Tiny11 has problems

00:10:20
https://www.youtube.com/watch?v=3UVKfliA_Rc

Summary

TLDRThe video warns against using custom Windows ISOs like Tiny 11, highlighting the risks of malware, botnets, and keyloggers that can be included in these unofficial versions. The speaker, with extensive experience in the field, emphasizes that many of these ISOs are downloaded from shady sources, which increases the likelihood of security breaches. He discusses the legal implications of redistributing modified Windows versions and stresses the importance of using official Microsoft tools. The video serves as a cautionary tale about trusting unknown developers and the potential consequences of compromising one's system security.

Takeaways

  • 🚫 Avoid custom Windows ISOs like Tiny 11.
  • 🔍 Many custom ISOs come from unofficial sources.
  • ⚖️ Redistributing modified Windows can be illegal.
  • 🛡️ Antivirus software is not foolproof.
  • 📜 Always check digital signatures for authenticity.
  • 🔗 Use official Microsoft tools for installation.
  • ⚠️ Custom ISOs can hide serious security threats.
  • 👤 Trust unknown developers at your own risk.
  • 🔄 Reinstall from trusted sources if compromised.
  • 💡 Security is about multiple layers, not just antivirus.

Timeline

  • 00:00:00 - 00:05:00

    The speaker warns against using custom Windows ISOs like Tiny 11, citing potential security risks such as botnets, keyloggers, and viruses. They emphasize that many of these ISOs are downloaded from unofficial sources, which increases the likelihood of malware. The speaker also mentions that relying solely on antivirus software is insufficient for security, as it only provides a basic layer of protection. They highlight the legal implications of redistributing modified Windows ISOs, referencing a case where a developer was imprisoned for doing so, and stress the importance of using official Microsoft tools instead.

  • 00:05:00 - 00:10:20

    The discussion shifts to the risks associated with using executables from unofficial sources, particularly in the context of Tiny 11 Builder. The speaker expresses skepticism about the digital signatures of these files, noting discrepancies that suggest potential modifications. They caution viewers to always use official Microsoft executables to ensure security. The speaker concludes by questioning the motives of those who distribute custom ISOs, urging viewers to consider the risks of trusting unknown individuals with their system security. Overall, the message is clear: avoid custom ISOs to protect your computer from potential threats.

Mind Map

Video Q&A

  • What are the risks of using Tiny 11?

    Using Tiny 11 can expose users to botnets, keyloggers, and viruses that may be bundled in the custom ISO.

  • Why should I avoid custom Windows ISOs?

    Custom ISOs often come from unofficial sources, increasing the risk of malware and compromising your system's security.

  • Is it legal to redistribute modified Windows ISOs?

    Redistributing modified Windows ISOs can be illegal, as demonstrated by a case where a person was sentenced to prison for doing so.

  • What should I do instead of using Tiny 11?

    Use official Microsoft tools and ISOs to ensure your system's security and integrity.

  • Can antivirus software fully protect me from threats in custom ISOs?

    No, antivirus software is just one layer of security and may not detect all threats in modified ISOs.

  • How can I verify the safety of an executable file?

    Check for digital signatures and compare file sizes with official versions from Microsoft.

  • What is the significance of digital signatures?

    Digital signatures help verify the authenticity of files, but they can also be compromised.

  • Why do people create and distribute custom ISOs?

    Some may do it to provide a modified experience, but the motivations can vary and may not always be trustworthy.

  • What is the best practice for installing Windows?

    Always download Windows ISOs from official Microsoft sources to ensure safety.

  • What should I do if I suspect my system is compromised?

    Run a full antivirus scan and consider reinstalling your operating system from a trusted source.

View more video summaries

Get instant access to free YouTube video summaries powered by AI!
Subtitles
en
Auto Scroll:
  • 00:00:00
    tiny 11 has problems and honestly so
  • 00:00:04
    many people are recommending it now that
  • 00:00:06
    I have to make this video just to
  • 00:00:07
    balance things out because you should
  • 00:00:10
    never use a custom windows ISO on an
  • 00:00:12
    install I can tell you I've done it work
  • 00:00:15
    for over 20 years and I've seen so many
  • 00:00:19
    problems with these custom isos from
  • 00:00:21
    botnets Key loggers other things that
  • 00:00:24
    make you compromised when installing
  • 00:00:26
    them it may not happen immediately but
  • 00:00:29
    it probably will happen and I want to go
  • 00:00:32
    over why that is why you should never
  • 00:00:34
    use a tiny 11 even if your favorite
  • 00:00:36
    YouTuber recommends it heck I like ETA
  • 00:00:39
    Prime I think he makes great videos but
  • 00:00:42
    this is a terrible video by him and I've
  • 00:00:44
    made terrible videos not to just call
  • 00:00:46
    him out but there's other people here
  • 00:00:48
    ghost Specter reverse tiny 11. this is
  • 00:00:51
    something you should never do but let's
  • 00:00:53
    break down why uh why are the people
  • 00:00:55
    doing this why would you reduce you know
  • 00:00:58
    distribute a custom ISO and the risks
  • 00:01:01
    you take when you do use one because
  • 00:01:03
    I've seen a lot of YouTubers starting to
  • 00:01:06
    say hey tiny 11's okay I'm using tiny
  • 00:01:09
    11.
  • 00:01:10
    and you know we've also seen an uptick
  • 00:01:12
    in YouTube hacks maybe some correlation
  • 00:01:14
    there but let's get into the problems it
  • 00:01:16
    has we have YouTubers here we have
  • 00:01:18
    companies recommending time 11 and why
  • 00:01:21
    is it you always download it from kind
  • 00:01:22
    of like a not an official site it's like
  • 00:01:24
    archive.org or uh usually some kind of
  • 00:01:27
    like MediaFire you know
  • 00:01:30
    Omega you you get it from all kinds of
  • 00:01:32
    places but never really an official
  • 00:01:34
    Source usually from Shady Shady spots
  • 00:01:37
    the big thing is what can happen with it
  • 00:01:41
    main problems botnets viruses key
  • 00:01:43
    loggers cryptominers all these can be
  • 00:01:45
    bundled into these small packages and
  • 00:01:49
    exceptions can be made in Windows
  • 00:01:51
    Defender to bypass it most people know
  • 00:01:53
    I'm not a big fan of Windows Defender
  • 00:01:54
    I've made videos on that but at the same
  • 00:01:57
    time it's uh any virus is just a layer
  • 00:02:00
    of security too many people rely a
  • 00:02:02
    hundred percent on any virus and that is
  • 00:02:04
    just a recipe for disaster uh security
  • 00:02:08
    is all about the layers and Antivirus is
  • 00:02:10
    just a very very small layer in in your
  • 00:02:13
    security footprint so let's get into why
  • 00:02:15
    they would do it uh and why you should
  • 00:02:19
    not trust any custom ISO I don't
  • 00:02:21
    personally make any ISO even though I
  • 00:02:23
    have a ton of deep bloat utilities and
  • 00:02:25
    GitHub repositories showing people how
  • 00:02:27
    to deep bloat their system it's not
  • 00:02:30
    something I ever will redistribute
  • 00:02:32
    mainly because it's illegal and that's
  • 00:02:34
    the big thing any modified Windows is is
  • 00:02:37
    legal there's a guy that actually got
  • 00:02:38
    sentenced to 15 months in jail there's
  • 00:02:40
    even a Vox video on YouTube that went
  • 00:02:43
    into it uh and here's a polygon article
  • 00:02:46
    where he actually was just salvaging old
  • 00:02:48
    Windows systems with legit Windows keys
  • 00:02:51
    and then just supplying a recovery CD so
  • 00:02:54
    he wouldn't even modifying Windows
  • 00:02:56
    really he was just redistributing it
  • 00:02:57
    with already good licenses from from
  • 00:03:01
    systems that were getting thrown out and
  • 00:03:03
    he went to prison for 15 months so now
  • 00:03:06
    let's think okay so these these
  • 00:03:08
    developers are risking prison time
  • 00:03:10
    redistributing Windows the biggest thing
  • 00:03:13
    when they redistribute these things is
  • 00:03:14
    it can't have a huge footprint you the
  • 00:03:16
    user needs to feel better about
  • 00:03:18
    installing these and they do a pretty
  • 00:03:20
    good job of this but just a key log of
  • 00:03:23
    running in the background is really not
  • 00:03:25
    something that's really easily detected
  • 00:03:28
    especially if it's done as a root kit
  • 00:03:29
    and it can just sit there and grab all
  • 00:03:32
    your passwords credit cards you type
  • 00:03:33
    into the web it could grab session
  • 00:03:35
    tokens you saw a whole bunch of like
  • 00:03:36
    Linus getting hacked the other day they
  • 00:03:39
    said it came from an actual person
  • 00:03:41
    saying here you go but hey who knows it
  • 00:03:43
    could have been a tiny 11 install in his
  • 00:03:45
    environment and then someone logged into
  • 00:03:47
    that computer that's possibility uh you
  • 00:03:50
    know these are things we need to think
  • 00:03:51
    about you also have just spreading chaos
  • 00:03:53
    installing viruses for the fun of it and
  • 00:03:56
    that's probably less of a thing these
  • 00:03:57
    days uh more often than not maybe you
  • 00:04:00
    are a zombie or a part of a botnet where
  • 00:04:03
    you're like a sleeper agent and then you
  • 00:04:04
    get activated whenever they want because
  • 00:04:07
    you can do that all these things are
  • 00:04:09
    possible and many people are like well
  • 00:04:11
    I'm scanning tiny 11 for viruses or I'm
  • 00:04:13
    scanning ghost Specter or whatever
  • 00:04:15
    system you want to use here fill in the
  • 00:04:17
    blank and it's not coming up with
  • 00:04:19
    anything using Windows Defender or or
  • 00:04:22
    I'm not seeing anything well the system
  • 00:04:24
    itself is modified I can write programs
  • 00:04:27
    to control you and your windows and then
  • 00:04:30
    distribute that ISO and know any virus
  • 00:04:33
    is going to catch that because it's at a
  • 00:04:34
    system level it can be loaded before the
  • 00:04:36
    windows even starts up there's a lot of
  • 00:04:39
    ways to get into to system as I've shown
  • 00:04:41
    in the past in many other videos as well
  • 00:04:43
    so that's really the reason a rationale
  • 00:04:46
    behind Distributing these custom isos
  • 00:04:48
    and why you shouldn't trust them but uh
  • 00:04:51
    what about building it yourself and this
  • 00:04:52
    is where I kind of like
  • 00:04:54
    tiny 11 Builder uh and I wanted to kind
  • 00:04:57
    of share this Builder with you guys and
  • 00:05:00
    just say if you do like tiny 11
  • 00:05:02
    reproduce it yourself uh into Dev which
  • 00:05:06
    I'm not saying hey this is totally what
  • 00:05:08
    he's doing but he does give out his
  • 00:05:10
    GitHub that has all these things now
  • 00:05:13
    this executable file anytime you have an
  • 00:05:15
    executable file even with GitHub it can
  • 00:05:18
    be a little sus like I downloaded this
  • 00:05:20
    and I wanted to talk about digital
  • 00:05:22
    signatures because there's another thing
  • 00:05:24
    that's happened recently that you
  • 00:05:26
    probably might draw correlation 3cx
  • 00:05:28
    being hacked they were using a false
  • 00:05:31
    signing or false digital signing to
  • 00:05:33
    basically get through and infect a lot
  • 00:05:35
    of people as well
  • 00:05:36
    and I wanted to show this executable
  • 00:05:39
    file and its digital signature because
  • 00:05:41
    this file I can't find in any of the
  • 00:05:44
    Microsoft servers or packages and it
  • 00:05:47
    looks to be modified I'm not saying that
  • 00:05:50
    that's what's happened but uh it's
  • 00:05:53
    something that you don't really need
  • 00:05:54
    this file and if you need to use an
  • 00:05:57
    official Microsoft tool download it from
  • 00:05:59
    Microsoft in my little article here I
  • 00:06:01
    actually give you the adk that where you
  • 00:06:04
    get osc demg from that builds the the
  • 00:06:07
    iso get that from the official Microsoft
  • 00:06:10
    Source you can go ahead and use these
  • 00:06:12
    scripts in here as I did go through
  • 00:06:14
    these batch files and I did not see
  • 00:06:16
    anything malicious with them so these
  • 00:06:18
    scripts are actually pretty good I would
  • 00:06:20
    just replace the executable and use the
  • 00:06:21
    official one from Microsoft as I just
  • 00:06:24
    don't trust this modified one as when we
  • 00:06:27
    pull this up and I have all these pulled
  • 00:06:30
    up here we go right click properties go
  • 00:06:33
    to digital signatures
  • 00:06:35
    timestamps not available we go to
  • 00:06:38
    details you can see 140 kilobits this is
  • 00:06:41
    the actual uh version so we will match
  • 00:06:44
    up this file version and the size should
  • 00:06:46
    match when we get it directly from uh
  • 00:06:50
    Microsoft so that's a cute things one
  • 00:06:53
    timestamp might be available is a little
  • 00:06:55
    sus and then this size should match that
  • 00:06:58
    and when I pull up all of my searches
  • 00:07:01
    from installing the official one from
  • 00:07:03
    Microsoft using the windows kit you can
  • 00:07:06
    see none of the kilobytes actually
  • 00:07:08
    launch up and match up at all this one's
  • 00:07:11
    the closest one which looks to be the
  • 00:07:13
    AMD 64. you can see right here this is
  • 00:07:16
    the one you'd probably want to use we go
  • 00:07:18
    to properties
  • 00:07:20
    we match this up you can see from the
  • 00:07:23
    details that the size is not the same
  • 00:07:26
    the version is the same so that's
  • 00:07:29
    interesting digital signatures this one
  • 00:07:31
    does have a timestamp this one doesn't
  • 00:07:33
    have a time stamp so was this file
  • 00:07:35
    modified in some way yeah
  • 00:07:37
    uh I don't I don't get why
  • 00:07:41
    this is different and if this was just
  • 00:07:44
    maybe downloaded another time I'm not
  • 00:07:46
    calling this person out at all I think
  • 00:07:47
    what they've done is good with a lot of
  • 00:07:49
    the deep loading but at the same time
  • 00:07:51
    it's a little sus and that's one thing
  • 00:07:54
    that if you're going to use these
  • 00:07:55
    executables just grab the ones from
  • 00:07:57
    official Microsoft that will work the
  • 00:07:59
    same way and you know that that
  • 00:08:01
    executable is good not doing anything
  • 00:08:02
    malicious so kind of an interesting uh
  • 00:08:05
    tidbit there and you might be thinking
  • 00:08:07
    well how do you fake a digital signature
  • 00:08:09
    like they did with 3cx and there's
  • 00:08:11
    another article that I just kind of
  • 00:08:13
    interesting as well there's an actual 10
  • 00:08:16
    year old exploited bug in Windows that
  • 00:08:18
    cause that hack to happen and you can
  • 00:08:21
    actually read through this article I'll
  • 00:08:22
    link it down from bleeping computer but
  • 00:08:24
    it it basically allows you to modify
  • 00:08:27
    these files and then keep the digital
  • 00:08:30
    signature as if nothing happened and
  • 00:08:32
    that's what happened with 3cx as well so
  • 00:08:34
    you know 3cx probably a little bit lacks
  • 00:08:37
    security but also Microsoft's a bit to
  • 00:08:39
    blame here because this is a 10 year old
  • 00:08:41
    exploit that just was
  • 00:08:43
    uh used in this particular hack but
  • 00:08:46
    again I wanted to show that these
  • 00:08:48
    digital signatures well are good another
  • 00:08:51
    layer of security that can be
  • 00:08:52
    compromised much like your antivirus can
  • 00:08:54
    have uh compromises in it and when you
  • 00:08:58
    get into these custom isos there's so
  • 00:09:00
    much that you can do uh to basically
  • 00:09:04
    bypass all these layers of security and
  • 00:09:06
    you're entrusting that one person you
  • 00:09:08
    don't know the name of that has some
  • 00:09:10
    pseudonym that redistributes these
  • 00:09:13
    things what is their their purpose I
  • 00:09:16
    want you to think about that I want you
  • 00:09:17
    like why would they do this why would
  • 00:09:18
    they break the law so you can have a
  • 00:09:20
    deep bloated windows
  • 00:09:23
    and I think the answer is do they just
  • 00:09:26
    do it out of the goodness of their heart
  • 00:09:28
    or is there maybe another intent what's
  • 00:09:31
    the bigger probability I'm not saying
  • 00:09:33
    that that's the truth
  • 00:09:34
    but I'm just saying you're trusting this
  • 00:09:37
    person that you don't know their name
  • 00:09:39
    you don't know where they live you don't
  • 00:09:41
    know anything about them you just know
  • 00:09:43
    that your favorite YouTuber or some
  • 00:09:45
    software company or maybe a tech news
  • 00:09:48
    article recommended it
  • 00:09:51
    and you're entrusting your entire
  • 00:09:52
    security your entire livelihood is some
  • 00:09:55
    on some people's computers you're
  • 00:09:56
    entrusting it to that person
  • 00:09:58
    so when it comes to custom isos it is a
  • 00:10:02
    no-go don't ever do it I'll never
  • 00:10:04
    redistribute an ISO I'll never do any of
  • 00:10:06
    this these are just some of the things
  • 00:10:08
    that can happen and if you do install
  • 00:10:12
    Tiny 11 you do install custom windows
  • 00:10:14
    isos
  • 00:10:16
    there's a good chance you're going to be
  • 00:10:18
    compromised
Tags
  • Tiny 11
  • Windows ISO
  • malware
  • botnets
  • keyloggers
  • custom ISOs
  • security risks
  • official Microsoft
  • digital signatures
  • antivirus