GitHub Scripts and Viruses 

Congrats to 400.000 Subscribers! You do a great job! I really like your videos! Keep up the good work :)

Yeh good tip, minute 2 and 20 seconds - Going to the Raw from the URL bit in the single command is a good one, I should've twigged to that one when trying to steer people into checking these scripts before running them. It’s not commonly known that the embedded link takes you to the raw script When you get there, hit Ctrl+a to highlight it all, then Ctrl+c, to copy it all, then paste it in the ISE or Notepad++ , and have a good look at it before deciding if you want to use it……

I'm more inclined to use your script or any youtuber with respectable number of subscribers, because you have much to lose than others (ie trust, respect and youtube career). One controversy and influencers/content creator's career pretty much over, thus I trust you more although in your case I respect your dedication and enthusiasm to help people like me, with shallow technical knowledge as well as unbiased opinions. Please keep up the good work and I hope your fanbase keep growing.

That's why I always would recommend: If you are unsure with some scripts, run them isolated in a sandbox environment. I'm for example testing those scripts in a Windows 10 VM and not only try to understand the code itself, but how the code (if there for example something isn't documented or well documented) behaves, when it gets executed. You can also go a step further and isolate that machine from the LAN and secure your network a bit, so that malware cannot effect your local network ressources like SMB Shares for example. Yes I know the disadvantage, that modern malware can gether information so see, if it is running in a virtual or physical environment. But you could combine it with the code review and try to look, when the running script does stop a action or itself, if it knows, that it is running in a virtual environment. That's also a hint, that the code contains malicious pieces in it.

Minute 4 and 30 seconds: WinForms v WPF I never seen any stuff in WPF, so that would be a nice comparison to see if and when you do it. ( But might be worth noting that there are no major scaling or size problems currently: You just have some rogue script lines that came in, probably by mistake, last July, which brake it - remove them and all is well.) A quick look at simple colors and formats in the WinForm GUI suggest that’s more than adequate for anything you would want to do: WPF might be more complications you don’t need, but hey, go for it, really: You can come up with some novel results when you ‘ave a go at running before you can stand up without falling over, - because you can be less hampered by the restrictions if you didn’t realize they were supposed to be there, - just move forward as you feel. You’ll be alright.

When I first heard the news about Windows Toolbox installed malware, I thought it was the CTT version. Good thing that it wasn't.

That's why I never run any of CTT scripts without careful audit and testing in VMs.

I really appreciate and enjoy listening to your perspectives, thoughts, and theorems that compile your decision to run or not to run code from an open source project. Thank you!

Thanks for pointing the red flags for scripts it will definitely come in handy

RU-vid finally recommends a channel slightly related to mine to me. Great video

While you spent most of the video talking about assessing scripts, I think the bigger topic is what you touched on at the end - trust. How do you assess trust? I'm comfortable using your script off github because I trust you and github not to be malicious and not to introduce egregious security flaws. Another aspect of trust that you touch on is context - how much are you risking? Could you be targeted specifically? I think it's important to focus on the trust angle both because it's more intuitive for people, and because we have to do it anyway. Ultimately I trust Fedora to put out a product that is safe and not malicious, and I trust their delivery mechanisms not to be compromised. The context is a little different, but the process of assessing trust is similar. From here you can get into the territory of mitigating questions of trust. Do I trust this resource not to disappear? Download and archive for later use. Is the pool of users small, or the delivery mechanism personalized? Maybe download the script and manually assess it. Mitigation is tough, assessing trust is manageable. I'm not personally reviewing every commit to the Linux kernel - I don't have the skills or the time, so I /have/ to trust the process.

I was a victim of the WinToolbox script you discussed. I only clicked on the link to view it and (luckily) never used any of the 'features' it offered, so I don't believe I did any damage. But I do recall an option to ACTIVATE Windows & Office (which would be nice to have in case I ever run into that issue). Chris: Does your script have such an option? Congrats on your following and thanks for your videos - I get a lot out of them! Dan

Thanks for clearing the issue. Appreciate your video, man.

This is a good lesson, I like to brag I always do this, but the truth is I do not do it all the time. However I always do a risk analysis if you can call it that, if I consider the odds to be high, I may decide to run the script in a VM or sandbox and observe what it does. So when it does its bad thing, I can easily nuke it and throw it away or if it doesn't work. Biggest vetting I have done was the Arch Linux on ZFS install script I went through, not only because it is a foreign script, but it needs to run as root during the install. So there I went through and checked the keys and links to verify its behavior prior to running it's massive timesaving feature.

First time I saw that powershell script of yours. Really impressive stuff. I've been thinking about adding wpf to some of my scripts aswell.

Chris, I take all tips when it comes to Windows from you. (I only use Windows for gaming on a separate PC). Nice work by the way, keep up the good work!

Great video with some very good advice. Be careful with what you run from internet. And yes, even good people can add bad stuff by mistake. It is far to easy to introduce a bug, especially from development versions, which is on GitHub/GitLab. So it doesn't need to be malicious to ruin a computer for users of scripts/programs/instructions downloaded from internet. I really like that you emphasizes on reducing the rights of programs and not run scripts as administrator without real reasons. That goes with all access rights, they should be motivated, both in documentation and in scripts. If that is not documented, DO NOT EXECUTE THE SCRIPT OR COMMANDS. If you don't know what it does and have looked the instruction/scripts though, DON'T BE a Linus from Linus Tech Tips and blame the script/information provider for YOU blindly apply their suggestions WITHOUT understanding that YOU USE IT on your own, YOU are responsible from ruin YOUR computers set up. Not the one that you download the script from.

Thank you for making this video 🙏 you gotta be careful running scripts! I've been using your toolbox for well over year, in commercial scenarios on 100's if not 1000's of machines and never had a single problem. You do gods work thank you so much!

I am the 400.000 suscriber! Thanks

Good lesson, thank you for your excellent content.

Maybe a good reason to not run on an admin account so it can’t sneak increase privileges

Amazing channel of yours, congrats to 400k subs.

Congrats on 400K Chris

Makes you appreciate being on an OS where you don't need to run a script debloater lol

Thanks for the video, Chris! Very useful!

I installed Chris's script on my toaster and now it over cooks all my bread... Seems kinda fishy! Kidding. But seriously your scripts are amazing.

Hey Chris another amazing video !! Thank you my friend. Loved it. I’ve always been interested in coding I know a little SQL, but would love to learn more. Rating ⭐️⭐️⭐️⭐️⭐️ 👍👍

Great advice, thanks Chris!

My 5 cents: if you mastered some number of programming languages, Python is not hard at all. At least if the code is not obfuscated purposely.

I always like Chris Titus Videos even though It's way over my head.. lol

I mentioned it on a twite when Jeo released the video

That's why just use CTT debloater. And you're good to go...

Thank you for your reliable videos👍

I ran your script based fully on trust honestly, I feel like you would not screw over thousands of people, one because you just seem like a good person, and second, it's your channel, and it's dedicated to tech-savvy people, someone would notice something, and you would be canceled into oblivion, so yeah trust lol, I would never trust a random string I found online, atleast not for windows as I know my way on a terminal.

Chris, hello do you recommend to use this cmd ( bdedit ) commands for multiplayer gaming? bcdedit /set useplatformtick yes bcdedit /set & disabledynamictick yes ( specs: 12700K / 3070 / windows 11 ) Thanks in advance

Thanks a lot Chris

Thanks for the recommendation Chris, I'm not going to never to run akward script on my termux or linux.

Looking for thoughts on "StartAllBack_3.3.5+setup.exe" for retro start menu from Wind7, 8, 10 and even improve win

good tips Chris

I bought your toolbox from your website - can't run it unless I disable Bitdefender Anitvirus first. Bitdefender goes mental unless I disbale it. Tried submitting to them, but nothing has changed.

Thank you I did notice they had a tool box but it was a big download I think and took forever for it to set up or maybe it was called power toys

can you make a video about powershell scripting itself we don't want a complete course but just video tell us how to get started

It's the desktop capture low res?

I have used your script and other information in the past on a Windows machine (not mine) and felt comfortable. My daily driver is a Linux laptop. However, in this video, to me, you sounded a little nervous.

Thanks Chris

If you post malware on a public repo on Github, will they take it down? Do you need to explicitly mention it is malware?

Good morning Chris ☀️🤘🏼

Actually your script can not be download onto windows 10. I have a 404 Page Not found when trying to download it.

If I do most of my computer tasks on a limited account, can a script still elevate to administrator status without prompting me to enter an administrator password?

Your local library probably provides access to linkedin learning tutorials for python.

The newest version of windows 10 forced itself on me and I noticed that it had installed google drive and wanted me to authorize the app...... uhmmmm no?

I like how you Titus. Thank you. I fully agree with don't touch other people's digested material (script) digest your own food. Bravo. Excellent 👌

Dude, I don't understand, is github infected?

Not sure if you’re old enough to remember, but I blame gnome(again or always). They started this whole mess by being the first to give us a “gognome” url we were to pipe to sh and just trust. This was back in probably 1996 or so.

Thank you.

400k hype!!

Good video.

Damn I wish I knew how powershell commands work lol. I just made a program in C++ to do the automatic app installs through winget (since I keep creating new Windows VMs here and there). I wasn't able to find a way to get C++ to install all the programs at once unfortunately but I'm still working on it xD

I actually scammed for 600INR , while i was asleep my steam account was debited for market purchase..........

omg thiojoe... he used to troll people a lot in the past, don't know about nowadays though.

youtube algorithm have taken interest in you

great video as always! (first)

I actually find it easier to just use Linux as host. Win guest can rot, no biggie :)

Why not just say: "Use mine, not theirs"?

i fell for this but then removed it

Chris, I only see it now. The text seems a bit unsharp for whatever reason. There is clearly compression going on which is too agressive, it might be a wrong setting.

I guess it was only a matter of time since Microsoft bought GitHub. :(

Btw... Congratulations!!!!

Malware and ransomware is really a headache for me. My desktop get infected because I fixing my sicurity services of window and the ransonware that infected my pc is new viriant that is mean they are active in internet.

Isn't Windows 11 itself addware ?

This is like checking fir every 0 or 1 in computer language. You will need to be an educated programmer to get every nick and cranny. Ridiculous to point out in a very short vid.

I know, you might like windows comfort but why not trying linux for a seccond... You'll see it's easyier, you thought... So try it in a VM first.

Would a person be better off down loading the exe. To limit hackers

i always run the scripts i use without sudo/su