 So the question that comes up all the time is what antivirus should I run for my system? I want to focus this specifically on consumers but I will briefly touch on what we run for our businesses and the short answer for the Consumers is run Microsoft Security essentials. I'm bad at getting people to watch the entire video I guess so if you're looking for just the answer That's the answer for consumers. If you care why keep watching the video for the businesses I we have an entire stack that we sell so if the business doesn't want anything We tell them just to use security essentials if they want a full solution We sell them on the solar winds product and the solar winds product that we use is a full security stack Which means it's going to be web filtering It's going to be antivirus It's going to be actively monitored and it's going to come with patch management Which is one of the keys to it because even if you have a good answer But you don't patch your computer and this goes for consumers and business You have left yourself vulnerable by having outdated software on there And those are very frequent vectors of attack besides the phishing emails and everything else So we sell an entire securities manage solution to our businesses because we actively monitor it Because any system and this happens all the time with consumers. They get a system. They don't update it They ignore the updates. They want to keep doing whatever they're doing. The system becomes insecure That's not an option for our managed clients. We force them to do the updates whether they like it or not I guess you could say Which that's part of keeping them secure. So it's the compromise of inconvenience for security. So let's dig into the actual Test results and some of the reasoning behind me choosing security essentials And I'm going to start here at the chart So this is the uh april 2018 avi Dash comparatives. I'll leave links to this. Here's my problem with antivirus besides avi comparatives There's not a lot of people doing subjective testing In putting it together like this. It's also really hard. I've tried it myself The problem is you need a copy of a malware that hasn't gotten into The databases of one of these companies. So it's really hard to test even when we find some of the malware That I think you know when I've played around in my lab environment with this it's really hard to find an antivirus that doesn't catch it and That's because I'm just not on the cutting edge of the latest zero day exploits being handed to me before they've been You know found in the wild that being said that's part of the problem with most antivirus is it's very reactive It's find signature update signature file Push it out to the world Security researchers have to have this almost in real time to do it And that is actually what you're kind of paying for with these companies is that their signatures Are valid now that being said There's a lot of factors that go into keeping those signatures valid And that's why I have the april 2018 test pulled up now. I know some of you some but there's heuristics and there's other things. Yes There is heuristic behavior, which is antivirus has used known patterns of attack to determine that the software May not be Legit so they may go. Hey, this has those same things as the virus This is also what causes these spikes right here Which is the false positive spike f secure apparently having a whole lot of false positives in april 2018 and that's when it's just using the heuristics go that looks sketchy So i'm going to try to block it which of course is greatly inconvenient So another comparative is hey, it blocks everything. Hey, it blocked too much and now I can't use my system So these people break down are not going to get into every detail of every one of these But I want to give you a little comparison like I said back to why I like the microsoft one and why I recommend it Microsoft despite having some user dependence Uh ones here and what that's the yellow is is it says I think this is a virus you shouldn't run this And it does get the people to option to say yes Hence the yellow so a couple of different antivirus apparently I never heard of quick heal before ever before this moment When I clicked on it apparently it had the same problem But let's go and jump back a year F secure still rocking lots of uh false positives a year ago But you notice like even some of the other ones have changed It's a whole different list of tests The amount that microsoft had was very very few. Matter of fact, it was a user dependent point seven percent And this is one of those things for month to month that are different. So here let's just start walking through different months Let's look in november because that was an aggregate of all of them So let's just choose november and bit defenders looking pretty good f secure rock and false positives Uh and a few different names on here microsoft different rates. So you can kind of see just by changing from time to time There are different results from month to month. It's it's each month. They did it now They have the whole breakdown of how they do the test and let's look at uh We went to march. Let's go back further. So let's look at Yeah, well right here even bit defender in march apparently let some things come through And I bring up bit defender because of people have asked me about it. And then here's the uh viper trend micro f secure at least f secure is consistently false positive Things and microsoft having an even higher number of we asked the user if they wanted to run the virus and they had the option to Say yes, which is scary. And let's look at february real quick Same thing with f secure Bit defender looking good with the 99.5 and viper with a 99 percent So there's always a little bit that sometimes get through and even the well-hated McAfee software Scores the same as them now they have some other breakdowns and results for speed comparisons and they've gotten much better In terms of how much they slow down your machine, but that's still an issue So years and years ago. I might have recommended abg And I use certainly don't recommend anymore I find them to be just a product that breaks a lot of things matter of fact I have run into that with all of the antiviruses to some extent at a retail store that the problem of They can't get online is because the antivirus deeply has to embed itself into the system to function Because it has to deeply integrate with the system in order to function There was even a time when microsoft when they were pushing out some of the updates There was the potential that they were blocking certain antiviruses because the kernel update they did to protect the kernel I believe was from the meltdown patch also meant that the av system had to be aware of that kernel change And you can see where this all becomes a big cat and mouse game of integration Now let's go back a little bit and talk about the different antivirus programs And i'm pulling up here one of the security researchers landeev.io. And like I said, I'll leave all these links below Bit defender heap overflow it via 7z lzma. Now let me give you an idea what that all means what this is is the Antivirus became the attack attack vector And the reason why is the antivirus itself? Maybe they wrote the av engine, but there's still a series of components they need and for example They want to scan files. So if they want to scan files, they need things like 7zip to unzip those files Now having 7zip to unzip those files means if 7zip has a flaw, so does the antivirus therefore we have now Added a compromise that wasn't previously there. So now they can send a virus in Via the exploit of 7zip cracking open your antivirus creating an exploit that wasn't there if you didn't have an antivirus at all Or we're using the microsoft one. So that's to be think of you're thinking. Okay, you pointed out one example in bit defender Let's talk about on june 5th 2018 f secure Found one in the roar unpacking same Like same type of exploit so still the system has gone in and tried to compromise based on The unzipping system and mentioned before 7zip. So f secure Products are directly affected mentioned 7zip bugs believe some more difficult It wasn't 7zip before june 5 because that's here properly deployed aslr in this post. I am presenting the extension for my previous seven exploit To do the remote execute remote code execution So slightly different twists on it, but the same overall principle And like I said leave links to see you can read into the details and talk about how the bug works But now you have once again They've figured out a way to bypass the address base layout randomization, which is aslr Which is the idea is if the virus doesn't know where in memory it should put itself It's going to be hard, but they found ways around that so f secure by choosing A 7zip compiled in there with a cve vulnerability compiled in with it has now once again become The source of exploit on your system Now don't worry microsoft has Had their own problems as well. They have fixed a lot of them They are very responsive to people like tavis or midi Who's an amazing security researcher? I've talked about him before and he found some vulnerabilities in here about the way they sandboxed the Microsoft windows defender and they have made drastic improvements also when i was there at microsoft I seen some of the new up and coming things that have not been deployed in here Which is these specialized threat protections and and some of the different tools they use they have different methodologies Because microsoft doesn't want to be known as the virus company So they realized that there are so many shortcomings from all these antiviruses as part of the push For microsoft having windows defender They're also making it into an enterprise level solution with what they refer to as atp or advanced threat protection because They want to sell it to you as a service that's for the enterprise level the consumers still get the free one Don't worry. That's how far as I know it's going to be free indefinitely with windows And as they move to the windows store where you don't get third-party software They lock it down and it only gets signed software from the store. Once again, you've locked things down quite a bit more Now I had this pulled up because the bank swap mailware Innovative way to empty your bank account This is you got to think about where the attacks come from and the why so let's start with the why They want money. How are they going to get the money? Well, let's break that down a little bit They either want to load a crypto hijacker And do some crypto mining on your system. So that's a popular way to do it The other way to do this and this is where it's really interesting Um east set researchers have discovered a piece of mind where that employs new techniques to bypass dedicated browsers protection means and How do you access your bank? How do you transfer money? Well, you go right into your browser They realize that av systems have actually gotten overall this despite some of the flaws that we pointed out. They're pretty good But your browser people someone sent me this the other day. Hey, what about this browser? What about that browser? I use combination of things I use firefox and I use chrome Chrome automatically updates firefox automatically updates There's lots of other browsers that do not automatically update and people are like, oh, I like the I got to keep my own plugins So I like this old browser If you do banking if you do things that are secure I actually suggest for some of our businesses go buy a cheap chrome book And use your computer for everything else but use the chrome book for the baking Because what this does is finds a way to get in the browser and it's really interesting because it's it's able to flip the bits and Just try to change some of your banking stuff on there And now because these viruses are so quiet And there's been another one. I don't recall the name but it used to flip bitcoins If you copy and pasted a bitcoin it would live in memory And just change the bitcoin address and if you've ever seen a bitcoin address are kind of long So you would copy and paste them and all it would do is wait for the copy and paste and it would paste in its number This flew under the radar of so many answers because it's such an Such a tiny little thing and that's kind of what these Companies are doing. Okay. We want money Infecting with a full blown suite of crap. It's really hard now They're not impossible. Don't worry. I know people still get toolbars and stupid things on our computers all the time from downloading Every driver update they can find But by finding these little edge case mailwares that are really quiet Makes a huge difference because it's harder for the antivirus company to see it It's not very many of them many of them deployed. They often come in from a phishing attack and are very focused and targeted So these are the more scary ones because They're high value. So they find them now This is also how the antivirus world works and why I should say the virus world works is exploiter found They're sold on the black market. They're sold for a high amount of money if they can bypass An antivirus software. So if they run the antivirus and they scan these Fancy tool that someone made and go, hey, guess what? Nothing catches it They can sell that for a good amount of money and until it's used in the wild Because they found some methodology that you know bypasses the heuristics You have a scary situation in your hand. This is also part of the reason I feel much better running linux because I only Pull data. I only pull programs from the repositories that are signed So i'm not loading any third party systems on here, which is why there's not really a need in the linux world to run it but That being said before I get too far off topic. This is why the microsoft security essentials They seem to be just as up to date as the other ones You're really only getting as good as their lab is able to find these flaws and do it and guess what someone's first Is it you? This is one of those problems of like it's the virus. They're very reactive even though we have heuristics and the people the bad guys They're at it non stop because there's so much money in these things between the malware miners the bitcoins and everything else that they're after Or just your banking information With like bank spot malware or a browser plugin that watches things This is why you have to be so careful before you load any type of browser plugin I only use very specific ones If you may have noticed, you know, i'm kind of picking on that Now that being said things that can really help is Just think about what sites you're going to don't click on things that seem suspicious never enter your password because sometimes There's not even an antivirus. Do you click on a link that says log into your paypal and You logged in it wasn't paypal. They got your data No antivirus really they're supposed to stop you from phishing sites But once again, they have to know it's a phishing site in order to stop that So this becomes back to the circle of they have to know about it to block it So it gets really really tough and all the companies are working towards a better system for it But it's not simple start at the website. You wanted to go to not at the link in an email that said Hey, you need to update your credentials at your bank at your accounting office or wherever So those are a couple of tips for keeping safe. Microsoft. I still think is the best antivirus Compared to the other ones and I don't run one in linux And you don't need to run one on your phone if that becomes a question as well Maybe I'll talk about that more in depth later at some time But I see a lot of people run out and buy them You're just making a bunch of money for those people that put the stupid apps on it. It says buy and scan your phone I don't think they do any good Thanks for watching. If you like this video, go ahead and click the thumbs up Leave us some feedback below to let us know any details what you like and didn't like as well Because we love hearing the feedback or if you just want to say thanks Leave a comment if you wanted to be notified of new videos as they come out Go ahead and hit the subscribe and the bell icon that lets youtube know that you're interested in notifications Hopefully they send them as we've learned with youtube Anyways, if you want to contract us for consulting services You go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you We work with a lot of Small businesses it companies even some large companies and you can farm different workout to us Or just hire us as a consultant to help design your network Also, if you want to help the channel in other ways, we have a patreon We have affiliate links. You'll find them in the description You'll also find recommendations to other affiliate links and things you can sign up for on laurance systems.com Once again, thanks for watching and i'll see you in the next video