Please provide comments and solutions that are helpful to the author of this topic.
Gosh I really can't think of such model. I understood that the question is about a program that uses sort of next-gen approach.I assumed he meant a malware detection mechanism that is "outside the box". You know, not traditional and not next-gen ML/Ai. Something that is not simply just another clone.
I honestly can't even see that applied on practice. What benefit are they seeing in that?The term "next-gen" is meaningless, which is why we have never and will never use that term in our marketing . I think he means something outside the box.
The OP proposed a great question. A tough question. Also, I think it is important to exclude anything that is a clone of another tech.
BTW, I read the other day that some company was trying to implement block chain into their engine. I could be completely wrong about this, but I do not see how block chain is going to help in any meaningful way... I guess we will see.
I don't get it either... perhaps we have overlooked something .I honestly can't even see that applied on practice. What benefit are they seeing in that?
Yeah, I have heard a lot of great things about WV recently and have considered pairing VS with WV because WD is quite slow and not at all user-friendly, so I ran a test (unlisted on youtube)…WiseVector StopX
Adding PUP's to their training set might increase false positives and this is already a product, not coupled with a whitelist. PUPs are just a step away from a fully legit program.WV did pretty well with the really bad malware, but as you can see, they probably need to add some more PUP’s to their training data sets.
Very true, but they could create a completely different algo and training data set just for PUP's, then make PUP detection optional.Adding PUP's to their training set might increase false positives and this is already a product, not coupled with a whitelist. PUPs are just a step away from a fully legit program.
Anomaly detection would be better in this case, if trained properly, with a large set of trusted programs and installers. And still, identifying them manually and creating simple, generic heuristics would be the best.Very true, but they could create a completely different algo and training data set just for PUP's, then make PUP detection optional.
Most of these PUP's are pretty bad PUP's... most of them are much closer to real malware. You would not want any of them on your machine, but on the other hand, they are not nearly as bad as a lot of stuff that is out there.
I've spent many years testing every PUP I've been able to find. In my opinion anything that is actually malicious can be classified malware, whereas actual PUPs are not malicious and can usually be easily uninstalled. They certainly can be an annoyance, particularly when they come bundled as unwanted with other software and in some cases can cause problems. For example, a cleaning app which has an unsafe registry cleaner, that mistakenly deletes important registry keys. But in that example, any problems caused are not intentional, but rather due to a poorly coded registry cleaner.Most of these PUP's are pretty bad PUP's... most of them are much closer to real malware. You would not want any of them on your machine, but on the other hand, they are not nearly as bad as a lot of stuff that is out there.
Here is an example... SAP has been labeled by reputable AV's as a PUP for a very long time, even though it is not.I've spent many years testing every PUP I've been able to find. In my opinion anything that is actually malicious can be classified malware, whereas actual PUPs are not malicious and can usually be easily uninstalled. They certainly can be an annoyance, particularly when they come bundled as unwanted with other software and in some cases can cause problems. For example, a cleaning app which has an unsafe registry cleaner, that mistakenly deletes important registry keys. But in that example, any problems caused are not intentional, but rather due to a poorly coded registry cleaner.
While it is good to be able to remove PUPs from the point of view they can be an annoyance. On the other hand, if they're not actually doing anything malicious and can be uninstalled, then I don't think the ability to have an excellent detect rate for PUPs is too critical, particularly when it could possibly increase false positives.
Can you give some examples of PUPs, which as you said - are closer to real malware? I'm just curious.
Please see above .In my opinion only misleading apps, apps with no clear privacy policy and apps with no proper uninstall routine should be covered by PUP detection. Some of these can't be detected with machine learning algos, behavioural blocker or any other automated classification system. They have to be manually detected and then signatures/heuristics can be created/tweaked.
Everything else might be removed at user's discretion.
Jiangmin classified SAP as ClipBankerPlease see above .