Use code "SOG" at www.gfuel.com and save some money. Check out the newest episode of the podcast: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ASxs3BQqak0.html
Computer security is like a door, some are made of glass, some are made of wood and some are made of 12inch reinforced titanium steel graphine composite but all and I mean ALL can be broken through with enough time, effort, and the correct tools.
99% of them discovered that he's running OpenWRT on his router which maintains an active block list that updates every 5 minutes... And that the open firmware communities are often quite a bit faster to detect and publish IP ranges known to belong to scammers than commercial anti-virus solutions. 0.99% Think that they just managed to infect a machine. Too bad Muta shreds it and spins up a fresh one the next time he needs a browser. 0.01% Escapes the browser, realizes the host is virtualized, tries to escape that, but fails because Muta compiles his own kernel images so their symbol offsets are all wrong. This crashes the VM letting Muta know that something smells fishy. 0.00% Ever makes it to the nested hypervisor.
I thought he established several times that the only reason why Linux doesn’t get as many viruses is because people don’t use it as often. I don’t see how Muta did anything wrong. Edit: why does this have so many likes, and what is this reply section?
@@fort809 Not really. The Linux kernel has a massive codebase, if someone finds an exploit - it can take awhile before anyone finds and patches it, if they ever do.
@UCM4yX3oNcXZmzZgRY5JUP0w Nah bro don’t engage like that, mfs trying to get a reaction from us 😭 Just make sure to report the account in hopes of getting it banned
"having two antiviruses it's like wearing a condom on a condom" said a guy who runs a virtual machine inside another virtual machine just to browse the internet
Fair point. Muta use vm for more security sake and he works at an IT company so having a VM to do his work is not surprising if not it's a must for him
the only time i experienced a "hack" was when my company was running a linux file server. one day, we found the server was very laggy. so we looked into it and found a piracy group had set up shop and was distributing through our server. we took steps to get rid of them and then all of a sudden they were gone and only left one text file which said "we're gone". still using linux to this day, and nothing like that ever happened again. that was about 20 years ago.
why does that remind me of my old piracy group where we were leeching off an old company. we were making bootleg cds. we just stopped because people dont want dvds anymore
"If man can make it, man can break it." This rule applies to the virtual as well as the physical. Glad to see you are willing to admit everyone makes mistakes. Thanks for providing these videos, Muta.
I was trying to stream a movie over discord with a friend and they sent me one of those sketchy free movie sites, this one in particular required you to allow notifications before you could use the site, and when I told my friend that's not safe they said "i've used this site before and i haven't gotten hacked" 🤦🏾♂️ I guess people think all malware is going to loudly announce that it's stealing your bank login password
I'd say Linux is just a 50\50 due to the fact that everything is open source which means that both parties, malicious or not have the same advantage so it's just up to how many people are malcious and how many are not. Linux is great but most malicious users on linux are just using linux as a host for window clients.
@@speedyx3493The internet runs on Linux, vulnerabilities get found all the time. Linux is a massive target for hackers because all embedded devices and servers run it.
Why are there so many comments accepting Muta’s apology for something completely unrelated? I forgive you Muta… the downstairs toilet may have flooded the basement but we converted it into a swimming pool and donated our stairs to Goodwill
This reminds me of back in the day, when people unironically thought Macs couldn't get viruses. Then the moment one virus starts spreading, it's called a "superbug" and makes the news. On an entirely unrelated note, is anyone else suspicious of Muta talking about hackers while he's wearing a black hat? Makes you think, I guess...
What is often overlooked about "sudo rm -rf / --no-preserve-root" is that it also deletes data on any mounted drives (under /mnt or /media). All USB drives, hard drives and SSDs connected are erased. It's not like deleting system32, where it just kills the operating system.
Android is linux, and no one thinks Android is "safe from viruses". The always correlates tonthe popularity, because the #1 way in is "human error" anyway, not the software itself.
No, it isn't. AOSP is based on the Linux kernel - the Android that actually ships with your phone is closed-source garbage, bastardized by Google and vendor bloatware. You need to patch your boot.img to even get root access.
As long Google owns it, Android phones are shipped with spy/malware that will be near impossible to remove unless you break your phone into pieces. That is a given fact. Do your own research too!
It's ok Muta, the death toll of the shootout was only in the dozens. And the F.B.I. was probably wrong in raiding your house anyway. We know those 37 murders weren't your fault. And even if they were, you're forgiven even before the video starts. I would even say what you did in 1999 in Yugoslavia wasn't that bad. Have a great day Muta! 🙂😇❤️
I once heard in fron of me a girl talking to a man and saying that she used Macs because they are "immune to viruses". I almost laughed at her.... but since I was not part of the conversation I just laughed on the inside.
True I literally didn’t use my computer for anything but games. Didn’t even download mods or google chrome(I didn’t wanna go on the internet unless I absolutely had to the computer was bought to be used like a console) I only opened edge once to download steam. I don’t play online games and I still got malware. How you ask? My guess is drivers
I work in cyber security and only 85% of infections come from user error. The other 15% must be stopped by computer software making it necessary at all times.
@@yyeezyy630 I had a similar case once. I picked up a refurbished computer from a hole in the wall pc store, and they managed to infect it with ransomware before creating the only system restore point, before it took over the system. The system would become unusable before I could go install an antivirus, and windows defender at the time was pretty much useless (Windows Vista era). Load a restore point, rinse and repeat. I was able to salvage it by installing malwarebytes to a thumb drive & running a scan immediately after a system restore. Turned out it was an infected network card driver.
Muta I understand all your points about taking precaution to prevent getting infected in the first place, but could you please make a video on ways to find out if you already are? If a lot of these viruses are undetectable, how can the average person determine if there’s already been a breach? What are reliable ways to figure these things out and ways to get rid of anything malicious?
Do note. Linux by nature has the execute bit on files turned off until YOU enable it. At least on Linux Mint. Which is part of why scripts like these can be so devestating because they don't require the execute bit that a file might. They just require human error.
It also don't dump full administrator powers on normal users.. and the combination is surprisingly effective. You need an unpatched browser exploit to just get the +x bit set on the payload, and when you run it it's unprivileged. Not that stealing users files or browser credentials can't be bad. But getting to "move in" on the machine so your malware starts up when ever the computer does is just oodles harder than on Windows where any file run by a user with Admin powers can alter almost any file on the system.
Just a word on ram based servers, a lot of newer ram based severs that are RAM only actually have a RAM implementation that has the capability to retain memory state when the power is switched off. It works because the ram modules have a nand flash unit on chip that stores the state after each RAM transaction. I've seen this in my development experience in the cloud.
I'm not gonna lie, I only came upon your channel because my phone was listening while I was in tech class, and we'd just gotten done with a Linux/Windows lesson... One of the few times I was glad my mic was hot during a conversation because I've been loving your channel ever since. Keep teaching, I and hopefully others will be watching intently. Love your videos
What Muta said about tons of people falling for obvious threats on the internet due to lack of common sense is absolutely true. There are still lots of obvious threats like the classic "Your computer has been compromised. Click here and find out how to fix it", and if these blatant threats still exist it's because there are still tons of people falling for it. It's crazy to me that such obvious threats that have been around since the early 2000s still exist and there are still lots of people falling for it.
You probably won’t see this Mr. Muta but I really appreciate your videos a lot because I am very computer illiterate and your videos help with that. You also are very entertaining to watch and I think that helps with you teaching cyber security. Thank you 😊 🙏
RU-vid REMOVED a video that warns about DIY which already killed 34 people and keeps the DIY videos up on their platform. There are hundreds of videos on youtube about fractal wood burning that shows a DIY method of making wood look nice which already killed 34 people in the US, UK and australia. Those videos ARE STILL available on youtube, and they do absolutely nothing to stop this trend. A youtuber called "How To Cook That" exposed this DIY method, explaining that using a microwave transformer into creating high voltage electricity will kill you if you touch the set up anything near it. The voltage that is being used is so high that any person who gets shocked will be dead before hitting the ground. What youtube did? They removed the video, that's it. Now there are a sht load of videos on youtube that shows the this extremely dangerous DIY and does not even attempt to remove it from the platform. Those videos are making hundreds of thousands of views, potentially putting at risk hundreds or thousands of people. Please spread this information around reddit and discord servers, to inform people about this horrific trend that is going on on youtube and other social media.
I've always said that the only truly secure device is one that is powered off and disconnected from everything, of course that means that the device is only useful as a paperweight
I don't think you really misled anyone. You say Linux is better than Windows, Android, etc. You're right. But, people downloading something from a stranger on Discord because they say it'll help with with speed, that's on them. People have forgotten what common sense is.
I would love to see a video where you do the exact opposite of everything you say in this video and infect a PC as badly a possible and show everyone just how wildly you can mess it up. Would totally watch that!
We forgive you Muta for us being dumb and installing random shady software from the Internet just so we don't have to pay an extra 20$ for another game or service
yknow what i like with muta is that he apologizes for the most kindest shit that a lot of people dont say sorry for, they only say sorry when people start a addressing it. He however just says sorry
WOW!!!!!!! What a unique insight!!!! I'd have never been able to believe humans make mistakes without your historical epiphany...made in defense of your youtube idol. Thanks for showing 'social' media is akin to mega churches.
These fucking bots. What's bullshit is once people report them, they disappear for the reporter, but stay for everyone else. Get ur shit together youtube
The only safety Linux had was that nobody used it. No one wants to make a virus that will reach a small fraction of users and no important targets. As Linux grows, it became a more interesting target. So is the paradox of technology, when something becomes popular, it also loses its original qualities that made it popular.
GNU/Linux has been used for decades to run critical infrastructure. It isn't just a full desktop OS with a graphical interface. Servers, IoT devices, smartphones, routers all use some form of Linux.
That is not entirely correct. Windows has a fatal flaw among home users: it creates a full blown Administrator account for the user on first run. This means that any piece of malware only have to worry about getting run by the user. It does not *also* have to find a way to escalate itself to Administrator to be able to alter system files. Neither MacOS nor Linux has this flaw. So now the malware both needs to get the user to run it, and then it has to scan system files for versions that it has an exploit for. If it does not have an exploit for the version currently running, no dice.
@@TeenPerspektiva The default UAC settings for downloaded executables are easily bypassed. And it goes without saying that 99.99% of all malware infections have a social element to them. Thus the security model is broken. Blaming people for being stupid doesn't fix the issue. It just places blame. On Linux/MacOS an attacker faces the following problems to trick a user into running their files with privileges: 1) Get the user to download the file. 2) Get the user to manually alter the file attributes to +X (on UNIX like OSes executability is an attribute, not a file extension). 3) Get the user to actively supply administrative credentials when prompted. On Windows an attacker faces the following problems to trick a user into running their file with privileges: 1) Get a user to download the file. 2) Make sure that 1) does it in a way that it would seem legit that Windows asks if they're sure they want to run this. And you can bypass 2) if you have access to a domain-name with an SSL certificate that is valid for program signatures because then Windows only does the simplistic UAC dialog with "Run ICON_OF_EXE? [Yes][No]". After that you do a double fork(), rename the child process and exit the parent thread. Default UAC settings are now completely fooled and you can tap into almost every privileged function call, except disabling anti-virus and fucking around with the filesystem snapshots, without the user being prompted. But both of those can be obtained too with a bit of trickery. All it takes is getting a service with LOCALSYS privileges to load a spiked DLL file which is child's play because the Windows runtime linker takes it's gospel from the user-writeable part of the registry. So let me reiterate: Placing blame on the user does not fix the problem. It only places blame. The problem is that Windows, in consumer environments, gives both stupid and clever end users a full blown administrator account. The problem is not that stupid users exist. Because that problem is unfixable without resorting to genocide.
Throughout all the time I’ve been watching SOG, I got into middle school, hit puberty, got into high school, lost my virginity, dropped out of school, got addicted to and then quit Percocet, and I’m now about to turn 20, yet the only thing that’s changed is the mans video quality. He hasn’t aged a single day in almost ten years.
Muta, I know this is a big request, but have you ever considered making a Linux Guide for Beginners? I'm sure tens of thousands would benefit from it, even if it was paid.
4:55 idk but the phrase gives me peace of mind makes me think of that one news video on an old lady and her dog after she bought the tsunami safety capsule for some reason
Thanks for the great video! Another issue I heard of before is how sudo has a lot of functions which general users (myself included) might never use, increasing the risk of security holes. Unfortunately sometimes people make mistakes... I heard of a few people who've actually run sudo rm -rf /* because they forgot the dot in ./ (which would only delete from the current location) Because of those stories I do my best to make my system idiot proof since I can not trust myself. Example: alias rm="rm -I" And when it comes to running scripts from the internet I make sure to understand it first
In all my years of watching you, I have gotten the impression that you educate, then pressure people to educate themselves more beyond what you're able to put in the video of whatever subject you're covering. Your videos have been very helpful to me. It made me cringe when my mom's husband was installing a Windows 10 computer, refused to allow me (a Win 11 user) to format his drives to GPT, then got suckered into PAYING to make it easy. It's, like, dude. I just did a full conversion to GPT with an 8TB HDD I got. What the fuck. And then turns around and starts installing antivirus software. He's got, like, three diapers on that computer now. It's ridiculous. Whatever. Anyway. Point is, I don't think you've made the mistake. At worst, you expected people who are security minded to care. You expected people to have common sense... Which ain't so common no more.
Muta: you will always be unsafe if your device is connected to the internet Terry davis slamming down the door: boi have I got an operating system for you.
Just want to mention that rm -rf / also removes all files on mounted drives including external hard drives and USB flash drives. Which means not only your system is gone, but your whole PC is clean
I generally don’t hear people use the phrase “security through obscurity” to describe Linux being safer because fewer people target it. That phrase is more commonly used to describe how closed source software is secure because it requires cracking a black box. In general, the community thinks that closed source is more prone to hacks because you have fewer “good guys” looking at the code than with open source software. This isn’t perfect, Heartbleed existed in OpenSSL for over a year before it was reported, but its also telling that most enterprise operations use open source security software and protocols where possible instead of creating their own.
Once Genshin Impact comes to Linux, I will have no reason to use Windows. My brain does not work well enough to figure out how to emulate it, when I can just keep using windows
Remember that Linux is used by Intelligent Intellectuals, with a high IQ. This makes them less susceptible to viruses (Grandma won't be using Linux), so there's less desire to make Linux viruses.
You're 100% correct... HOWEVER... as long as MS Windows keep giving normal users a full blown Administrator account it will ALWAYS be much more susceptible to attack than it needs to be. So yes, Linux and MacOS are vulnerable too, but viruses on Windows typically only have to tackle one problem: getting run somehow. On Linux/MacOS they need to tackle two: getting run, and escalating privileges to the point where it can do more than just leech your mp3 files.
No; Linux people are carnivore diet. Shedding weight and crushing gains in the gym. Example? Check out Mental Outlaw... He's fuggin ripped as shit. Just because you're not smart enough to figure out Linux and use it doesn't make it an issue. It's brought up as an alternative to mega corps like microsoft which I implore you to explain how thats a BAD THING. But hey... Go enjoy your windows spyware. 👌
@@mathisblair2798 You're a living meme ahahaha, My original commnent are about people exactly like you. Also, stop pretending anything about linux is difficult.
Oh, those days. I remember deleting System32 in a Windows VM, and had to restore from a VM snapshot. More recently, running “sudo rm -rf / --no-preserve-root” is pretty much asking Windows to delete the System32 folder to “speed up your PC”, as in, kill it.
