There has been a recent Github script called “Windows Toolbox” that installs malware under the pretense of Google Play Store. Let’s go over what this is and how to prevent it.
Bleeping computer article: https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/ .
►► Digital Downloads ➜ https://www.cttstore.com
►► Patreon ➜ https://www.patreon.com/christitustech
►► Twitch ➜ https://www.twitch.tv/christitustech
►► Website and Guides ➜ https://christitus.com
I actually scammed for 600INR , while i was asleep my steam account was debited for market purchase……….
Dude, I don't understand, is github infected?
Great video with some very good advice.
Be careful with what you run from internet. And yes, even good people can add bad stuff by mistake.
It is far to easy to introduce a bug, especially from development versions, which is on GitHub/GitLab. So it doesn't need to be malicious to ruin a computer for users of scripts/programs/instructions downloaded from internet.
I really like that you emphasizes on reducing the rights of programs and not run scripts as administrator without real reasons. That goes with all access rights, they should be motivated, both in documentation and in scripts. If that is not documented, DO NOT EXECUTE THE SCRIPT OR COMMANDS.
If you don't know what it does and have looked the instruction/scripts though, DON'T BE a Linus from Linus Tech Tips and blame the script/information provider for YOU blindly apply their suggestions WITHOUT understanding that YOU USE IT on your own, YOU are responsible from ruin YOUR computers set up. Not the one that you download the script from.
Thank you for your reliable videosðŸ‘
i fell for this but then removed it
I always like Chris Titus Videos even though It's way over my head.. lol
Chris, hello do you recommend to use this cmd ( bdedit ) commands for multiplayer gaming? bcdedit /set useplatformtick yes
bcdedit /set & disabledynamictick yes ( specs: 12700K / 3070 / windows 11 ) Thanks in advance
I guess it was only a matter of time since Microsoft bought GitHub. 🙁
Chris, I only see it now. The text seems a bit unsharp for whatever reason. There is clearly compression going on which is too agressive, it might be a wrong setting.
Not sure if you’re old enough to remember, but I blame gnome(again or always). They started this whole mess by being the first to give us a “gognome†url we were to pipe to sh and just trust. This was back in probably 1996 or so.
can you make a video about powershell scripting itself we don't want a complete course but just video tell us how to get started
Thanks for the video, Chris!
Very useful!
Windows is already Malware.
I was a victim of the WinToolbox script you discussed. I only clicked on the link to view it and (luckily) never used any of the 'features' it offered, so I don't believe I did any damage. But I do recall an option to ACTIVATE Windows & Office (which would be nice to have in case I ever run into that issue). Chris: Does your script have such an option?
Congrats on your following and thanks for your videos – I get a lot out of them!
Dan
While you spent most of the video talking about assessing scripts, I think the bigger topic is what you touched on at the end – trust. How do you assess trust? I'm comfortable using your script off github because I trust you and github not to be malicious and not to introduce egregious security flaws. Another aspect of trust that you touch on is context – how much are you risking? Could you be targeted specifically?
I think it's important to focus on the trust angle both because it's more intuitive for people, and because we have to do it anyway. Ultimately I trust Fedora to put out a product that is safe and not malicious, and I trust their delivery mechanisms not to be compromised. The context is a little different, but the process of assessing trust is similar.
From here you can get into the territory of mitigating questions of trust. Do I trust this resource not to disappear? Download and archive for later use. Is the pool of users small, or the delivery mechanism personalized? Maybe download the script and manually assess it. Mitigation is tough, assessing trust is manageable. I'm not personally reviewing every commit to the Linux kernel – I don't have the skills or the time, so I /have/ to trust the process.
Good video.
First time I saw that powershell script of yours. Really impressive stuff. I've been thinking about adding wpf to some of my scripts aswell.
400k hype!!
I ran your script based fully on trust honestly, I feel like you would not screw over thousands of people, one because you just seem like a good person, and second, it's your channel, and it's dedicated to tech-savvy people, someone would notice something, and you would be canceled into oblivion, so yeah trust lol, I would never trust a random string I found online, atleast not for windows as I know my way on a terminal.
Thank you for making this video 🙠you gotta be careful running scripts! I've been using your toolbox for well over year, in commercial scenarios on 100's if not 1000's of machines and never had a single problem. You do gods work thank you so much!
That's why I always would recommend: If you are unsure with some scripts, run them isolated in a sandbox environment. I'm for example testing those scripts in a Windows 10 VM and not only try to understand the code itself, but how the code (if there for example something isn't documented or well documented) behaves, when it gets executed. You can also go a step further and isolate that machine from the LAN and secure your network a bit, so that malware cannot effect your local network ressources like SMB Shares for example. Yes I know the disadvantage, that modern malware can gether information so see, if it is running in a virtual or physical environment. But you could combine it with the code review and try to look, when the running script does stop a action or itself, if it knows, that it is running in a virtual environment. That's also a hint, that the code contains malicious pieces in it.
My 5 cents: if you mastered some number of programming languages, Python is not hard at all. At least if the code is not obfuscated purposely.
Great advice, thanks Chris!
I installed Chris's script on my toaster and now it over cooks all my bread… Seems kinda fishy! Kidding. But seriously your scripts are amazing.
Good lesson, thank you for your excellent content.
I really appreciate and enjoy listening to your perspectives, thoughts, and theorems that compile your decision to run or not to run code from an open source project. Thank you! <3
If I do most of my computer tasks on a limited account, can a script still elevate to administrator status without prompting me to enter an administrator password?
I have used your script and other information in the past on a Windows machine (not mine) and felt comfortable. My daily driver is a Linux laptop. However, in this video, to me, you sounded a little nervous.
good tips Chris
Thanks for pointing the red flags for scripts it will definitely come in handy
Why not just say: "Use mine, not theirs"?
Thanks for the recommendation Chris, I'm not going to never to run akward script on my termux or linux.
Btw…
Congratulations!!!!
Chris, I take all tips when it comes to Windows from you.
(I only use Windows for gaming on a separate PC).
Nice work by the way, keep up the good work!
Amazing channel of yours, congrats to 400k subs.
I am the 400.000 suscriber! Thanks
This is a good lesson, I like to brag I always do this, but the truth is I do not do it all the time.
However I always do a risk analysis if you can call it that, if I consider the odds to be high, I may decide to run the script in a VM or sandbox and observe what it does.
So when it does its bad thing, I can easily nuke it and throw it away or if it doesn't work.
Biggest vetting I have done was the Arch Linux on ZFS install script I went through, not only because it is a foreign script, but it needs to run as root during the install.
So there I went through and checked the keys and links to verify its behavior prior to running it's massive timesaving feature.
Isn't Windows 11 itself addware ?
Congrats on 400K Chris
This is like checking fir every 0 or 1 in computer language. You will need to be an educated programmer to get every nick and cranny. Ridiculous to point out in a very short vid.
Malware and ransomware is really a headache for me. My desktop get infected because I fixing my sicurity services of window and the ransonware that infected my pc is new viriant that is mean they are active in internet.
I'm more inclined to use your script or any youtuber with respectable number of subscribers, because you have much to lose than others (ie trust, respect and youtube career). One controversy and influencers/content creator's career pretty much over, thus I trust you more although in your case I respect your dedication and enthusiasm to help people like me, with shallow technical knowledge as well as unbiased opinions. Please keep up the good work and I hope your fanbase keep growing.
Youtube finally recommends a channel slightly related to mine to me. Great video
Damn I wish I knew how powershell commands work lol.
I just made a program in C++ to do the automatic app installs through winget (since I keep creating new Windows VMs here and there). I wasn't able to find a way to get C++ to install all the programs at once unfortunately but I'm still working on it xD
It's the desktop capture low res?
omg thiojoe… he used to troll people a lot in the past, don't know about nowadays though.
I actually find it easier to just use Linux as host. Win guest can rot, no biggie 🙂
Your local library probably provides access to linkedin learning tutorials for python.
Thank you I did notice they had a tool box but it was a big download I think and took forever for it to set up or maybe it was called power toys