WEBVTT 1 00:00:00.080 --> 00:00:03.160 You know that feeling your computer screen just freezes up, 2 00:00:03.520 --> 00:00:05.719 and then this weird pop up appears, looks like it's 3 00:00:05.719 --> 00:00:09.640 from Window Security, but it's demanding a bitcoin to unlock 4 00:00:09.679 --> 00:00:10.119 your files. 5 00:00:10.199 --> 00:00:11.679 Oh yeah, that immediate panic. 6 00:00:11.880 --> 00:00:15.160 It's a horrible feeling exactly. And while that fear of 7 00:00:15.160 --> 00:00:17.600 your own PC getting hit is totally valid, what if 8 00:00:17.640 --> 00:00:20.079 I told you that's just well the tip of a 9 00:00:20.199 --> 00:00:22.000 much much bigger digital iceberg. 10 00:00:22.440 --> 00:00:26.000 That's right, Malware today isn't just about one machine. It's 11 00:00:26.039 --> 00:00:29.839 targeting whole networks, servers, stealing really personal data. 12 00:00:30.280 --> 00:00:34.359 It's evolve into a massive industry, right, especially with ransomware. 13 00:00:34.719 --> 00:00:36.520 The stakes are incredibly. 14 00:00:36.039 --> 00:00:38.520 High, millions sometimes billions involved. 15 00:00:38.640 --> 00:00:41.200 Welcome to the deep dive. This is where we take 16 00:00:41.240 --> 00:00:43.640 expert sources, cut through the noise and pull out the 17 00:00:43.679 --> 00:00:45.679 key insights to get you informed fast. 18 00:00:45.960 --> 00:00:50.200 And today we're diving into the let's say, fascinating and 19 00:00:50.280 --> 00:00:52.880 sometimes pretty terrifying world of Windows malware. 20 00:00:53.039 --> 00:00:55.920 Yeah, our mission here is really for you, the curious learner. 21 00:00:56.240 --> 00:00:59.240 We want to demystify these threats, give you the knowledge 22 00:00:59.240 --> 00:01:02.200 not just to defend you, but also crucially how to 23 00:01:02.280 --> 00:01:03.960 spot them and get rid of them if they do 24 00:01:04.040 --> 00:01:05.079 strike and our. 25 00:01:05.000 --> 00:01:08.200 Main guide for this is a really solid source Windows 26 00:01:08.280 --> 00:01:13.879 Virus and Malware Troubleshooting by Microsoft MVPs Andrew Bettany and 27 00:01:13.959 --> 00:01:14.640 Mike Halsey. 28 00:01:14.920 --> 00:01:17.719 So we're going to dig into some surprising history, look 29 00:01:17.760 --> 00:01:20.760 at the threats we face right now, and get beyond 30 00:01:20.879 --> 00:01:25.680 those scary headlines to you know, practical understanding and actual solutions. 31 00:01:25.959 --> 00:01:26.840 Ready to jump in. 32 00:01:26.959 --> 00:01:29.239 Let's do it. What's really interesting when you look back 33 00:01:29.480 --> 00:01:32.719 is where computer viruses actually started. It might surprise you 34 00:01:32.760 --> 00:01:35.799 not Windows then, No, not initially the very earliest ones, 35 00:01:35.840 --> 00:01:38.280 believe it or not, for Apple two and macintos systems. 36 00:01:38.480 --> 00:01:41.439 They'd write themselves onto the boots sector of floppy discs. 37 00:01:41.599 --> 00:01:44.680 Floppy discs wow, so every time you use the disc. 38 00:01:44.560 --> 00:01:47.359 And go it executed. Sneaky stuff even back then. 39 00:01:47.599 --> 00:01:50.640 But then came the IBM PC and MS DOSS and 40 00:01:50.719 --> 00:01:54.359 personal computer started popping up everywhere, especially in businesses, and. 41 00:01:54.319 --> 00:01:57.439 That's when things really took off. Virus wise. They were 42 00:01:57.480 --> 00:02:01.719 tiny programs back then, often doing well, almost quaint things. 43 00:02:01.760 --> 00:02:04.280 Like that story about the virus playing Yankee Doodle Dandy 44 00:02:04.319 --> 00:02:07.239 every day at five pm on an old Olive EDDYPC 45 00:02:07.519 --> 00:02:09.879 back in ninety one. Seems almost terming. 46 00:02:09.639 --> 00:02:14.560 Now agrease simpler times, definitely, but things escalated pretty fast. 47 00:02:14.759 --> 00:02:17.479 The Morris worm late eighty eight. That was a real 48 00:02:17.520 --> 00:02:20.159 turning point. The first Internet virus. 49 00:02:19.919 --> 00:02:22.199 Essentially written by a student, wasn't it yeah. 50 00:02:22.039 --> 00:02:24.759 Cornell grad student. It wasn't actually meant to be harmful 51 00:02:25.000 --> 00:02:27.800 to see how big the Internet was. But a mistake 52 00:02:27.840 --> 00:02:30.879 in the code, oh yeah, it turned it infectious, became 53 00:02:30.919 --> 00:02:34.360 a denial of service attack by accident, basically took down 54 00:02:34.400 --> 00:02:36.879 thousands of computers. Huge cleanup job. 55 00:02:36.919 --> 00:02:40.280 And we've seen some incredibly destructive ones since. Stuck snit 56 00:02:40.560 --> 00:02:45.520 for instance, targeting Iran's nuclear program that was huge, news, huge. 57 00:02:45.319 --> 00:02:48.360 And code read back in two thousand and one. That 58 00:02:48.400 --> 00:02:51.199 thing was infecting what over three hundred thousand computers a day, 59 00:02:51.479 --> 00:02:55.639 defacing websites, launching attacks. It really felt like the Wild West. 60 00:02:55.360 --> 00:02:57.439 Online, It really did. And this is where we see 61 00:02:57.439 --> 00:03:00.280 that big shift you mentioned earlier, right, the motivation change. 62 00:03:00.360 --> 00:03:03.240 Exactly stop being about just getting famous or proving you 63 00:03:03.280 --> 00:03:07.159 could do it, and became curely about money, cold hard cash. 64 00:03:07.360 --> 00:03:08.800 Enter the bots and ransomware. 65 00:03:08.919 --> 00:03:12.439 Precisely, bots are like these hidden agents. They can infect thousands, 66 00:03:12.479 --> 00:03:15.199 millions of computers. And just sit there waiting waiting for 67 00:03:15.240 --> 00:03:19.400 what for instructions, Control of these botnets get sold on 68 00:03:19.439 --> 00:03:22.240 the dark web. They use them for well, all sorts 69 00:03:22.240 --> 00:03:25.960 of things, key logging, to steal your passwords, creating backdoors 70 00:03:25.960 --> 00:03:30.400 into systems, launching massive DDUS attacks to crash websites. 71 00:03:30.080 --> 00:03:33.319 DDAs distributed denial of service that's where they flood a 72 00:03:33.400 --> 00:03:34.240 site with traffic. 73 00:03:34.319 --> 00:03:36.479 That's the one overwhelm it completely. 74 00:03:36.599 --> 00:03:40.240 And then ransomware that's the one that really gives people nightmares, 75 00:03:40.240 --> 00:03:41.639 individuals and businesses alike. 76 00:03:41.759 --> 00:03:45.479 Oh absolutely, Imagine all your files, your photos, your documents 77 00:03:45.520 --> 00:03:49.280 just locked up encrypted and you get this demand for 78 00:03:49.360 --> 00:03:51.599 bitcoin to maybe get them back. 79 00:03:51.360 --> 00:03:52.639 And businesses are paying. 80 00:03:52.919 --> 00:03:56.080 Sources say yes, hundreds of millions are made this way 81 00:03:56.159 --> 00:04:00.719 every year. Universities, hospitals, big companies, even government agencies. They 82 00:04:00.759 --> 00:04:04.759 often pay quietly because the cost of downtime is even higher. 83 00:04:04.800 --> 00:04:07.479 It's a horrible calculation to have to make, it really is. 84 00:04:07.719 --> 00:04:10.840 And it's important to remember malware isn't just a Windows problem. 85 00:04:10.960 --> 00:04:13.879 It's everywhere Android, iOS, mac os. 86 00:04:14.080 --> 00:04:16.680 But Windows is the main focus for today's deep dive 87 00:04:17.040 --> 00:04:18.560 just because it's so widely used. 88 00:04:18.759 --> 00:04:22.480 Right though, it's worth noting those newer ARM based Windows 89 00:04:22.519 --> 00:04:26.319 ten systems, they are generally a bit less susceptible, more 90 00:04:26.360 --> 00:04:29.959 modern architecture, but not immune, not totally immune, no, because 91 00:04:30.000 --> 00:04:33.399 they can still run older legacy Windows code, and that's 92 00:04:33.439 --> 00:04:35.040 often what malware targets. 93 00:04:35.279 --> 00:04:38.319 And looking forward, the Internet of Things IoT, that's a 94 00:04:38.360 --> 00:04:40.079 whole new frontier, isn't it. 95 00:04:40.079 --> 00:04:44.439 It is smart fridges, cameras, dermostats. A lot of these 96 00:04:44.439 --> 00:04:48.920 devices have pretty weak security out of the box, default passwords, things. 97 00:04:48.759 --> 00:04:51.439 Like that, so they become an easy way into your network. 98 00:04:51.199 --> 00:04:54.600 Potentially, yes, a gateway for attackers to get to your 99 00:04:54.879 --> 00:04:57.720 more important devices like your PC or your phone. 100 00:04:57.959 --> 00:05:00.399 So if operating systems like Windows are getting more secure 101 00:05:00.439 --> 00:05:03.360 all the time, why are we still seeing so many infections? 102 00:05:03.360 --> 00:05:04.040 What's the gap? 103 00:05:04.240 --> 00:05:08.040 That's a great question. Historically, Yeah, older OS versions like 104 00:05:08.120 --> 00:05:11.439 early Windows, had real security flaws. Malware could just run 105 00:05:11.839 --> 00:05:12.879 sometimes automatically. 106 00:05:12.920 --> 00:05:15.360 That's why Mac and Unix always felt safer back then, 107 00:05:15.759 --> 00:05:18.120 less admin writes by default, that was a big. 108 00:05:18.000 --> 00:05:22.600 Part of it. Yes, but modern Windows, say from Vista onwards, 109 00:05:23.000 --> 00:05:26.519 really up the game. Features like user count control, UAC, 110 00:05:26.720 --> 00:05:29.079 secure mood. They made a huge difference. 111 00:05:29.279 --> 00:05:31.600 So the attackers changed tactics they had to. 112 00:05:31.759 --> 00:05:34.680 They shifted focus from just exploiting technical bugs in the 113 00:05:34.680 --> 00:05:40.319 OS to exploiting well leus human psychology. How so, malware 114 00:05:40.360 --> 00:05:45.279 started dressing up as something harmless or useful or even. 115 00:05:45.120 --> 00:05:47.040 Fun like what give me an example. 116 00:05:47.160 --> 00:05:50.480 Think about needing a special video codec to watch something online, 117 00:05:51.079 --> 00:05:53.839 or downloading a pirated app that promises all the features 118 00:05:53.839 --> 00:05:55.879 for free, or maybe even something that looks like a 119 00:05:55.920 --> 00:05:58.279 Windows update, but you got it from some random website. 120 00:05:58.399 --> 00:06:01.360 Ah okay. So it relies on tricking the user. 121 00:06:01.319 --> 00:06:04.399 Exactly, and this is where you become the weakest link. Potentially. 122 00:06:04.480 --> 00:06:07.720 People are busy, they're tired, maybe just curious. You click 123 00:06:07.879 --> 00:06:11.160 allow on a security prompt without really reading it, or. 124 00:06:11.160 --> 00:06:13.399 You grant admin rights just to make that annoying pop 125 00:06:13.480 --> 00:06:15.920 up go away or get that cat video to play right. 126 00:06:16.279 --> 00:06:19.560 And the scary thing is one person granting those rights 127 00:06:19.720 --> 00:06:22.040 can open the door for malware to spread across an 128 00:06:22.199 --> 00:06:25.720 entire company network, accessing shared files and resources. 129 00:06:25.800 --> 00:06:28.680 So the defense isn't just technical anymore. 130 00:06:28.600 --> 00:06:33.439 Not solely. No, The two biggest defenses are one technically 131 00:06:33.439 --> 00:06:36.279 preventing users from just running any old code or installing 132 00:06:36.319 --> 00:06:41.519 random software, and two maybe even more important education training 133 00:06:41.560 --> 00:06:44.199 people on what's safe to click and what definitely isn't. 134 00:06:44.360 --> 00:06:46.439 It really makes you stop and think, doesn't it. How 135 00:06:46.480 --> 00:06:49.399 often do we really read those prompts before clicking yes 136 00:06:49.680 --> 00:06:52.920 or install. It's a habit we probably all. 137 00:06:52.759 --> 00:06:54.079 Need to work on definitely. 138 00:06:54.160 --> 00:06:56.879 Now, we've been using the term malware as a catch all, 139 00:06:57.560 --> 00:06:59.480 but there are different types, right, What are the main 140 00:06:59.519 --> 00:07:00.759 distinctions we should understand? 141 00:07:00.800 --> 00:07:03.680 You're right, it's an umbrella term. Malware covers a lot 142 00:07:03.680 --> 00:07:06.800 of ground. The key types often different in how they 143 00:07:06.879 --> 00:07:07.800 spread or what they. 144 00:07:07.680 --> 00:07:10.480 Do, Like viruses versus worms. What's the difference there. 145 00:07:10.519 --> 00:07:13.160 It's mainly about propagation, how they get around. A virus 146 00:07:13.199 --> 00:07:15.680 needs help to spread, like attaching itself to a file 147 00:07:15.720 --> 00:07:17.720 that you then share, maybe on a USB stick or 148 00:07:17.839 --> 00:07:20.720 email attachment, physical contact. 149 00:07:20.199 --> 00:07:23.319 Almost like a biological virus pretty much. 150 00:07:23.439 --> 00:07:25.519 A worm, on the other hand, is designed to spread 151 00:07:25.560 --> 00:07:28.519 by itself across a network. It burrows from one computer 152 00:07:28.600 --> 00:07:31.839 to another, replicating as it goes, without needing you to 153 00:07:31.920 --> 00:07:33.079 actively share a file. 154 00:07:33.560 --> 00:07:35.680 Okay, so that's how they spread. What about what they 155 00:07:35.720 --> 00:07:38.319 actually do once they're inside? Let's talk about the ones 156 00:07:38.360 --> 00:07:39.279 that steal information. 157 00:07:39.920 --> 00:07:43.120 Spyware spyware does exactly what it says on the tin. 158 00:07:43.240 --> 00:07:46.360 It spies on you, gathers information about what you do 159 00:07:46.480 --> 00:07:49.800 online maybe offline too, often includes a keylogger. 160 00:07:50.000 --> 00:07:52.199 Keylogger records everything I type. 161 00:07:52.040 --> 00:07:55.959 YEP, passwords, bank details, private messages, then sends it all 162 00:07:56.000 --> 00:07:59.319 back to whoever created the spyware. Pretty nasty stuff. 163 00:07:59.120 --> 00:08:01.240 And adwere that sounds less harmful? 164 00:08:01.480 --> 00:08:04.800 Generally? Yes, AdWords mostly about showing you unwanted ads usually 165 00:08:04.800 --> 00:08:09.240 pop ups annoying, but rarely a direct threat, unlike unless 166 00:08:09.279 --> 00:08:12.040 it comes bundled with something else, like a keylogger hidden inside. 167 00:08:12.160 --> 00:08:14.279 So even seemingly harmless adware can be risky. 168 00:08:14.360 --> 00:08:17.199 Okay, got it? What about trojans trojan horses? 169 00:08:17.560 --> 00:08:22.360 Right? These disguise themselves as legitimate software, could be anything 170 00:08:22.360 --> 00:08:24.759 a Kodak, a browser plug in. Maybe that powered app 171 00:08:24.800 --> 00:08:27.560 we mentioned looks fine on the outside, took inside it's 172 00:08:27.560 --> 00:08:31.240 carrying a hidden, malicious payload. Once you install the useful thing, 173 00:08:31.680 --> 00:08:33.480 the nasty bit gets installed too. 174 00:08:33.480 --> 00:08:36.279 And it was technically a Greek horse, not trojan you 175 00:08:36.320 --> 00:08:37.960 mentioned well grease Yeah. 176 00:08:37.799 --> 00:08:41.840 Yeah, pedantic point, But the principle of deception is identical. 177 00:08:41.960 --> 00:08:45.600 Deception is key, and that leads us to bots right, 178 00:08:46.279 --> 00:08:47.879 creating these botnets exactly. 179 00:08:48.159 --> 00:08:52.360 Bots infect machines, thousands, sometimes millions of them and turn 180 00:08:52.440 --> 00:08:55.320 them into a kind of zombie army, a botnet. 181 00:08:55.000 --> 00:08:57.120 And these botnets are used for often for those D 182 00:08:57.240 --> 00:09:00.519 Days attacks we talked about flooding websites, but they almost 183 00:09:00.600 --> 00:09:03.960 always have keyloggers and back doors built into for stealing 184 00:09:04.039 --> 00:09:05.679 data or taking remote control. 185 00:09:06.039 --> 00:09:09.200 Microsoft and law enforcement have actually had some success taking 186 00:09:09.240 --> 00:09:11.279 down major bot nets, which is good news. 187 00:09:11.399 --> 00:09:13.799 That is good news. Now, root kits and bootkits some 188 00:09:13.919 --> 00:09:14.919 particularly nasty. 189 00:09:14.919 --> 00:09:17.159 They are. They dig in really deep, hiding in the 190 00:09:17.159 --> 00:09:20.080 boot partitions of your hard drive. Basically, they load before 191 00:09:20.080 --> 00:09:21.279 your operating system. 192 00:09:20.960 --> 00:09:24.360 Even starts, so they're hidden from normal security software. 193 00:09:24.639 --> 00:09:27.960 Often, yes, they can gain complete control of the system 194 00:09:28.320 --> 00:09:32.159 while staying invisible. That's why things like Intel's Secure boot 195 00:09:32.360 --> 00:09:33.200 are so important. 196 00:09:33.320 --> 00:09:36.559 Secure boot checks the digital signatures during startup right. 197 00:09:36.879 --> 00:09:40.320 It verifies the firmware and the OS itself before loading. 198 00:09:40.960 --> 00:09:44.519 If something's been tampered with, like by a bootkit, it 199 00:09:44.600 --> 00:09:45.679 ideally shouldn't start. 200 00:09:45.759 --> 00:09:48.039 But you mentioned that can be an issue for older 201 00:09:48.039 --> 00:09:50.159 OT's like Windows seven or Linux. 202 00:09:50.240 --> 00:09:53.600 Yeah, they don't always support secure boot natively without some 203 00:09:53.679 --> 00:09:58.080 configuration changes, so some users might disable it, which unfortunately 204 00:09:58.159 --> 00:09:59.759 opens the door for these kinds of attacks. 205 00:10:00.159 --> 00:10:02.440 Back Doors are they separate things or part of these 206 00:10:02.480 --> 00:10:03.840 other malware types. 207 00:10:03.679 --> 00:10:06.399 Often part of others. A backdoor is just what it 208 00:10:06.480 --> 00:10:08.519 sounds like, a hidden way for someone to get remote 209 00:10:08.519 --> 00:10:11.879 access and control your PC later bypassing all the normal 210 00:10:11.919 --> 00:10:14.679 security checks, give them access to your files, your network. 211 00:10:14.759 --> 00:10:17.960 Okay. And finally, ransomware the big one, the. 212 00:10:17.879 --> 00:10:21.519 Most unpleasant, definitely and often the most financially damaging. It 213 00:10:21.600 --> 00:10:24.759 encrypts your files, documents, photos, videos. 214 00:10:24.480 --> 00:10:26.840 Everything, scrambles theme completely, makes. 215 00:10:26.639 --> 00:10:31.399 Them totally inaccessible. Sometimes it encrypts the entire disc or 216 00:10:31.480 --> 00:10:34.360 the file directory system itself, the master list of where 217 00:10:34.360 --> 00:10:37.480 everything is then pops up the demand for bitcoin for 218 00:10:37.519 --> 00:10:38.440 the decryption key. 219 00:10:38.799 --> 00:10:41.519 And because we SINNC everything to the cloud now it. 220 00:10:41.440 --> 00:10:44.960 Can spread fast, encrypt files on your network drives, even 221 00:10:45.000 --> 00:10:47.759 in your cloud storage if it sinks fast enough. And 222 00:10:47.799 --> 00:10:49.919 as we said, organizations often pay up. 223 00:10:50.080 --> 00:10:52.639 Why do they pay just the cost of recovery? 224 00:10:52.759 --> 00:10:57.559 Often yeah, downtime, data loss. It can be catastrophic. The 225 00:10:57.639 --> 00:11:00.960 criminals know this. They price the ransom accordingly high, but 226 00:11:01.000 --> 00:11:03.519 maybe just low enough to make paying seem like the 227 00:11:03.639 --> 00:11:04.399 lesser evil. 228 00:11:04.799 --> 00:11:07.279 But paying doesn't always guarantee you get your files back 229 00:11:07.440 --> 00:11:09.320 right or that it's over exactly. 230 00:11:09.919 --> 00:11:13.039 Sometimes the decryption key doesn't work, or worse, the key 231 00:11:13.120 --> 00:11:16.679 itself contains another piece of malware. It's a truly vicious cycle. 232 00:11:16.879 --> 00:11:19.399 Okay, so that's a pretty grim picture of the threats. 233 00:11:19.440 --> 00:11:22.120 How do we actually start defending ourselves? What's the approach? 234 00:11:22.279 --> 00:11:25.639 The core concept is defense in depth, think layers, not 235 00:11:25.720 --> 00:11:28.919 just one big wall, right, because even the best single solution, 236 00:11:29.519 --> 00:11:33.039 say just an antivirus, can potentially be lie passed. You 237 00:11:33.080 --> 00:11:35.759 need multiple layers of protection that back each other up. 238 00:11:36.360 --> 00:11:37.799 Redundancy is key. 239 00:11:37.639 --> 00:11:39.840 And Microsoft has built a lot of these layers directly 240 00:11:39.879 --> 00:11:41.360 into Windows, now, haven't. 241 00:11:41.039 --> 00:11:43.720 They They really have, Especially in Windows seven, eight point 242 00:11:43.720 --> 00:11:47.279 one to ten. You've got the Security Center or Security 243 00:11:47.279 --> 00:11:50.039 of Maintenance in Windows ten that's your main dashboard. 244 00:11:50.120 --> 00:11:53.639 The traffic light system green, amber, red, YEP. 245 00:11:53.519 --> 00:11:56.399 Gives you a quick visual check. Green is good, Amber 246 00:11:56.440 --> 00:11:59.639 means check something, Red means there's a problem. Like your 247 00:11:59.639 --> 00:12:01.480 anti viruses offer out of date. 248 00:12:01.440 --> 00:12:04.519 And User Account control UAC. You mentioned that earlier. 249 00:12:04.600 --> 00:12:07.039 Yeah, UAC is like your first line of defense against 250 00:12:07.159 --> 00:12:11.600 unauthorized changes when something tries to install software or change 251 00:12:11.600 --> 00:12:15.600 system settings, UAC pops up that prompt in a secure environment. 252 00:12:15.840 --> 00:12:17.320 Secure environment, what does that mean? 253 00:12:17.480 --> 00:12:20.120 It means the rest of the desktop is dimmed and inactive, 254 00:12:20.159 --> 00:12:24.240 so malware can't like hijack your mouse quick and approve itself. 255 00:12:24.480 --> 00:12:26.919 It's designed to make you consciously interact with the prompt. 256 00:12:27.039 --> 00:12:29.879 Clever and the built in firewall. 257 00:12:29.600 --> 00:12:33.080 Windows Firewall is actually very effective. A lot of companies 258 00:12:33.120 --> 00:12:36.159 still use third party ones, maybe for centralized management, but 259 00:12:36.240 --> 00:12:38.879 the built in one, especially the Advanced firewall, gives you 260 00:12:39.000 --> 00:12:43.960 really granular control over which app supports and services can communicate. 261 00:12:44.279 --> 00:12:48.320 What about the Malicious Software Removal Tool MSRT? Is that 262 00:12:48.360 --> 00:12:49.360 the main antivirus? 263 00:12:50.000 --> 00:12:52.960 No think if MSRT is an extra cleanup tool. It 264 00:12:53.000 --> 00:12:58.519 targets specific, really widespread major threats. Microsoft updates it every 265 00:12:58.559 --> 00:13:01.879 month through Windows Update. It runs quietly in the background usually, 266 00:13:02.200 --> 00:13:04.279 but you can download and run it manually if you 267 00:13:04.320 --> 00:13:05.879 suspect something nasty got through. 268 00:13:05.960 --> 00:13:10.039 And Windows Update itself is crucial for security. 269 00:13:09.600 --> 00:13:13.759 Absolutely essential, not just for features, but for patching vulnerabilities 270 00:13:13.759 --> 00:13:17.559 that malware exploits. Windows ten make security and stability updates 271 00:13:17.639 --> 00:13:19.200 mandatory for this reason. 272 00:13:19.120 --> 00:13:22.879 Though you can delay some updates. In pro and enterprise versions, you. 273 00:13:22.840 --> 00:13:25.320 Can defer the big feature updates for a while. Yeah yeah, 274 00:13:25.360 --> 00:13:29.120 but those critical security patches they come through regardless, which 275 00:13:29.159 --> 00:13:29.639 is important. 276 00:13:29.639 --> 00:13:32.480 Okay, let's talk about protecting the startup process. That seems 277 00:13:32.519 --> 00:13:33.840 like a really vulnerable time. 278 00:13:34.159 --> 00:13:39.120 BitLocker BitLocker drive encryption is fantastic, especially on laptops available 279 00:13:39.120 --> 00:13:42.320 in pro and enterprise editions. It encrypts your entire. 280 00:13:42.080 --> 00:13:45.279 Hard drive, so if someone steals my laptop, they can't 281 00:13:45.320 --> 00:13:45.879 just pull out. 282 00:13:45.759 --> 00:13:47.759 The hard drive and read your data. Even when the 283 00:13:47.759 --> 00:13:51.080 PC is signed out, the drive stays locked. It's like 284 00:13:51.120 --> 00:13:53.159 a digital safe for your data at rest. 285 00:13:53.519 --> 00:13:56.679 Really important and secure boot. We touched on that regarding. 286 00:13:56.360 --> 00:14:00.279 Bootcuts right developed by Intel mandatory since Windows A point 287 00:14:00.320 --> 00:14:02.840 one on new PCs. It's that digital bouncer at the 288 00:14:02.879 --> 00:14:06.240 door checks the signatures of the firmware and the OS before. 289 00:14:06.039 --> 00:14:09.120 They load, preventing unauthorized code from running early on. 290 00:14:09.200 --> 00:14:12.279 Exactly stops malware trying to sneak in before Windows are 291 00:14:12.320 --> 00:14:15.159 your anti virus is even up and running again. Can 292 00:14:15.200 --> 00:14:18.080 sometimes need disabling for older ocs or Linux, which is 293 00:14:18.080 --> 00:14:18.600 a trade off. 294 00:14:18.639 --> 00:14:21.120 After secure boot, there's trusted boot yes. 295 00:14:21.279 --> 00:14:24.399 In Windows eight point one to ten, Trusted Boot takes 296 00:14:24.440 --> 00:14:27.360 over once secure boot is done. It checks the integrity 297 00:14:27.399 --> 00:14:30.639 of the actual Windows kernel, the core system, files, drivers, 298 00:14:31.159 --> 00:14:32.559 everything as it loads. 299 00:14:32.320 --> 00:14:34.279 And if it finds something modified. 300 00:14:34.039 --> 00:14:37.039 It'll try to repair it automatically. It's another layer ensuring 301 00:14:37.080 --> 00:14:39.120 the OS hasn't been tampered with before you get to 302 00:14:39.159 --> 00:14:40.159 your desktop. 303 00:14:39.840 --> 00:14:42.519 And early launch anti malware. 304 00:14:42.240 --> 00:14:45.679 Elim ELAM is crucial to It lets your anti virus 305 00:14:45.840 --> 00:14:49.720 driver load very early in the boot process before potentially 306 00:14:49.759 --> 00:14:54.080 malicious drivers can. It establishes this chain of trust. 307 00:14:54.000 --> 00:14:56.399 So it checks drivers against a list. 308 00:14:56.440 --> 00:14:59.720 Basically, yeah, if a driver isn't digitally signed and trusted, 309 00:15:00.000 --> 00:15:02.960 ELAM can prevent it from loading, stopping a common way 310 00:15:03.200 --> 00:15:04.879 malware tries to hook into the system. 311 00:15:04.960 --> 00:15:08.480 Okay, so that's boot security. What about active protection While 312 00:15:08.519 --> 00:15:10.200 Windows is running smart Screen? 313 00:15:10.360 --> 00:15:13.200 Windows smart Screen is an online reputation service. When you 314 00:15:13.240 --> 00:15:15.679 download a file or visit a website, it checks it 315 00:15:15.720 --> 00:15:19.840 against Microsoft's constantly updated lists of known malicious sites and files. 316 00:15:19.919 --> 00:15:21.600 Sounds useful. Any downsides? 317 00:15:21.960 --> 00:15:25.120 Well, the warnings can sometimes be a bit vague, users 318 00:15:25.200 --> 00:15:27.799 might just click through them, and unfortunately, it can sometimes 319 00:15:27.799 --> 00:15:30.639 be disabled fairly easily. In browser settings or Windows Settings 320 00:15:30.799 --> 00:15:33.159 without triggering a UAC prompt. 321 00:15:33.320 --> 00:15:36.720 Right. And then there's the main antivirus itself, Windows Defender 322 00:15:37.320 --> 00:15:39.360 or Security Essentials on Windows seven. 323 00:15:39.679 --> 00:15:44.440 Yes, Microsoft's free build in anti virus. It used to 324 00:15:44.440 --> 00:15:46.879 be seen as just basic, but honestly has become quite 325 00:15:46.960 --> 00:15:50.159 robust and deeply integrated into Windows ten and eleven. 326 00:15:49.960 --> 00:15:51.799 So it's good enough for most people. 327 00:15:51.840 --> 00:15:56.799 For baseline protection. Absolutely, it's lightweight, always on. Many businesses 328 00:15:56.840 --> 00:15:59.759 still opt for third party solutions for more advanced features 329 00:15:59.799 --> 00:16:04.120 or central management, but Defender is a solid foundation. 330 00:16:04.399 --> 00:16:07.200 And Defender offline for really tough infections. 331 00:16:07.360 --> 00:16:10.879 That's a really powerful tool built into Windows ten settings, 332 00:16:11.240 --> 00:16:13.879 or you can create a bootable USB for other versions. 333 00:16:14.240 --> 00:16:17.360 It reboots your PC into a special clean environment outside 334 00:16:17.399 --> 00:16:18.159 of Windows to. 335 00:16:18.200 --> 00:16:20.159 Scan before the malware can load. 336 00:16:20.039 --> 00:16:23.679 Exactly, especially good for rootkits that hide from regular scans. 337 00:16:24.120 --> 00:16:26.480 It scans the drive before the main OS and any 338 00:16:26.519 --> 00:16:28.720 resident malware has a chance to interfere. 339 00:16:29.000 --> 00:16:31.519 What about app containers you mentioned those briefly. 340 00:16:31.320 --> 00:16:33.919 Yeah, this is more about how modern Windows store apps work. 341 00:16:34.000 --> 00:16:36.559 They run these isolated containers. Think of them like mini 342 00:16:36.639 --> 00:16:39.559 virtual machines with their own protected storage and memory. 343 00:16:39.639 --> 00:16:41.679 So if one gets infected, it can't easily. 344 00:16:41.360 --> 00:16:45.799 Spread precisely, it's sandboxed. Makes those apps much more resilient 345 00:16:45.799 --> 00:16:48.759 to malware compared to traditional desktop applications. 346 00:16:49.000 --> 00:16:51.960 And even the PC architecture matters thirty two bit versus 347 00:16:52.000 --> 00:16:52.759 sixty four. 348 00:16:52.559 --> 00:16:55.240 Bit it does pretty much. All modern PCs are sixty 349 00:16:55.279 --> 00:16:59.039 four bit now, and that's generally more secure. Why Mainly 350 00:16:59.080 --> 00:17:02.679 because sixty four bit Windows requires hardware and software drivers 351 00:17:02.679 --> 00:17:03.759 to be digitally signed. 352 00:17:03.919 --> 00:17:06.960 Ah that driver signing thing again, yep. 353 00:17:07.160 --> 00:17:09.759 Unsigned drivers are a classic way for malware to get 354 00:17:09.799 --> 00:17:13.640 deep system access, and sixty four bit Windows largely closes 355 00:17:13.720 --> 00:17:17.920 that door. Plus sixty four bit supports virtualization features better, 356 00:17:18.079 --> 00:17:19.799 which underpins some security tech. 357 00:17:19.960 --> 00:17:24.000 Okay, last point on defense, restricting file access. This sounds 358 00:17:24.000 --> 00:17:25.240 critical for ransomware. 359 00:17:25.319 --> 00:17:28.480 Absolutely critical, But it's tricky, especially with cloud backups. 360 00:17:28.519 --> 00:17:30.200 Why tricky? Aren't cloud backups good? 361 00:17:30.759 --> 00:17:33.839 They are? But think about how ransomware works. It encrypts 362 00:17:33.839 --> 00:17:37.359 your files instantly, and your cloud backup software it's designed 363 00:17:37.359 --> 00:17:38.759 to sync changes instantly too. 364 00:17:38.880 --> 00:17:41.240 Oh no, so it backs up the encrypted files often. 365 00:17:41.319 --> 00:17:44.359 Yes, Overwriting your good copies in the cloud with the 366 00:17:44.440 --> 00:17:47.400 useless encrypted versions happens frighteningly. Fast. 367 00:17:47.720 --> 00:17:50.200 So how do you protect your files in this instant 368 00:17:50.240 --> 00:17:52.279 sinc world? Is there a reliable way? 369 00:17:52.920 --> 00:17:56.440 The source strongly suggests the button approach, though not perfect, 370 00:17:56.759 --> 00:18:01.000 is maintaining a periodic completely offline backup a separate external 371 00:18:01.000 --> 00:18:03.160 hard drive that you can act back up to and 372 00:18:03.200 --> 00:18:04.319 then disconnect. 373 00:18:03.880 --> 00:18:07.640 Completely, the digital equivalent of putting valuables in a separate safe. 374 00:18:08.000 --> 00:18:11.240 Exactly that, Because yeah, Murphy's low says, the ransomware will 375 00:18:11.279 --> 00:18:14.240 hit just before your next backup is due, but having 376 00:18:14.319 --> 00:18:17.119 that offline copy is still your best insurance against total 377 00:18:17.160 --> 00:18:17.759 data loss. 378 00:18:17.960 --> 00:18:22.079 Makes sense? Okay, let's shift gears. How do we actually 379 00:18:22.480 --> 00:18:25.960 recognize when an attack might be happening? What are the signs? 380 00:18:26.200 --> 00:18:29.279 Well, Windows PCs are still the biggest target right backwards 381 00:18:29.279 --> 00:18:33.880 compatibility users often running as admin, open networking, just this 382 00:18:33.960 --> 00:18:36.400 sheer number of users, Yeah, it makes them attractive. 383 00:18:36.599 --> 00:18:38.839 And the symptoms what should you look out for? 384 00:18:39.200 --> 00:18:41.880 The common ones are pretty noticeable. Usually your PC suddenly 385 00:18:41.880 --> 00:18:45.039 gets really slow, lots of unexplained disk activity or network traffic. 386 00:18:45.039 --> 00:18:49.400 You don't recognize files not opening or opening strangely. 387 00:18:49.200 --> 00:18:53.480 Yeah, or weird pop ups. Maybe your desktop background changes unexpectedly, 388 00:18:53.599 --> 00:18:57.799 freaking crashes or hangs. Basically, your computer just starts acting weird, 389 00:18:58.319 --> 00:18:59.960 not behaving like it normally does. 390 00:19:00.119 --> 00:19:03.160 Okay, and the source mentioned three main types of viruses 391 00:19:03.160 --> 00:19:04.359 that cause these infections. 392 00:19:04.640 --> 00:19:09.480 Broadly speaking, yes, file infectors, boots sector viruses or root kits, 393 00:19:09.519 --> 00:19:10.799 and macroviruses. 394 00:19:10.880 --> 00:19:13.799 File infectors attached to other files. 395 00:19:13.359 --> 00:19:18.000 Right, They latch onto executables like dot ex files. Antivirus 396 00:19:18.039 --> 00:19:20.880 often catches these by looking for their known signature, a 397 00:19:21.000 --> 00:19:24.440 unique pattern in their code. Remember that fake scanty example, 398 00:19:24.799 --> 00:19:26.480 a fake antivirus program. 399 00:19:26.559 --> 00:19:28.440 Oh yeah, the ones that pop up fake warnings and 400 00:19:28.480 --> 00:19:29.799 demand money exactly. 401 00:19:29.839 --> 00:19:33.400