Is Someone Remote Controlling Your Computer?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
could someone be remote controlling your computer this could be a key logger another type of malware is the remote access trojan or rat and another one is always in the news today and that's the ransomware and you get all these emails claiming they're watching your computer and that you need to pay up in bitcoin or they will release your private pictures now some of these threats are imagined some are fake bluster like those claiming they have your picks but wouldn't be nice to know for sure if there's someone remote controlling your computer and for privacy it would be good to know who's tracking you you'd be surprised for example to see that facebook is tracking you outside of facebook how do you find out all these secret communications on your computer with outside players today i'm going to teach you about some tools called outgoing firewalls that you can use to find clues of rats keyloggers spyware and other malware on your windows your mac or your android so stay right there [Music] when you need better search results like those from google but you don't want the google tracking check out privacy search engine startpage.com it does not collect or share any of your personal data so you can search anonymously my company offers a vpn service bytes vpn the google phones vpn routers and now we offer a bracemail email service these products are made to protect you from big tech in their tricks to profile us if you're interested in them they are on my app praxmi the link is in the description back in the old days when a hacker wants to control a computer the computer is hacked directly by making a straight connection between the hacker's computer and the target computer and nowadays this can still be an attack that's done on computer servers like those running websites but this kind of attack does not work too well on user computers the operating systems used on pcs like windows and mac os automatically come with an incoming firewall this firewall blocks external connection from being made to the computer the second reason we don't expect a direct outside attack anymore is that most of us operate our computers within our home and we get internet from a dsl provider then we install a wi-fi router after the dsl modem this then causes the network beyond the router to be unreachable from the outside internet each home router behaves like another incoming firewall that prevents an outside party from connecting into your network your home network but we all know that our computers are still being attacked heavily today so how's that done the way an attacker gets into our personal computers and devices nowadays is from the inside while regular firewalls prevent outside parties from connecting to your device directly nothing stops apps from your computer from connecting out to make this distinction a standard firewall is often used to block incoming connections by default you are not blocked from making outgoing connections but a malware that infects your computer will trick you to install it via some social engineering method the most common way is via an email attachment another common way is to piggyback on some installer you download let's say you look for a free audio processing app like audacity you just go to the internet and click on the first one you see without checking if it's from an official source it may behave normally like the normal software but the installer could have been modified to install something else other than audacity anyway these are just two examples of how malware could be installed on your system then once the malware is installed it can hide for a while and then connect with home base on the internet for further instructions the most advanced malware used by state players initially start out with a small file that does nothing and then it connects externally and downloads other pieces of software sometimes these other programs just run in memory and don't actually show up on disk these are the worst because they don't leave a trace and the initial small file itself is just a program loader it doesn't actually perform any obvious task itself to avoid detection the initial malware will often delay any external contacts you don't remember what you recently installed when malware enters your system and hides we often will refer to them as a trojan horse since a direct connection to the trojan horse is not usually likely as i explained earlier the trojan horse will connect to another server and then await instructions on that server while maintaining this connection then the hacker connects to that server that trojan horse now can be remote controlled and then we call it a remote access trojan or rat now rats come in different flavors some just open your file system for the external player to download from the works actually allow the third-party hacker to watch what you're doing and some remember what you're typing and they're called key loggers some have full control of your device including turning on the microphone or the camera at will it doesn't matter how they can spy on you these are the worst malware of all and can get the most sensitive of files on your machine in the case of businesses an attacker can scope out the network around your computer and then start encrypting files and hold the decryption key for ransom that's the ransomware now what is interesting about these malware products is that in order to operate they need to establish an outside connection another simpler kind of spyware is what's on a website add company spy on your browsing activities and report it to a tracking website for example you go to cnn.com and you will find a large number of trackers that record what you clicked on and what ads were displayed and then sends that data to the ad tracking company this is what can be blocked by an outgoing firewall and this is the software we will learn to use today to protect your computer the premise is this any software that attempts to communicate over the internet can cause an alert to pop out then you the owner of the computer can give the permission for the app to make the outgoing connection if you detect that some unknown app is making a connection you can block that app and by doing so it will not be able to connect to its command and control server frankly it is very hard to detect advanced malware on a computer you need to really study patterns over a long period of time however you will see that our privacy can be enhanced by using outgoing firewalls even in simple ways like stopping spyware computers are very complex nowadays and some of you willingly install every possible software without thinking about the effects if you want to do this clean you should start off with a factory reset this will ensure that you know every piece of software installed windows does allow you to block apps from making outgoing connections but this is tedious and not really all that usable for day-to-day use fortunately there are user-friendly outgoing firewall products that really do a good job of telling you what is going on on your internet connection on windows the popular firewall product is glass wire on mac os it is little snitch there's netguard on android and glassware also has an android version there is no app available on ios for this ios does not allow any app to watch the activities of other apps that's limited only for apple itself so there's no outgoing firewall product you can use for that though it is possible to insert a third-party device in the middle of your network to do this outgoing firewall today we'll focus on teaching you how to install and use glass wire in little snitch little snitch can be downloaded from this link i'm showing you here the company that makes it is objective development now first i downloaded the trial version for little snitch the trial version was fully functional it just gives you a three hour monitoring limit so it's good enough to play with [Music] once you download the dmg file click on it to install then it will give you the option to drag it to the applications folder after dragging you can run it to install a firewall app like this has the ability to examine all the traffic using a system feature called a content filter so it needs special permissions also since this is not an app from the apple app store it will ask that you allow it to be installed go to system preferences security and privacy and you will see the option to allow this app will appear in the general section unlock the settings screen with your admin username and password and give it the permissions then give it all the rights to enable the content filter and it will install when it's installed it will appear on the top menu bar with the icon i'm showing you here you click on that to see the menu and the first item on the menu is show network monitor [Music] on the network monitor you will see all the different apps have been getting network access the ones it discovered as active while i had the app set to solid mode are marked in blue this would have triggered an alert otherwise but those are currently unrestricted anyway that's just a product of my testing so you can ignore that on each item you can specify if you want to allow or block the app from accessing the internet using that x or the check mark but you can be more specific for example i looked at firefox and every website that i had access appears on this now what is interesting are all the suspicious ad trackers and something that is even more interesting though i did not go to facebook i see facebook listed in here together with a bunch of ad tracking domains so i will deny them access right there i've already gotten a big privacy boost with this tool i don't know for sure which domains are ad trackers of course i'm guessing just from the word ad being in the name or by the name facebook but for most of these it is obvious you could clear the log and watch which sites are passing all these extraneous domains and try blocking them and then you can re-enable them if your platform stops working a lot of work depending on what you're trying to examine you can go down to the ip address level and block specific ip addresses this is very useful for the security researchers identifying malware to block a specific app let's say firefox you can click on the x on the rule button and then that will be prevented from getting internet access you can block the entire app from network access or you can block it from going to a specific website [Music] [Music] one of the things you can do instead of blocking at an app by app level is to create a general rule that you can apply to all for example if i go to the little snitch rules and right click i can add a new rule like block any app from accessing facebook.com this will stop facebook trackers from any app now at the end of this i purchased a license from little snitch so this is no longer giving me a demo mode option every time i launch it now in general little snitch does not give us much of a big picture as i would like if i'm looking for malware there's no easy way to narrow it down by some unknown publisher or communicating on some non-standard port or perhaps on some other protocol other than https but it's a very attractive app and it has that very nice map view so you can learn how everything on the internet interconnects just a caution the map shows who owns specific groups of ip addresses it doesn't necessarily point to a correct location let's now show you the popular outgoing firewall for windows which is glass wire just like the little snitch demo i started off with the trial mode of glass wire if you use it for the first time they activate all the features for three days i think and then from there the premium features are disabled and there are a lot of premium features to install glass wire we go to their website at glassware.com and download the installation file let me just quickly demonstrate that since it's pretty simple on windows i'll skip the very last step since it's already installed i've got it ready so let's run this now i'll show you first what you see in demo mode and then later i will activate the license and then you can check out the rest of the features and it is quite robust glass wire has a lot of features if i'm trying to hunt down malware glassware will really help you hone it down you can see the general incoming and outgoing traffic from the graphical chart first you can examine the app traffic by app but to help you filter down you can also see the traffic tab where the activity is grouped by protocol so you can see which apps are sending dns traffic versus http traffic or email traffic this gives you a better way of analyzing for example i would be drawn to the other category to see what protocols are being used another way of looking at the traffic is by publisher you can see if apps are being sent by software publishers with a valid certificate this is really good for isolating malware since those will not be from the app stores so they will not have a certificate the next main heading is the usage now here instead of the traffic graph we now actually see individual domains and connections and the amount of traffic really easy to analyze it's great that they've actually tracked the domain names little snitch has the same information but the way it is presented makes it easier to look for some malware which is a needle and a haystack now the next three categories which are things firewall and alerts are disabled in demo mode after a few days so let me license this and proceed okay it's licensed now and the things tab is now active so let's go to things i actually wrote an app like this and it's very useful you can check your network for devices and see if there's anything that shouldn't be on it you can then flag the device and label it now the mac addresses are no longer meaningful because of the introduction of mac address randomization in fact one of these alerts shows that a mac address changed since we're flashing custom roms on phones here when the phones reconnect to the network they're assigned to a new mac address by android so none of these mac addresses are real i'll just show you a couple of examples here of how i turn on the firewall and then select the app to be blocked i'm testing with brave and firefox in this case so we'll do an example denying your connection and you will see that the browser stops running you can also allow a connection and you will see that the browser continues to work when there's a firewall action the alert appears and those alerts are also logged in the alerts tab if you get the alert you can choose to allow an internet connection or deny the connection now let's see some other features this firewall gives us a more useful tool for virus detection as well instead of operating in the background and giving secret openings and executing programs in privileged memory spaces that create more risk or spying on our encrypted traffic i like the way this feature called virustotal is implemented this virus tracking is done based on network activity only so if some known malware or ransomware is identified by network traffic then this will spot it then instead of searching for malware manually someone is doing this for us automatically this is a free service that comes with the glass wire subscription and i definitely would turn this on if you're an average user this doesn't interfere with my computer like a typical antivirus would it's just reporting i would turn this off though if you're a programmer since glasswire will take a copy of your app and put it in their database now on your android phone you can install the firewall netguard the problem with running netguard is that it uses a vpn driver to operate so you can't really run it with an actual vpn glassware does not appear to require a vpn driver i'm able to run it while the vpn is on in general both of these apps are very simple on android you can select the app and block them from getting internet access they don't have the sophistication of analysis that you can do on desktop firewalls and as i said earlier as well there is no firewall for ios in general what ios does differently is that each app is reviewed and monitored by apple so during the approval process they can see if an app is behaving strangely or sending data inappropriately if it's discovered then it is removed from the app store and all ios devices this is not foolproof though since bad apps can delay their bad actions though apple provides some protection i caution you here there are legitimate tracking apps in the app store apps that can remote control your iphone they can be installed by anyone that has your apple id while this threat is less likely to come from the outside i found these types of apps are installed by employers since it is their phone or in some cases if parents are divorced one parent hands the phone to a kid with the tracking app on there and the parent where the apple id tracks the location would find my phone and has complete remote control of the device perhaps not realized by the other parent just a heads up on this and it can happen on android 2 or a computer so to summarize without using any outgoing firewalls and traffic monitoring you really would have zero clue with malware the only protection you have is to assume you have malware and perform a factory reset on some regular basis or reset if something suspicious is happening like an extra slow computer fortunately with these outgoing firewall tools we have a way to do an active defense and actually recognize patterns i would leave these firewalls in tracking mode for long periods malware will hide for short periods so the only way to find them is through long-term monitoring enjoy these tools at the very least it will be a teaching moment and you will learn what really goes on in your devices i'm on the platform odyssey.com i'm now one of the top creators on there just for insurance in case i get the platform please follow me there using the link in the description i hope you enjoyed this video and if you did then it really helps to build our privacy movement if you subscribe to this channel and hit that notification bell thank you for watching and see you next time
Info
Channel: Rob Braxman Tech
Views: 34,194
Rating: undefined out of 5
Keywords: internet privacy, privacy, tech privacy, internet privacy guy, remote access trojan, ransomware, malware, catching remote access trojans, catching spyware, outgoing firewall, network monitoring tools, glasswire, little snitch, windows glasswire, macos little snitch, windows 11 firewall
Id: _BumJVuDwJc
Channel Id: undefined
Length: 23min 45sec (1425 seconds)
Published: Thu Oct 21 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.