The Big Antivirus Lie in 2021

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

3 of his 4 points are partially valid, though they are true for any piece of software, and the stuff he said about zero day attacks is straight up an lie, theres a reason AV's employ herustics, behavior monitoring, AI, ML, Cloud databases, etc, no well known antivirus relies completely on signatures anymore, its been that way for atleast an decade.

IMO reactive protection and cloud databases has taken over the need for signatures and are only ever useful against older malware, this is especially evident with Windows Defender as they rely heavily on their cloud and reactive protection meaning they leave out very old malware signatures.

👍︎︎ 2 👤︎︎ u/EndangeredPootis 📅︎︎ Jul 23 2021 🗫︎ replies

Can you summarize the video? I can't watch just now, but would like to know.

👍︎︎ 1 👤︎︎ u/Dump-ster-Fire 📅︎︎ Jul 23 2021 🗫︎ replies

with the Https interception thing, that is exactly one of the reasons I use emsisoft. Their blog has a good explanation and how they do it Emsisoft HTTPS interception: What E msisoft customers need to know.

👍︎︎ 1 👤︎︎ u/SkippyStyles 📅︎︎ Jul 23 2021 🗫︎ replies

Captions

one of the biggest perpetrated lies in tech is that you need an antivirus software except you probably didn't know that your antivirus in 2021 is nowhere near what antivirus products did in the 1990s they became worse for both your security and your privacy john mcafee who came up with the mcafee antivirus in 1987 would say himself when he was alive that an antivirus today is useless i'll let you in on another secret your antivirus cannot stop a zero day malware not only that it exposes you to even more threats in this video i'll explain how antivirus products went from doing something simple to now being a vector for intrusion into your computer or phone it's basically a trojan horse later i'll explain an alternate approach that will be tremendously safer for you and will stop most viruses cold nothing is foolproof though but an antivirus isn't helping your cyber security stay tuned [Music] i'm on the platform odyssey.com and i'm now one of the top creators on there just for insurance in case i get the platform please follow me there using the link in the description i have a non-logging vpn service bytes vpn my company also sells the google phones and vpn routers these products are made to make your identity disappear on the internet and hopefully this video will explain why these products are important if you're interested in them they are on my app brax me the link is in the description the anti-virus industry is a multi-billion dollar enterprise so i expect that organized trolls will attack me for what i say but i'm not beholden to any corporate entity so today you will learn the truth first i want to give you a little history of how antivirus products worked in the past and how they've evolved and frankly not in a good way anti-virus products started being mainstream in the early 1990s when the internet became a thing i remember in the 1990s when you simply connected a computer to the internet and within an hour or less it would already be infected with a virus those were the early days of malware and cyber security one of the most common attacks on a computer was to replace a system file on windows so your computer will have a permanently embedded malware this would turn your computer into a bot that can then be used by third parties as a slave computer without your knowledge and the most common way of inserting a virus on a computer was to embed an executable in an email as an attachment or to insert a virus when you download some file from the internet so when you click on malware it installs a fake system file and your computer is compromised the solution used by the anti-virus of the day was to recognize ball wear through the file system an anti-virus scans your file system on a regular basis and using a recognition process called heuristics the anti-virus looks for signatures of known viruses and then confines these and removes them from user access by the way it so happens that this old-fashioned approach is still used by windows defender today this is the built-in anti-virus in windows 10. also i should mention that there are fewer viruses on a mac and on linux and most people survived on these operating systems without an antivirus this is not an accident there's a reason these os has performed better against malware though nothing is immune to malware but i'll get to that the anti-virus companies wanted to sell you better and better mousetraps at least in your perceptions so they started adding features that did more and more things and sounded good you will not notice the bad things that an antivirus will do other than slowing your computer down big time so let's examine what the new innovations were in antivirus land since the original mcafee days the problem with the old antivirus approach is that the virus files were not detected until after they already infected your computer and only when the antivirus performs a hard disk scan so to counteract this antivirus products were designed to access files entering your computer ahead of the user one of the earliest approaches to getting ahead of a virus infection was to scan email before it reaches your inbox instead of your email client going directly to your email server it was actually your antivirus software that picked up your email scanned it and then set it into your inbox if it passes the scan now this was already dangerous anti-virus products could have been trojan horses since they could in effect read email in advance and forward it to third parties or delete selected emails or modify them especially since antivirus products used a rule set that was downloaded weekly then the antivirus evolved further they were embedded in the file system process itself every time a disk write was involved the anti-virus would get into the middle of the file right and pre-scan the file then it could intercept malware from getting written to disk one of the most egregious and most dangerous evolution was the justification for defending against a phishing attack no anti-virus products like avast will install a fake root certificate in your computer then this fake root certificate will allow the antivirus to see all your encrypted tls traffic or https this is very dangerous since whoever has the private key of this fake root certificate can in effect cancel any encryption on that computer and by the way avast is now the second largest antivirus company worldwide and they also sell vpn products so understand what i'm saying here imagine using a vpn product offered by an anti-virus company like an avast or norton if a fake root certificate is installed on your computer someone can quietly read all your internet traffic and it would be completely open completely unencrypted completely exposed supposedly the purpose is for the antivirus to scan for dangerous websites but this means that to the antivirus there is no secret on your computer i want to make clear that i'm not accusing these antivirus products and performing these kinds of attacks but it is obviously within their technical capability to intercept all internet traffic so for the right kind of financial incentive everything becomes easily doable it goes beyond this this became reality already the product kaspersky was basically hammered in the usa because it was accused of spying on government agencies what happened was that a u.s three-letter agency was developing some malware for offensive use kaspersky somehow detected the malware in the computers of personnel running kaspersky antivirus and the problem is that the russians got a hold of the malware and thus u.s cyber security secrets were revealed inadvertently when an anti-virus detects a file falling into its rules it will forward the file to hq for inspection which for kaspersky was in russia and in this case it actually became a real spy app the justification for this was that they needed to study new malware and by getting a copy they can examine the malware and then create heuristic rules to recognize them in a few the problem is that basically an antivirus could be given a rule to capture any kind of file we saw that they can catch offensive malware how about a btc wallet so kaspersky was banned from use in the us government but i'm sure some other antivirus was used as a substitute why is everyone so obsessed with having an antivirus let me explain the next big lie with antivirus products i want to make sure this is emphasized and it's clear no anti-virus product can stop a zero-day attack the main purpose of an antivirus in today's world is to stop the quick spreading of known malware known in the original mcafee antivirus of the old days someone at the mcafee hq would get reports of saw malware post attack obviously then the anti-virus hq staff would study the file and then identify a signature that the antivirus would recognize and use that signature to block the file on the computer if you understand this process someone has to get attacked first then the antivirus company has to get a copy of the malware and then they have to research a signature solution so by the time that completes and a solution is sent to all anti-virus users via updated virus signature files it is no longer a zero day malware zero day means undiscovered malware malware exists in plenty of computers completely undiscovered for some years those that are created by state level players are particularly good at hiding an anti-virus would not have any defense against them until someone discovers them again for clarity the real purpose of an antivirus is to prevent the spread of known malware and mostly it's for kitty viruses not the serious ones an anti-virus actually exposes a greater attack surface in other words a cyber attacker will have more avenues to attack a user with an anti-virus than those without one in order to defend a machine an antivirus probes the input coming in from the outside world in advance before the user interacts with it so file downloads are pre-examined email attachments are pre-read websites are pre-checked before display i already explained the man in the middle mit i'm dangerous to this an antivirus takes over the incoming channels called ports on the computer and uses that to get ahead of the user software before those apps encounter a potential malware so let's say a bad player sends you a malware via an email attachment could be a zip file with dangerous executables in it the anti-virus will download the attachment in advance which slows down your computer of course and then it will actually take out the contents of the zip file and if there are executable files it will load those executable files in a sandbox space and run them to see what they do if the executables misbehave then the antivirus will stop them in theory it sounds like a sophisticated defense but in reality it introduces such severe dangers that hardly anyone recognizes first the anti-virus is installed as a privileged app in other words it has administrator or root rights this means an antivirus is authorized to read and write to any privileged space like the system files area so if you can beat the antivirus you will have gained admin access to the computer let me just give you some examples of tricks used to defeat this anti-virus defense a good malware developer has many tricks up his sleeve for example the attack is often delayed so the malware executable doesn't do anything immediately that can be discovered by the antivirus or it spoofs some normal behavior so it gets into the system another attack is to make the attached file so large that it crashes the antivirus or the malware developer may know of zero days on certain file types another approach is that the trojan malware just sits there and opens a communications channel only then the malware connects to a remote controller server to await instructions possibly weeks later the innocent looking app will then download the malware separately disguised in a way that cannot be discovered for example a malware downloads an image file and then the malware is actually embedded in the image which it then extracts and saves into an executable this advanced technique allows new malware to be inserted in and out of the computer as needed by the attacker and often without detection since the moves appear benign this was used to attack the device of angela merkel the german chancellor and for those not in tune with the latest attacks there is a framework tool called metasploit that can actually be used where the malware never gets written to disk the communications portion called meterpreter loads malware into memory directly as needed because no attempt is made to write malware to disk then there is no avenue for the antivirus to detect the attack as i mentioned earlier by their nature anti-virus products are installed with privileged rights on a computer an advanced antivirus product becomes a doorway for an attack thus you actually have more attack surfaces than ever before antivirus products are easily subject to direct attacks through buffer overruns and so on which caused the antivirus to crash this is even more true because most antivirus products are written in c or c plus where these types of programming errors are very common once you crash a privileged process then you basically gain admin rights on the computer which obviously renders all defense's moot an attacker can basically intentionally fake out an anti-virus and crash it while it examines a file in its sandbox and do a few things to take over the computer one specific attack is for malware to access known fixed areas of memory where the anti-virus is operating and insert malware directly and another is to take control over the sandbox itself which can be run in a privileged space three letter agencies have found vulnerabilities in so many of these antivirus products using the lines of attack i just described here and many of these were published in wikileaks vault 7. those that were mentioned in wikileaks may have been fixed by now maybe and we knew these only because of wikileaks but new attacks discovered since then would not be known and would still be propagated in these products one thing to note is that many antivirus products are sold with different names but actually share the same antivirus engine so a vulnerability on one actually extends to many many other brands let me summarize the antivirus flaws number one an anti-virus is basically a man in the middle it's seeing more than you expect number two an antivirus expands your threat surface you will be more vulnerable to a serious cyber attack than without an antivirus number three an anti-virus slows down your computer number four an anti-virus is useless against zero-day malware number five an anti-virus is hackable and inherently dangerous because it has root access given what i just explained as the inherent danger of anti-virus products then what is my recommendation what do you do let me return to something i mentioned earlier i said that mac os and linux users appear to be safer from viruses compared to windows and even more interesting phone operating systems like android and ios do not suffer from direct virus attacks these platforms are harder to crack even without an anti-virus the explanation often given is that windows itself is just more vulnerable by design than these other platforms or another explanation is that there are just more windows users so it is more lucrative to attack windows first although this is partially true it is by no means the real reason especially since operating systems like android are even more popular pay attention to what i will say here because this is part of the solution to malware the reason linux is safer from viruses is that linux by its nature defaults to an unprivileged user you have to specifically take action with a password to do anything with administrator or root rights the default installation of linux is that you do not have privileged rights this shuts down the ability of malware to insert itself in dangerous areas linux is based on unix and this has been the way that operating system was designed since day one this is the same with mac os which is also based on unix you can still install malware on any computer but it would require social engineering in other words the user has to be tricked to installing something intentionally that my friends is a separate topic and it's not connected with an antivirus so i will not get into that in contrast when you are on a windows computer you are by default the admin user thus you are exposed to possibly running dangerous processes that can change the system itself especially things that run with no user interface so the solution is simple on any computer always do your normal activity as a non-privileged user i explained this in my other video on how to set up a computer safely create a new user that is not an admin or root and use that daily if you need to do system related tasks like installing new apps you switch over to the admin account you accidentally download malware because you are not a privileged user you will be unable to do dangerous things like replace system files a very simple solution and draws from the experience of users of unix and linux by the way a mac os user does not automatically get a non-admin user either so it's more vulnerable in my opinion than linux however the rest of the processor are very similar to linux so if you have mac os then do the same as windows set up a new user with no admin rights there's nothing further to do on linux next important tip if you're using windows 10 then all you have to do is enable windows defender windows defender is an anti-virus it is free but it is based on file heuristics only in checks the file system after the fact it does not have the advanced capabilities and vulnerabilities of the modern antivirus it is basically the equivalent of the old mcafee antivirus from 1987. it is very limited and its purpose is simply to stop the spread of known malware since it doesn't have the attack surface of the other anti-virus products it would be safe to use for protection and may be necessary in a corporate environment since spreading malware may have worse effects it was actually a good thing for microsoft to at least include this to protect the reputation of their os however it is still possible for this product to behave as an mitm or man in the middle i think windows already does so many mitm things that this would not be the best vector for them to put such things they already control the os so i think the additional risk is minimal if you are using linux mac os android or ios use nothing in spite of attempts to tell you that these operating systems can be attacked by malware which is true you will not be saved by an anti-virus and at worst be exposed to all kinds of mitm possibilities and new attack services will be open the way to prevent any computer from attack is basically to not use the device as a privileged user and to regularly do a computer factory reset a factory reset will clear out all the malware for sure i recommend this on all computers do a factory reset on a regular schedule at least a couple of times a year and more often if you're in a sensitive profession the reason i suggest this is that there is no way you will discover the hidden trojan malware that downloads custom attacks like metasploit or meterpreter the low-tech way to solve everything is with a factory reset i would keep my data in a separate disk drive so i never have to worry about backing them up and every time you install a new software keep a copy on the second drive so factory resets become simple this idea of regular factory reset is the principle behind the tails operating system likely the most secure linux distro it has no file persistence it always gets restored to factory after a restart so what i'm saying here has precedence alternatively you could keep data files in another drive and then do a restore from a copy of the boot drive to restore it to some known state that would be even more user friendly than the method used by tails i'm not saying these procedures make it easier unfortunately cyber security is never easy but don't fall for the fake promise that an antivirus will actually protect you as the u.s government even discovered the anti-virus was used to spy on them not sure the government learned the advice to distrust an antivirus comes from the sucking ia itself it stated in wikileaks though my analysis here goes way beyond that in case you think i'm not being straight up i want to emphasize that i do not use an antivirus other than windows defender on windows i have not been inundated with viruses at all this video was a special request to my subscribers i hope you find my videos of value if you do please hit that subscribe button the notification bell so you get more of this content you can support the cause by joining us on patreon or checking out our vpn and d google phones in my store thank you for [Music] watching

Info

Channel: Rob Braxman Tech

Views: 116,837

Rating: 4.9551449 out of 5

Keywords: internet privacy, tech privacy, privacy, internet privacy guy, antivirus for windows 10, best antivirus, worst antivirus, best antivirus 2021, antivirus for pc, antivirus unsafe, wikileaks vault7, norton antivirus, avg, kaspersky, avast, malwarebytes

Id: EqI-7w8AYGg

Channel Id: undefined

Length: 22min 33sec (1353 seconds)

Published: Thu Jul 22 2021