WEBVTT
Kind: captions
Language: en

00:00:12.720 --> 00:00:16.400
hello and welcome back to this 
cyber security awareness course  

00:00:17.360 --> 00:00:22.320
in previous videos we've talked about the 
definition of cyber security and we talked  

00:00:22.320 --> 00:00:30.000
about the basic elements regarding that including 
confidentiality integrity and availability and  

00:00:30.000 --> 00:00:36.640
we've also talked about some cyber security 
facts including malwares passwords and others  

00:00:37.440 --> 00:00:42.160
so in today's video we're going to start with 
security measurements or safety measurements  

00:00:42.800 --> 00:00:48.560
beginning with device safety now before we start 
talking about how you can keep your device secure  

00:00:49.520 --> 00:00:54.960
you have to keep one thing in mind 
every device with any operating system  

00:00:54.960 --> 00:01:01.840
is vulnerable some people might tell me well i 
have a mobile device how could it be vulnerable  

00:01:01.840 --> 00:01:08.000
well there are viruses and malwares for mobile 
devices whether they were an android or ios  

00:01:08.000 --> 00:01:15.760
devices and for windows for short there are 
malwares for windows and for mac as well so  

00:01:15.760 --> 00:01:23.520
how can i keep my device secure well the use 
of anti-virus is a must whether it was a mobile  

00:01:23.520 --> 00:01:29.920
device whether it was a computer device running 
a mac or windows you have to have an anti-virus  

00:01:31.200 --> 00:01:36.400
do not download cracked or unknown 
applications now some people tend to  

00:01:36.400 --> 00:01:43.520
download cracked applications because they cannot 
afford the high price of the original application  

00:01:43.520 --> 00:01:48.720
but let me tell you something in the previous 
video we've talked about malwares we've talked  

00:01:48.720 --> 00:01:55.920
about how they can be injected in any sort of 
files so when you download cracked applications  

00:01:55.920 --> 00:02:00.640
i can guarantee that for sure there is 
a malware injected in those applications  

00:02:01.920 --> 00:02:09.200
be careful of using untrusted usbs these days 
hackers tend to do something called a bad  

00:02:09.200 --> 00:02:18.160
usb attack now what that does is they have a 
code injected on that usb that whenever they  

00:02:18.160 --> 00:02:25.680
put this usb inside of a computer the code would 
auto execute itself now we said that the malware  

00:02:25.680 --> 00:02:32.560
is a computer program and computer programs are 
written in some sort of a programming language  

00:02:32.560 --> 00:02:39.120
so what they do is they turn this usb into a 
controller device instead of a storage device  

00:02:39.840 --> 00:02:47.440
and the code would auto execute itself and 
therefore you would get hacked next we have beware  

00:02:47.440 --> 00:02:53.360
of outdated applications now what companies do is 
that they issue an update for their softwares and  

00:02:53.360 --> 00:03:00.640
applications every now and then and these updates 
mainly contain bug fixing and security fixing now  

00:03:00.640 --> 00:03:06.320
i know that sometimes they issue an update that 
contains new features but i'm talking about these  

00:03:06.320 --> 00:03:11.920
updates that companies issue every month or 
every two months if you read the description it  

00:03:11.920 --> 00:03:18.560
would say that oh this update contains bug fixes 
and security fixes so we should always do these  

00:03:18.560 --> 00:03:25.760
updates in order for us to be secure and we should 
also be aware of downloading outdated versions  

00:03:25.760 --> 00:03:32.960
of programs and applications because sometimes 
or most of the times these old versions  

00:03:32.960 --> 00:03:39.920
could trigger a vulnerability on your device or 
sometimes it could have a vulnerability itself so  

00:03:39.920 --> 00:03:45.920
we shouldn't download outdated applications under 
any circumstance now next we have make sure your  

00:03:45.920 --> 00:03:52.800
firewall is on now we can imagine a firewall as a 
computer program that works as a barrier between  

00:03:52.800 --> 00:03:59.040
your computer and the rest of the network so for 
example if you are connected to a certain network  

00:03:59.040 --> 00:04:05.520
and someone else on that network is trying to 
send you data or if you are trying to send data to  

00:04:05.520 --> 00:04:12.240
someone else on that network then that data has to 
go through the firewall first now this is really  

00:04:12.240 --> 00:04:17.680
cool because if someone is trying to send you 
data and that data has to go through the firewall  

00:04:17.680 --> 00:04:24.240
then the firewall would ensure that this data 
is not malicious meaning that this data won't  

00:04:24.240 --> 00:04:30.720
harm your computer now got an example of 
antiviruses over here for pc and for mobile  

00:04:30.720 --> 00:04:36.800
the first one is sofas and the second one is 
bitdefender now keep in mind that there are  

00:04:36.800 --> 00:04:43.360
always other antiviruses out there but these are 
just examples that i've chosen to demonstrate in  

00:04:43.360 --> 00:04:48.720
this video now later on i'm going to show you how 
they both function now somebody might ask me well  

00:04:48.720 --> 00:04:54.560
what if i don't have an anti-virus what can i do 
in this case well we've got a solution for you  

00:04:54.560 --> 00:05:01.040
you can use a website called a virustotal now of 
course there are other websites like virustotal  

00:05:01.040 --> 00:05:06.960
but i've chosen this one what you do is you 
upload the file in which you believe is suspicious  

00:05:06.960 --> 00:05:15.280
and virustotal would run multiple scans in order 
to see if this file has a virus or not now without  

00:05:15.280 --> 00:05:21.600
further ado let's go ahead and demonstrate all 
these things all right so we're on this windows  

00:05:21.600 --> 00:05:27.360
environment right now and as you can see over here 
i've got two tabs open i've got the bitdefender  

00:05:27.360 --> 00:05:33.600
tab and i've got the sofas tab now one thing to 
keep in mind is that both of these softwares are  

00:05:33.600 --> 00:05:39.360
the free editions of bitdefender and sopas so 
of course the premium edition is going to have  

00:05:39.360 --> 00:05:46.080
much more capabilities from what we're going 
to be reviewing in this video but the idea is  

00:05:46.080 --> 00:05:53.120
to understand how anti-viruses in general work so 
the download process is really easy you just hit  

00:05:53.120 --> 00:05:59.040
the download button over here and it's going to 
start downloading and same thing goes for sofas  

00:05:59.040 --> 00:06:06.240
but one thing i want to say is that this is the 
virus removal tool from sofas now the antivirus  

00:06:06.240 --> 00:06:12.960
that sofas provides is called intercept x but this 
tool is really good when it comes to scanning your  

00:06:12.960 --> 00:06:20.640
computer and removing viruses and it's going to 
have the same database as intercept x so before we  

00:06:20.640 --> 00:06:27.600
start reviewing these two softwares let's go ahead 
and start with a virustotal all right so we're  

00:06:27.600 --> 00:06:33.360
on this linux environment right now and as you 
can see over here i've got virustotal opened up  

00:06:33.360 --> 00:06:38.400
now let's go ahead and observe this screen 
for a little bit we've got three tabs we've  

00:06:38.400 --> 00:06:44.960
got the file tab we've got the url tab and the 
search tab now in the file tab is where you  

00:06:44.960 --> 00:06:52.640
actually upload a file to virustotal and it would 
start a scan against that file in the url tab is  

00:06:52.640 --> 00:06:58.560
where you just put in a url and it would tell 
you if it contains a malicious activity or not  

00:06:59.360 --> 00:07:05.440
and in the search tab over here is where you put 
anything else that you have in mind for example  

00:07:05.440 --> 00:07:13.520
an ip address a url a domain a file hash anything 
else that you have in mind and you want to check  

00:07:13.520 --> 00:07:19.760
if it has a malicious activity or not so let's 
go ahead and try the url tab over here let's go  

00:07:19.760 --> 00:07:29.040
ahead and try facebook for example so let's just 
type in www.facebook.com and over here it says  

00:07:29.040 --> 00:07:36.400
that no engines were able to detect that this url 
contains malicious activity and this is because  

00:07:36.400 --> 00:07:44.320
facebook is a safe website now let's go ahead and 
observe this screen over here we've got a bunch of  

00:07:44.320 --> 00:07:51.920
antiviruses and all of them say that facebook is 
clean and without malicious activity so we've got  

00:07:51.920 --> 00:07:57.520
these tabs over here the detection tab is where 
you actually view the results of antiviruses  

00:07:57.520 --> 00:08:05.680
and in the details tab over here we can see all 
the details about this particular url for example  

00:08:05.680 --> 00:08:12.720
the http response the serving ip address and so 
on now in the relations tab over here is where  

00:08:12.720 --> 00:08:20.080
we actually view all the relations regarding this 
uh website and in the community tab over here is  

00:08:20.080 --> 00:08:25.360
where we actually see what people say about this 
website so for example over here take a look at  

00:08:25.360 --> 00:08:32.400
this this comment over here says that facebook is 
clean and without any malicious activity all right  

00:08:32.400 --> 00:08:38.320
so let's go ahead and go back for a little bit and 
go to the file tab so in the file tab over here  

00:08:38.320 --> 00:08:45.120
we're just going to upload a file now i've got 
this virus.exe file this is actually a virus that  

00:08:45.120 --> 00:08:52.000
i created before i recorded this video in order 
to see what virustotal has to say about this file  

00:08:52.000 --> 00:08:58.000
so let's go ahead and upload it and as you can 
see over here it says that 23 engines were able  

00:08:58.000 --> 00:09:04.000
to detect that this is actually a virus so let's 
scroll down a little bit we can see the bunch of  

00:09:04.000 --> 00:09:12.640
antiviruses that say that this is a virus now the 
text in red over here is what the antivirus has  

00:09:12.640 --> 00:09:18.560
to say about this particular file so for example 
we've got this uh antivirus that says that this  

00:09:18.560 --> 00:09:24.480
file contains a trojan now we can see a list 
of antiviruses over here we've got bitdefender  

00:09:24.480 --> 00:09:31.120
the one that we mentioned we got kaspersky we got 
microsoft we got avg and if we scroll down we got  

00:09:31.120 --> 00:09:38.160
sofas and we've got some other antiviruses but one 
thing to notice is that some antiviruses were not  

00:09:38.160 --> 00:09:45.040
able to detect that this is actually a virus and 
this goes back to the strength of the antivirus  

00:09:45.040 --> 00:09:52.480
now every antivirus company has a database of 
known viruses so once you start an antivirus scan  

00:09:52.480 --> 00:09:59.520
it would check if that particular file is in 
its database of known viruses and if it is  

00:09:59.520 --> 00:10:05.680
then it would identify this file as a virus 
so this is what makes for example microsoft  

00:10:05.680 --> 00:10:12.000
better than this particular antivirus and it 
is because microsoft has lots and lots of known  

00:10:12.640 --> 00:10:20.320
viruses in its database now one thing i want to 
say is that virustotal and other virus scanning  

00:10:20.320 --> 00:10:26.720
websites are not an alternative for antiviruses 
and this is because antiviruses when they're  

00:10:26.720 --> 00:10:33.040
installed on your device they check the behavior 
of any software so even if they don't have that  

00:10:33.040 --> 00:10:40.560
virus in their database they would just check the 
behavior of that file in which it contains a virus  

00:10:40.560 --> 00:10:47.520
and it would tell you that oh this particular file 
is trying to spy on your data so it is a virus  

00:10:47.520 --> 00:10:53.280
and this is the cool thing about having an 
installed anti-virus on your device so remember  

00:10:53.280 --> 00:10:59.520
buyer scanning websites are not an alternative for 
antiviruses but they are good if you don't have an  

00:10:59.520 --> 00:11:05.840
anti-virus but in that case you will have to be 
careful when you download stuff on your device  

00:11:05.840 --> 00:11:12.160
now let's go ahead and scroll up a little bit 
to this tab where it says details now in details  

00:11:12.160 --> 00:11:18.320
over here we can see the basic properties of 
this file over here tells you all the hashes  

00:11:18.320 --> 00:11:25.920
of this particular file and a hash is basically 
a code we can imagine it as a code or something  

00:11:25.920 --> 00:11:34.160
concerned with any file in the world so any file 
has a hash and this hash identifies the file so  

00:11:34.160 --> 00:11:44.000
what virustotal does is that it matches this hash 
with known hashes of viruses out there so if the  

00:11:44.000 --> 00:11:51.680
hash is identified to be a virus then that file 
is actually a virus so this is how virustotal  

00:11:51.680 --> 00:11:58.240
works and this is why it is not better than an 
antivirus because it only checks for the hash  

00:11:58.240 --> 00:12:05.440
of the particular file that you just uploaded it 
doesn't check for the behavior of the file itself  

00:12:05.440 --> 00:12:10.320
now over here in the community tab we can 
just open it up we can actually see what  

00:12:10.320 --> 00:12:16.800
people have to say about this particular file we 
can actually see that we've got one review about  

00:12:16.800 --> 00:12:23.120
this particular file over here and this is it 
really about virustotal like this is everything  

00:12:23.120 --> 00:12:29.200
that i have to say about virustotal of course 
there are other scanning websites out there and  

00:12:29.200 --> 00:12:36.160
virustotal is only one of them and i've chosen 
virustotal to be a demonstration in this video  

00:12:37.040 --> 00:12:41.280
right now since we're done talking about 
virustotal let's go ahead and check out  

00:12:41.280 --> 00:12:48.560
bitdefender and sofas all right so let's go ahead 
and see bidd defender and sofas now as you can see  

00:12:48.560 --> 00:12:54.720
over here we've got the bitdefender interface and 
we've got a button that says system scan and this  

00:12:54.720 --> 00:13:00.800
is how an anti-virus works you just schedule a 
scan and it would scan your device and tell you  

00:13:00.800 --> 00:13:07.680
if it has any viruses or not now one thing i want 
to show you over here is that we can just scan a  

00:13:07.680 --> 00:13:14.240
single file for example this particular file over 
here we can just drag and drop it into bitdefender  

00:13:15.040 --> 00:13:22.240
and it would start a scan and over here as you 
can see as a notification it says on demand scan  

00:13:22.240 --> 00:13:28.720
scanned one items and detected zero threats 
and this is really great about bid defender now  

00:13:28.720 --> 00:13:34.400
over here we got this settings icon if you just 
click on it we've got a bunch of options we've  

00:13:34.400 --> 00:13:41.040
got events quarantine exclusions protection 
account info help and support so let's go  

00:13:41.040 --> 00:13:47.520
ahead and navigate to events over here you will 
find the list of all events in which you've done  

00:13:47.520 --> 00:13:53.200
in bitdefender so for example the file that 
we scanned it tells us over here that we've  

00:13:53.200 --> 00:14:01.200
done an on-demand scan and it scanned one items 
and detected zero threats all right so over here  

00:14:01.200 --> 00:14:07.840
we've got quarantine for example if we have 
an infected file it would appear right here  

00:14:07.840 --> 00:14:14.720
in which bitdefender puts this file in quarantine 
away from the system so that it wouldn't be able  

00:14:14.720 --> 00:14:21.600
to harm or infect other files in your system in 
exclusions over here if you're an ethical hacker  

00:14:21.600 --> 00:14:28.400
or if you're just a penetration tester and you're 
testing out a piece of malware or a piece of virus  

00:14:28.400 --> 00:14:35.120
then you can just put it in the exclusions tab 
over here so it's as if we're telling bitdefender  

00:14:35.120 --> 00:14:42.240
that oh this file will be excluded from the scan 
meaning that this file is safe it's just like  

00:14:42.240 --> 00:14:48.400
telling bitdefender that oh don't scan this 
particular file now if we click on protection over  

00:14:48.400 --> 00:14:53.920
here we can just see uh the list of options we can 
see that we've got the protection shield over here  

00:14:53.920 --> 00:15:01.040
and it is set to on meaning that bitdefender is 
currently active and over here we've got product  

00:15:01.040 --> 00:15:07.520
information and anti-malware engine properties 
we can just see the version of the engine the  

00:15:07.520 --> 00:15:12.560
bit defender engine over here all right so let's 
go ahead and take a look at sofas now this is the  

00:15:12.560 --> 00:15:18.720
virus removal tool given by sofas it says over 
here welcome and it says that this tool is up  

00:15:18.720 --> 00:15:24.320
to date and this is really great to have such a 
tool that is always up to date with its database  

00:15:24.960 --> 00:15:30.640
now the process is simple as well you just hit the 
start scanning button and it would start scanning  

00:15:30.640 --> 00:15:37.360
your device to see if it has any threats or not 
now this is it about bitdefender and sofas and  

00:15:37.360 --> 00:15:43.840
this is it about this video i hope that you 
liked it and i'll see you in the next video