- Feb 7, 2023
- 2,351
The human brain has much more processing power so a user who developed “natural heuristics” may recognise malicious site based on its poor quality or malicious file based on icon (for example pixelated or does not correspond to what the file claims to be), size (for example it claims to be Norton installer but it is 700MB), name and others.Some people will not learn good habits, similarly to those who will never learn mathematics. Even if you spend much time learning them, they cannot fully rely on good habits. The same can be true with "Layered protection". It cannot protect someone who cannot resist running shady stuff and turns off the protection.
These are very difficult to explain to a machine even with ML models.
Imagine a scenario where a developer wants to implement a password-grabbing parser so they can scan password-protected archives. User will see the password (wherever it is) in seconds and will even be able to solve a challenge for it.
For a machine-based parser, most likely thousands of pages and archives will have to be classified and fed into an ML model so the system can identify passwords and it still won’t be 100% efficient.
That’s just one example of machine vs human intelligence.
Static analysis on the other side will look at usually over 4000 features, most of which a human won’t understand. Combined together, the “user heuristics“ and additional checks + technology will have greater visibility.
Problem is not everyone can develop the “natural heuristics” mentioned above, a lot of people are just not interested in all that.