Security Channel Microsoft may have issued a patch for this except they ended support in January and this cane out in April so there are no more patch Tuesday patchers for win 7. The last patch Tuesday for win 10 was on May 12 so it would be worth testing an updated windows 10 install to see if this works. In practice don’t visit any malicious sites to avoid something like this.
@@abc123fhdi In the best case it will present as a notification. Do you know what happens when your average user is presented with a notification? "Yes" "Okay" "Continue" "Accept" "Confirm" etc. :/
@@advertslaxxor That's not a failure of Windows; that's a user error, and no firewall can prevent ham-fisted users who are itching to mess everything up.
@@pcsecuritychannel Did you test it on Windows 10? You used an OS that's EOL, and it's successors have had major overhauls in the security department.
Hello,Leo. Interesting point it is which you mentioned. But i have a question: Not only windows firewall is protecting the system if we choose windows protection, also windows defender antivirus is protecting the system when we enable it. Those backdoor malwares will be able to bypass windows av? so that your scenario will be accomplished. This looks like just a possibility to accomplish. This won't mean %100 success for trojan to be successfull in comppromising system. There is not only firewall side ,also av side there is.. Thanks...
I am using Windows Firewall Control which is a 3rd party interface for the windows firewall. It has an option called 'Secure Profile' which blocks any attempt to change firewall rules that does not come from this interface. But I am considering to switch to NetLimiter's firewall but I am not sure whether it is good enough to help against malware. Their support would not even answer me and they don't have a forum yet and neither a subreddit interestingly...
You mentioned not using windows firewall but suggested like a hardware firewall is there any you would suggest. General consumer routers that we get from the ISP are pretty bad for blocking software. So if you could suggest some that would be great thanks
Im a bit lost. Does it like completely bypass UAC as well and any permissions settings? obviously if you run it as a local admin it would run rampant, but does it do the same even if you separate the user account and the local admin?
I have my firewall/IPS running on a UDM from Ubiquiti and also have Norton Internet Security running on all of my machines. According to my IPS threat management it blocked a suspicious connection attempt made by someone Canada and Norway and more recently someone in the US. Its crazy to think that if routers didn't have firewalls built in, lots of people would be infected without even realising.
I have McAfee LiveSafe, and it says here a Firewall too. Is it different from Windows firewall? Is it sufficient from the thing that's rendering the windows firewall ineffective?
IDK about his suggestions but NetLimiter is pretty neat, it can limit the bandwidth of individual programs like its name suggest, but at its core it's a great firewall that can be configured to block anything (including official telemetry programs from microsoft or nvidia) and asks you every time any new program tries to connect. You can take make new rules on the fly
Comodo is complete, but the most important part is its HIPS. You don't have to install its AV part if you don't want to (a cloud scanner is still available though, but you can deactivate it). an IDS would cripple your bandwidth and take more ressources so it's not recommanded unless you build an other rig as an hardware firewall for it. Still, Symantec Endpoint Protection client only is free to use and got an IDS if you want to play (you have to register in the Broadcom website first I think). But ultimately, don't forget that the only prupose of a firewall is to open or close port, not to be aware if you get infected nor analyse what come through. That's your own, responsability (in my opinion this video is a bit severe).
If you mean "air Gapped" then yes a firewall is not needed. I have a PC that is on a separate hub with it's own printer and it never has internet access.
While hardware firewall is very good, when on the go, it is difficult to use a hardware firewall on, say, public transport. Relying on tech to protect people from doing shady behaviours online is just not going to go well. With all that being said, some recommendations other than using hardware firewall would be nice.
Microsoft used to apply a similar poor firewall policy on the Small Business Server line! They had to change the technical guidance once people explained how ineffective the firewall was.
Quick question, what happens if you are using an AV product that uses the Windows Firewall? Sophos I know uses Windows Firewall, so would this than be on the AV product to pick up on the trojan?
I would love to see how this test would go with ZoneAlarm free firewall without smart defence net running. Put to the same test your do with AV software.
Hey TPSC I saw an ad for a pc optimizer pro type antivirus/ pc speeder called "mycleanpc" and i was wondering if you could do a video on it because it has a TV advertisement and i was hoping you could shed some light so people could report it!
Well, the malware can in this case kill any antivirus you have running using Command lines. So, the moment you give admin rights, you're screwed regardless.
I use Private Firewall, It is not being updated any more since 2015 I believe, but I don't see any need for it to be updated. I would love to see The PC Security Channel test it against Ransomware, like he did with the Comodo Firewall...PLEEEEEEESE?!?!
I think it would be informative to make a video on firewall usage. Are there certain firewalls that conflict with others? When a certain application stops functioning correctly I often wonder is it my router's firewall conflicting with my computers firewall? Or was it just a Microsoft or Google update that broke things. I'm more inclined to believe the ladder
Finally decided to stop being lazy and install a firewall to replace windows. Went with ZoneAlarm, but ended up almost immediately starting to get DPC routine executions in the 40,000 microsecond mark... constant stuttering with audio, click, pops, and everything. Removed that and have been using glasswire, but I'm not overly fond of it. Anyone have experience with Comodo's free one? If nothing else works, I may try and go back to Zonealarm again and see if it was just a faulty install, but I sorta doubt it. Had similar issues with zonealarm in the past, although high DPC execution can be a result of numerous things (windows, lul) firewalls seem to be a common cause.
Hi Leo, Do you recommend any firewall like a tiny wall or Comodo firewall which you don.t hear much from. Even your product has done away with a firewall Emisoft AV. I believe most Av products just harden the existing firewall example F-secure.
My main problem with third party firewalls is that I can't get Mobile Hotspot working! I haven't tried it yet but do third party firewalls now supprot WSL/Pico? I remember then most firewalls can't differentiate it too from the system.
This video shouldn't be *misinterpreted as advice not to use any firewall* especially if you're using a laptop and connecting to random Wifi networks.
Also, since everyone is asking why I ran the sample in a Win 7 environment (yes, this happens the same way in Windows 8/10). The purpose here isn't to bash Windows Firewall.
It is a demonstration of the problem with a security model relying on the firewall on the same system the malware is executing from a cybersecurity perspective with real backdoor example.
What the hell is this about? This setup can only work if the user you run this under has actual admin rights... and if it does then ANY solution is purely gimmick.
What are you trying to teach here other than you not being aware of what an administrator is...?
Please upload another video doing the same procedure but with the user being an actual user...
And yes, UAC / Admin will stop this kind of bs - and if it did not (due to other exploits stacked, privilige escalation issues etc.) then ALL other solutions aside from a hardened and unexploitable (lol good luck) hardware firewall with DPI and other layers on top will not stop the threat either.
So in summary your video says: basic threats will be dealt with unless you're being hacked by the FBI - and if you are... well... nothing will stop the attack. In the worst case people will just visit you, smash your teeth in and kindly ask for the password again. Get REAL.
To ensure people don’t misinterpret it, you could change the title to “Why you shouldn’t rely on Windows Firewall”
How about using Windows Firewall Control? - binisoft.org/wfc
Honestly the firewall doesn't make that much differnce on a local LAN. It's more for hosts on the public internet that are being continuously scanned for vulnerabilities. You could very well disable it and it wouldn't make any difference. You are already behind a NAT firewall, your home router. And the host-based firewall in windows is designed for programs that run with administrator privilges can create exceptions for itself.
So don't use an account in the Administrators group for everyday use? Then malware running as that user won't have the elevated privileges to run netsh and compromise the Windows firewall. Am I correct on this point? Of course, an (additional) external firewall is still preferable, but on a mobile device, you have to use what you've got available.
You should do a video on the best Firewalls available.
I use ESET and it has been fantastic! Not just for the OS but for email and everything that comes into the system. Worth every penny in my opinion!
Netlimiter is very satisfying.
Yes please do!
Comodo is a good choice? I used it for a while.
Windows is the best.
Don’t run as a administrator. A limited user can’t change firewall settings. Thus the script won’t be able to either.
However, everyone with private desktops and laptops are kinda screwed.
I think he used administrator to demonstrate the market consumer average when it comes to Windows usage, which are often the common home usage Windows.
@@BreadMan434 So the title of this video, and most of his other video's should probably be "Why not to run Windows as an Administrator"
Most of the time software installers require admin rights. They can easily do this trick then.
@@psychcisco then they should also have the operating system labelled. As well as installed updates and OS versions.
And really, it shouldn't need to be said.
Every laptop in the world is sold to automatically set up your primary account as an Administrator, and every PC is preferably set up as one.
And this is primarily a problem caused by user account control, antivirus and firewall permissions.
If you're currently running a non-administrator windows, I have no idea what you're doing
I used to have deep freeze but the problem is it burns out the read and write of HDD platter disk in the long run but good against virus that overwrite the system very effective, if you know how to use it, just dont use a virtual disk as a storage, use a second physical drive,
Shouldnt windows always ask you when a program tries to add a rule on the firewall?
If uac is turned off and the user is silly enough to have their account run as admin or if the uac did pop up and they clicked yes when they initially launched the file
Yup, UAC and exceptions to the firewall are requested.
Yes it's a domino effect when the user runs at all times as local admin with UAC off. In this case using Windows Firewall is the *least* of security concern. Interesting walkthrough a Trojan but I dont get the point of this video and may be dangerous if viewers misconstrue this as turning WF off!
Blokka Nokka if you have uac turned off and running as admin then it will do what it wants
People usually just elevate the original malware executable without checking what it is when they run it initially. After that there's no more prompts because it has access.
please make more videos about malware analytics techniques , and it will be much better if you make a series from beginner to advanced.
your channel is really great
thank you
UAC was supposed to protect against that. But people kept complaining about annoying prompts so Windows made the default security level for never OSes "medium" which doesn't ask about built-in programs running with Admin priviledges. Instead they now use safe screen stuff that looks a program trying to run on up on the internet to determine if it should display an additional prompt.
Basically just turn UAC to high first thing on a new PC and never have an issue like the one displayed.
You are testing your assertion using Windows 7 32-bit, which has entered end-of-life Jan-2020 and has not been receiving any meaningful updates for quite some time. It would have been more relevant if you run this experiment on an up to date Windows 10. Then see that the assertion you make does not hold true, at least for this test.
Since more and more people are running smartphone devices, I was just wondering if you could make in the future a video about Antivirus software for Android/iOS?
Bitdefender free for Android
Agreed. Placed all my bets on Dr. Web being good / pretty decent as well.
@Dex4Sure well.... There was some instances were devs put malware and bypass Apple/Google protection. And don't get me started how many times ios
users were attacked by hackers using exploits.
@@БрухБрух-щ7и Yeah and its been real bad recently for android anyways... ( it's almost like google don't give a **** ) I don't know too much on apple as I don't hear as much about them. ( side note . . I'm not a fan of Apple and their crappy broken products ... Customer: Something broke/ not working? Apple: Buy a whole new computer )
all are scams, stop downloading pirated pr0n and you won't get viruses.
So, I've just never heard of that site until this video. It's very interesting to see what it can do. Are there any other sites of this type that you are aware of? Maybe you could do a video on such sites which you think are beneficial to people interested in cyber security. Thanks.
Virus Total is THE website for these things, it was bought by google long ago and has a massive database, if there is any other website I doubt it's any more powerfull.
@@TheFPSPower I am pretty sure he meant app.any.run
Can you do a video on how to get a router level firewall? I know it would be different for each router but it would be helpful.
Definitely I'll add it to my list after seeing the comments in this video. ;)
@@pcsecuritychannel I'm not sure if a Raspberry Pi would be useful for that, since solutions like PiHole exist for other purposes. Just a thought for the video.
@@pcsecuritychannel yes bro I approve of that request too!!
All routers have their own firewalls. Just read the manual and block the ports you don’t need. Anything coming in is wise unless you really need it.
@@abandonedmuse My modem router combo from my ISP is really basic and doesn't have anything like that. If I go in the setting there is nothing for firewall but my cousins they have a different ISP and they have firewall options and stuff.
Someone clearly has a rather limited knowledge about firewalls and security in general. As an IT security guy for over 17 years this was quite painful to watch.
True, no vector just payload on a simulator
"Download his friends and have a party on your system" 🤣
Well so what should we use?
As suggested in the video, a hardware firewall is preferable, though that is pretty benign advice.
A better (i.e., more possible/likely to be done, not "superior") suggestion, also in the video, is to have some other software firewall. Generally this will be bundled with some antivirus software.
Comodo firewall free, but good luck trying to find the correct download, nowadays the official web tries to spam you with "Complete Antivirus with Firewall" not the "firewall free" I am telling you.
eltate it doesnt have official website?
@@el_tate Took me the best part of 2 seconds to find it. I googled "comodo free firewall" and got this link www.comodo.com/home/internet-security/firewall.php
@@el_tate Okay so I retract my comment slightly, but it does appear that to get the firewall you need to install the AV product as well. I wouldn't say thats too bad considering comodo AV is actually pretty good.
If you are someone who use the Windows Firewall at least in a corporate environment, one other thing you can do is use a GPO to control the Windows Firewall and tell the firewall to ignore any locally made rules. Is not a guarantee obviously but would provide some minor to moderate additional resistance to this attack. Ideally though, ya you want a hardware firewall that can actually scan into the packets and an IPS on the host that will run hashs against executables.
Try it on Windows 10...
Yeah!
@Dex4Sure of course windows defender would be turned off when using third party av.
A list of good firewalls would be nice. Also what kind of system do you use to test these? What Linux distro do you like?
Title: You shouldn't use Windows Firewall.
Me: He said nothing about Windows Firewall with Advanced Security.
Doesn't f-secure use a modified windows firewall?
I think the point of the video was to use "security through obscurity". In other words, If you switch it up and use a different firewall the malware likely won't be written to specifically shut down that alternative firewall. If you are using common applications (MS Office)/OS (Windows)/Firewall (built-in) your system is what most malware are designed to attack.
@@sooocheesy People are better off just purchasing a tiny mini PC, with a cheap CPU, but not too old.
and install Linux OS as the host-OS of that Tiny / Mini PC and then install OpenSense or pfSense with Saracata, and place the tiny / mini pc between the main computer
and the router. You can get some pretty awesome protection.
so how does this malware obtein premissions to change firewall settings? doesn't that need admin perms?
If you use exploits, no (most of the viruses do)
@@ptyxx I see, could you point me somewhere I can learn about how such an exploit might work?
@@nitaihat12 Just look at CVEs
And of course it requires admin privileges. As much as I appreciate this channel, he often seems to blatantly skip things that would make you worry less. This might be either due to him targeting less experienced users that indeed shouldn't get a false sense of security with all the malware out there, or if it is to help sales of security software. If you are an experienced user, you can spend less money on security software and instead just keep your eyes open. But sure, don't do as root.
Powershell injection Set-MpPreference -DisableRealtimeMonitoring $true
I use Private Firewall on my laptop. It lets nothing through that's not part of the operating system and lets you know if something is trying to get onto your system. It's a learning curve to use it.
How will this work against Windows 10 Firewall?
Why would you do this test on WIndows 7?
A lot of people are still using this version of windows
@@lukasvincourcz7043 May be true, but thats actually their problem. Microsoft even released Windows 10 for free at first and clearly said that Windows 7 won't get supported anymore after some time, as every older Windows version. So I really don't see the point of making the test on an outdated windows version... Hope you get my point.
Just a note: to this day W10 is still free if you have a Win7 license
@@brunopaquin5637 While true, one should NEVER update to windows 10 through an already installed windows 7.
windows 10 should ALWAYS be installed fresh from scratch and never as an update. my friends and hundreds of people I know have gone through hell doing it that way.
then weeks later microsoft themselves posted on their website saying the same thing. And I only use windows for pc gaming.
@@TwstedTV agreed, but since 1909 you can install from scratch and activate with a win7 key
"Why you shouldn't just use Windows Firewall". Does this post also apply to [Windows 10 Firewall]?
Trust MS to call their paperwall a firewall.
There is a software (more like a gui) called Windows Firewall Control. It has an option called Secure Profile that deletes or disable any firewall rule that was not created using that software, even if created using cmd running as admin. But I'm not sure if it is that secure. It's now owened by Malwarebytes too.
And I double down on asking you to do a video about good firewalls =)
In theory, would UAC settings and/or running the OS on a non admin account prevent the malware from using cmd to add the rules?
yes but if u click yes on the promp the same would happen
Windows Firewall + Simplewall works great!! Older versios allowed you to disable Windows Frewall, but now they coexist and you can block all telematry as well. Nothing is allowed unkess you approve it.
1:30 *SERIOUSLY WTF!!!???*
Why doesn't that command AT LEAST require some kind of password to execute!? (as a parameter or a separate popup window or something.)
Because he's using an unsupported OS. Windows 7 is End of Life since Jan 2020
@@tropolite
Not really the point, this SHOULD have required some kind of password FROM THE START, or at least been patched soon after.
Use TinyWall, its a free and light firewall controller that uses Windows Firewall but prevents rule changes outside of its own dashboard.
I didn't care to check what channel. I thought, hey this guy sound like Leo. Keep it up, this channel is awesome!
You should make a video of how to configure your firewall.
Well obviously you use an anti virus software preferably with a firewall or one that modifies the Windows one, but you are right a firewall in the router would be the better idea, some internet providers also have firewalls at their base which seems to become more and more widepsread.
I would really like to see you explore more GNU Linux safety aspects etc, interesting to see which are really more secure, with or without AV.
Iobit Malware Fighter 8 rc just came out. Would love to see some Iobit software tests.
I set "outbound" to default to "blocked" in order to deal with spyware like windows. I know that if infected spyware could easily disable this. I want to find a solution where the PC tells an external firewall the name of the process for each outbound connection attempt.
I use "Windows Firewall Control" from Malwarebytes.
is it good for something?
It’s a good add-on for the system firewall. There will be many requests for creating rules, but this will improve system security.
Couldn't you just... set up a standard user account and use that for everything and require separate admin credentials?
That said, I have glasswire on my desktop. It uses the Windows Firewall, but you can set it to ask to connect. So it blocks by default requiring your input to accept. It also provides a quick snip of where the application is connecting and its rating with Virustotal. It's kind of hands on at first, but once you figure it out it is pretty helpful at identifying shady programs. It does a whole lot of other things but I mainly like it because it makes managing the Windows Firewall possible.
I can’t really say that I would agree with the title and conclusion. The WF is z a great addition to Windows and can do multiple levels of authentication. What you demonstrated is a local infection that connects to an external source, it could do that by utilizing a session and skip any host based fw. I do agree on net network based fw. BTW, in a corporate environment always set the firewall to enable and manage it.
It took me until now to realise that the ISP supplied router does not seem to have a built in firewall, at least as far as i can tell
The router which i am using as an access point does have a firewall though, although because i had it in access point mode, the firewall was automatically turned off (since in access point mode the WAN port becomes another LAN port)
Just now i switched a few Ethernet cables around so everything is now connected through the router that i was using as an access point, and changed the router back over to router mode, so now the ISP supplied router is basically being used as a modem
All the devices i have were already either connected to Ethernet, or the router which i used to have set up as an access point, this router is upstairs, while the ISP supplied router is in the kitchen, the WiFi signal of the ISP supplied router drops out in certain areas of the living room, and does not reach upstairs, whereas the router i have upstairs covers all parts of the house except for the kitchen, but this doesn’t bother me, as I don’t have any devices in the kitchen that connect to WiFi
The good thing about default windows firewall is to block remote code execution vulnerabilitis. in my opinion, directly bind connections are denied, but the problem is when the connection is from inside to outside, windows firewall will just look and says "ok"
Excuse me but isn't this, assuming we run a malicious file first manually right?
Doesn't netsh command require admin privileges?
Now why don't you try using an Operating System that isn't discontinued. Windows 7 isn't supported anymore.
Because Win10 means $$$ on any.run, easy as that.
1. Can you differentiate between Windows Firewall, Windows Defender, and Microsoft Security Essentials in Windows 7? 2. Is Microsoft Security Essentials adequate when used in Windows 10?
What's the best alternative then? How do we put a firewall at the appropriate level for protection?
What's the program you're using there to simulate this stuff?
1:02, This wasn’t fair. Windows 7 is EoL. Please do a test on 11/10 for fair!
Why is this so misleading? Executing the "netsh advfirewall firewall add rule" requires elevation, so unless you disabled UAC you will be perfectly protected by Windows firewall. Also it seems that in order to execute the Fire.exe you would need to disable the AV as well.
Please consider doing a video on this particular threat against Komodo firewall. Thanks. Great channel! 👍
That video is misleading, you skipped the vector part which can be easily blocked by the firewall.
Malwarebytes Windows firewall control has something called a secure profile and secure rules, no idea how effective it is though.
actually windows 10 as well as windows server 2003 have basically the same firewall and most malware that affected server 2003 surprise works in windows 10 i highly recommend another firewall program as well as anti malware and anti virus as well
The end say not trying to bash Windows Firewall. But that is not even a question when it comes to objective reporting. The question is whether or not users should simply disable it and use something else.
Why not using windows 10?
Yes, windows 10 has the same problems?
@@RWBY Right? I wonder why TPSC didn't think about it. If you are testing, you need to have consistency. And that would be a REALLY stupid step from Microsoft to just let any program control Firewall, especially now that they invested so much money and time in Defender. And well, if the user gives it Admin right... then they are screwed. BUT TPSC didn't mention that - he just said that the problem could do it by itself, which is not true. That program needs admin rights.
Because I'm just demonstrating a basic point about security model which is independent of OS, be it Windows 7/8/10.
For everyone saying it requires admin access, sure, but most malware/ransomware executes with admin access anyway, be it through privilege escallation or user grant, if you watch TPSC often you know this already. My objective is to make people aware of several cybersecurity scenarios. If you take it as a universal bashing of something, that's on you.
@@pcsecuritychannel want you to run it using the latest version. Since win 7 already expired. Need to show to anyone that say default windows protection is enough
@@pcsecuritychannel Yeah but if the malware executes with admin access anyways, which is not always the case but have it your way. The point is, there is no software firewall product that is going to protect you against this or with other words windows firewall does not do less of a job than other firewall products. So he's right, this video is a joke and you are mispresenting information. Also who says a hardware firewall will deny this traffic, depends on how you set it up.
So what Windows firewall payed package is worth buying to the competition. This is if I have too sercumstance of being cheaper likely.
Really interesting and so well explained with the demonstration.
Tip: use linux, you need a root/admin password to do rules in firewalls
yt recommendations is giving me good stuff lately
So what do I do to solve this problem?
If you add the "Windows Firewall Control" add-on, this should improve the situation of protecting the network from malicious activity. Kettles will boil from add-on requests for creating rules for each network action, but this will be effective to limit the actions of the malware and legitimate programs that should not have access to the network.
Really great video!
Thanks!
Great video, have been looking for something along these lines for sometime, also caught your video on Win11 and agree with the concerns you posed. Because of the risks of using Windows Firewall I installed Norton 360 and use that instead about five years ago. One feature I liked about Norton was the ease at which you could block out bound traffic from specific apps. And for a while I thought I had plugged most of the holes that Windows Telemetry was using. But nearly two years ago I noticed NF was not logging blocked traffic on the Window Telemetry settings I had entered, and wondered if MS had moved telemetry services deeper into the OS in order to bypass any firewall. But my knowledge doesn't take many any further than that, so I'm not sure what MS is doing now, but I do know the amount telemetry being collected has only increased. And you can't disable it any longer either. So, if you could add some suggestions on alternative firewalls, preferably hardware ones, that would allow someone to block outbound traffic, that would be great. Keep up the work and I'll share the links.
Hm.. I think this problem happens only if you use administrative windows account. AFAIK simple user account, unless asked to so, does not allow changing system settings, firewall rules included.
It is not a problem of a windows firewall, the problem is in windows itself, because some programs required administrative environment to run properly.
I see you’re using Windows 7 in the virtual machine. You probably shouldn’t use this at this point as it is no longer supported. You may get a different result in Windows 10 defender/firewall. I use MacOS so this won’t happen to me. Saying another software firewall might’ve worked isn’t saying much unless you show it working. As well as router firewalls which I believe I have. What is the likelihood of this happening if you avoid sketchy sites I would say don’t lose any sleep over it.
That's not the point. The video about malware on a system using access to CMD to edit Firewall rules, the same can happen in Windows 10.
The PC Security Channel Microsoft may have issued a patch for this except they ended support in January and this cane out in April so there are no more patch Tuesday patchers for win 7. The last patch Tuesday for win 10 was on May 12 so it would be worth testing an updated windows 10 install to see if this works. In practice don’t visit any malicious sites to avoid something like this.
@@abc123fhdi In the best case it will present as a notification. Do you know what happens when your average user is presented with a notification? "Yes" "Okay" "Continue" "Accept" "Confirm" etc. :/
@@advertslaxxor That's not a failure of Windows; that's a user error, and no firewall can prevent ham-fisted users who are itching to mess everything up.
@@pcsecuritychannel Did you test it on Windows 10? You used an OS that's EOL, and it's successors have had major overhauls in the security department.
You should have gave some resolutions. As in firewalls that are available. But it was a good video thank you very much.
Totally agree. Especially if the system need to be protected in a LAN file share environment.
Hello,Leo. Interesting point it is which you mentioned. But i have a question: Not only windows firewall is protecting the system if we choose windows protection, also windows defender antivirus is protecting the system when we enable it. Those backdoor malwares will be able to bypass windows av? so that your scenario will be accomplished. This looks like just a possibility to accomplish. This won't mean %100 success for trojan to be successfull in comppromising system. There is not only firewall side ,also av side there is.. Thanks...
I am using Windows Firewall Control which is a 3rd party interface for the windows firewall. It has an option called 'Secure Profile' which blocks any attempt to change firewall rules that does not come from this interface.
But I am considering to switch to NetLimiter's firewall but I am not sure whether it is good enough to help against malware. Their support would not even answer me and they don't have a forum yet and neither a subreddit interestingly...
Subscribed to your channel! You have amazing information!
So, one edge case where your system needs to already be compromised means that Windows Firewall is useless?
This only happened if the malware can pass defender antivirus for windows right?
You mentioned not using windows firewall but suggested like a hardware firewall is there any you would suggest. General consumer routers that we get from the ISP are pretty bad for blocking software. So if you could suggest some that would be great thanks
Very informative, I am using Malwarebytes Windows Firewall Control and its pretty awesome
Im a bit lost. Does it like completely bypass UAC as well and any permissions settings? obviously if you run it as a local admin it would run rampant, but does it do the same even if you separate the user account and the local admin?
I have my firewall/IPS running on a UDM from Ubiquiti and also have Norton Internet Security running on all of my machines. According to my IPS threat management it blocked a suspicious connection attempt made by someone Canada and Norway and more recently someone in the US. Its crazy to think that if routers didn't have firewalls built in, lots of people would be infected without even realising.
Norton is one of the worst and I have replaced it on several computers after they got hacked.
Is the firewall on Win10 any different?
Much better
Could you do a video with windows 10 with defenders isolation technologies enabled ?
Shouldn't you get a notification tell new Defender is off and the settings were changed
I have liked every video I have watched.........amazing channel.
What do I do if I don't have alternative Firewalls available at the moment? Do I turn off windows firewall systems regardless? Please elaborate.
I have McAfee LiveSafe, and it says here a Firewall too. Is it different from Windows firewall? Is it sufficient from the thing that's rendering the windows firewall ineffective?
any software firewall or IDS you would suggest ?
IDK about his suggestions but NetLimiter is pretty neat, it can limit the bandwidth of individual programs like its name suggest, but at its core it's a great firewall that can be configured to block anything (including official telemetry programs from microsoft or nvidia) and asks you every time any new program tries to connect. You can take make new rules on the fly
@alfa8fake2 avira dosen't come with a firewall no more, it just boosts the current windows firewall. but the AV from avira is top notch
@@unocualqu1era thanks for the tip on NetLimiter!!! Been looking for a way to see if i could limit Windows 10 telemetry!!
Comodo is complete, but the most important part is its HIPS. You don't have to install its AV part if you don't want to (a cloud scanner is still available though, but you can deactivate it).
an IDS would cripple your bandwidth and take more ressources so it's not recommanded unless you build an other rig as an hardware firewall for it. Still, Symantec Endpoint Protection client only is free to use and got an IDS if you want to play (you have to register in the Broadcom website first I think).
But ultimately, don't forget that the only prupose of a firewall is to open or close port, not to be aware if you get infected nor analyse what come through. That's your own, responsability (in my opinion this video is a bit severe).
@alfa8fake2 Thanks for the tip on Comodo. Do you know if Sophos has a built-in firewall?
So do we need a firewall on a desktop PC that is always connected to a safe network?
There is no 'safe' network. Hackers can try any ip address. But it is slightly safer with a password and private network but not by much
If you mean "air Gapped" then yes a firewall is not needed. I have a PC that is on a separate hub with it's own printer and it never has internet access.
While hardware firewall is very good, when on the go, it is difficult to use a hardware firewall on, say, public transport. Relying on tech to protect people from doing shady behaviours online is just not going to go well.
With all that being said, some recommendations other than using hardware firewall would be nice.
Microsoft used to apply a similar poor firewall policy on the Small Business Server line! They had to change the technical guidance once people explained how ineffective the firewall was.
would the addition of Tinywall make sense? It is supposed to block apps from disabling the Windows Firewall, aside from its whitelist policy
My firewall: windows firewall has blocked some of the features of this app
Me: oh- WELL AT LEAST MY FIREWALL IS WORKING 😃
Quick question, what happens if you are using an AV product that uses the Windows Firewall? Sophos I know uses Windows Firewall, so would this than be on the AV product to pick up on the trojan?
I would love to see how this test would go with ZoneAlarm free firewall without smart defence net running. Put to the same test your do with AV software.
What kind of software did you use to analyze that malware step by step?
Thank you. Right to the important point!
Please make a video of best firewall we can use. It will be very helpful.
Hey TPSC I saw an ad for a pc optimizer pro type antivirus/ pc speeder called "mycleanpc" and i was wondering if you could do a video on it because it has a TV advertisement and i was hoping you could shed some light so people could report it!
Do you think you could check the OSX firewall too?
Does this affect people who use standard account with admin separated? Can this get past UAC?
Well, the malware can in this case kill any antivirus you have running using Command lines. So, the moment you give admin rights, you're screwed regardless.
I use Private Firewall, It is not being updated any more since 2015 I believe, but I don't see any need for it to be updated. I would love to see The PC Security Channel test it against Ransomware, like he did with the Comodo Firewall...PLEEEEEEESE?!?!
So which firewall?
I think it would be informative to make a video on firewall usage. Are there certain firewalls that conflict with others? When a certain application stops functioning correctly I often wonder is it my router's firewall conflicting with my computers firewall? Or was it just a Microsoft or Google update that broke things. I'm more inclined to believe the ladder
Finally decided to stop being lazy and install a firewall to replace windows. Went with ZoneAlarm, but ended up almost immediately starting to get DPC routine executions in the 40,000 microsecond mark... constant stuttering with audio, click, pops, and everything. Removed that and have been using glasswire, but I'm not overly fond of it. Anyone have experience with Comodo's free one? If nothing else works, I may try and go back to Zonealarm again and see if it was just a faulty install, but I sorta doubt it. Had similar issues with zonealarm in the past, although high DPC execution can be a result of numerous things (windows, lul) firewalls seem to be a common cause.
Hi Leo, Do you recommend any firewall like a tiny wall or Comodo firewall which you don.t hear much from. Even your product has done away with a firewall Emisoft AV. I believe most Av products just harden the existing firewall example F-secure.
My main problem with third party firewalls is that I can't get Mobile Hotspot working!
I haven't tried it yet but do third party firewalls now supprot WSL/Pico? I remember then most firewalls can't differentiate it too from the system.
Any comments on Windows Firewall Control? Malearebytes purchased it.