App Review Cylance (old and new) vs. Signature-based AV (in an offline test) with fresh malware and ransomware

[509322]

It's obvious who is the core problem why Cylance threads are locked up. Self-righteous cancer.

And who might that be ?

You have been one of the few who lashes out and makes personal attacks. Just proves my point that I have stated over-and-over... that some are just too emotionally involved in these debates.

If there is any party that is a proverbial "cancer" within the industry, it is Cylance and the people running the company. What they have done, and continue to do, is very well documented. This isn't something I just created to provoke you or anyone else. Like I have said, there is ongoing backlash. And it is fully justified as a matter of principle. If you have an issue with the backlash, then take it to the people that created it in the first place - which is Cylance. Cylance created it. Not me.

Plus, I keep saying people should use what works best for them on their specific system(s).

I am allowed to operate and act on my principles.
I am not bashing CylancePROTECT nor Smart AV one, single, bit.

So I don't understand what your ongoing problem is.

 

[artek]

If open debate is no longer permitted here, then we should all close-up shop and go home forever.

I completely agree.

 

[oldschool]

+1. Also why I like to keep the conversation light-hearted.

 

[ForgottenSeer 58943]

Cylance IMO should get it's own forum category here. They've got enough skin in the game to warrant it, and they'll have some other interesting things coming out that will help justify it even more.

CylanceProtect (Corporate), Cylance Smart AV (Home), Cylance Free (Until December). Certainly a few of us are continuing to test it, keep tabs on updates and to inform on changes with it. A birdy tells me Cylance Infinity will be coming to the home market for on-demand scanning. Now we know Smart AV is actually a beta, and apparently is due for some interesting development.

I personally find it repulsive Cylance threads get shutdown so quickly, but that's me, I like fair and open discussion. The last thread seemed to be closed when the discussion settled down and everyone became civil.

 

[509322]

Cylance IMO should get it's own forum category here. They've got enough skin in the game to warrant it, and they'll have some other interesting things coming out that will help justify it even more.

CylanceProtect (Corporate), Cylance Smart AV (Home), Cylance Free (Until December). Certainly a few of us are continuing to test it, keep tabs on updates and to inform on changes with it. A birdy tells me Cylance Infinity will be coming to the home market for on-demand scanning. Now we know Smart AV is actually a beta, and apparently is due for some interesting development.

I personally find it repulsive Cylance threads get shutdown so quickly, but that's me, I like fair and open discussion. The last thread seemed to be closed when the discussion settled down and everyone became civil.

Staff here at MT does not shutdown threads for no reason. It mostly happens when people start to complain about posts is when the problems start. And there have been no offensive posts in any of the recent Cylance threads that I have seen.

When people accuse others of trolling, because they don't like what the other person posted, that is a huge problem in and of itself. They are calling those people trolls and complaining about them because their intent is to censor what those people are posting. It goes even further than that... because one person likes software X and another doesn't, I have seen people try to maliciously get others banned or mess with their membership here at MT.

It's all because some people cannot control themselves. They get too emotionally involved. I mean we are talking about security softs. And what is happening is open, free debate with a whole range of perspectives. There are some larger issues being debated. Those of us trying to foster open debate are the object of acrimony - simply because we are fostering open debate.

It's not like there is open, targeted harassment here at MT (it did happen in the past). There is just open debate. But some aren't getting their way... which is to not have any debate whatsoever. There goal is to censor for whatever reason(s).

There have been no posts anywhere that would prevent anyone from figuring out if product X or Y or Z is right for them. There are no violations of MT's terms of service in any of the threads that I can see. What this is all about is people trying to manipulate and control the threads. They can't do it, so they are complaining over-and-over.

 

[artek]

Who is calling for the threads to be locked? I really didn't see anything that warranted shutting the conversation down.

 

[509322]

Who is calling for the threads to be locked? I really didn't see anything that warranted shutting the conversation down.

Some people will complain about posts and staff will lock it. It happens on most of the "What is best AV ?" threads. Because some people get all bent out of shape - because they don't like even healthy and innocuous posts - and start complaining. They want the thread to be only the way they want it, but cannot achieve this, and that is when the problems and complaints start.

People who don't like what is posted can ignore those posts, but some cannot control themselves. It's not as if any of the posts that we are talking about are violations of any kind (which violations and the breaking of laws should be complained about and dealt with swiftly.)

 

[Kubla]

Cylance IMO should get it's own forum category here. They've got enough skin in the game to warrant it, and they'll have some other interesting things coming out that will help justify it even more.

CylanceProtect (Corporate), Cylance Smart AV (Home), Cylance Free (Until December). Certainly a few of us are continuing to test it, keep tabs on updates and to inform on changes with it. A birdy tells me Cylance Infinity will be coming to the home market for on-demand scanning. Now we know Smart AV is actually a beta, and apparently is due for some interesting development.

I personally find it repulsive Cylance threads get shutdown so quickly, but that's me, I like fair and open discussion. The last thread seemed to be closed when the discussion settled down and everyone became civil.

Agree I am not sure I have seen this much input, this quick, one a piece of software before it seems to have sparked everyone's interest in one form or another.

 

[509322]

And why are my perspective posts sinister only because I work for AppGuard ? I am not here promoting any product whatsoever nor dissuading anyone from using any particular product. I have openly stated time and again... "People should use what works best for them on their specific system(s)." What I have posted in various places are commentary based upon the prevailing habits and trends in these type threads and openly available facts about Cylance and their product.

It is people assigning malicious meaning and intent to posts and pariticpation as they wish. I've seen it many times before, and I'm sure it will never end on the forums.

 

[ForgottenSeer 58943]

And why are my perspective posts sinister only because I work for AppGuard ? I am not here promoting any product whatsoever nor dissuading anyone from using any particular product. I have openly stated time and again...

Someone asked me about testing FortiClient in the hub and if I would tweak a special configuration file up for it with some juiced up secret sauce settings. (which I can do) A legitimate request. But I told them that FortiClient would get hammered. FortiClient is not really designed to function stand-alone, and it's best aspects wouldn't be levied in a pack test. Now if you put FortiClient behind a Fortigate and then test, it will usually score pretty nicely (as AV-Comparatives showed). If you put it behind a Fortigate and FortiSandbox, I could tweak it up so it would pass every single pack thrown at it. But stand alone? No way, it's kind of lame stand alone - but it's good at some things. That URL filter is really good, and some may be surprised, it's good against script viruses.

So we can always be honest, even if our castles and carriages are paid for by such firms.

 

[simmerskool]

Hi Simmer! Thanks for the file ID- that was sweet of you! [snip]
Thank you again for the file Simmerskool!

THANK YOU for checking it out further :notworthyy) Looking around my system some more, I pretty sure cylance quarantined it while it was being downloaded by chrome as cylance is showing it as a crdownload file. So I was specifically downloading something, but surely not the malware at least intentionally. But also pretty sure that CyProtect did not give me any alert, or I was not alert at the time. As you note, cf@cs (without av) would have stopped or blocked it too. But it did sneak passed the router ATP (guessing, unsure, if the vpn was bypassing ATP?? -- I guess I should understand that better)

 

[ForgottenSeer 58943]

But it did sneak passed the router ATP (guessing, unsure, if the vpn was bypassing ATP?? -- I guess I should understand that better)

That's exactly what happened. If you use a VPN you negate your network/gateway protection so you need to be very careful. This is why we block VPN's in enterprise environments, not because we're worried we can't see what people are doing, but because VPN's are going to let a whole lot of nasty critters into the enterprise systems.

For the kid running a D-Link router at home, a VPN won't be any better or worse. For anyone running a UTM or UTM-Like or even a URL scanning router, the VPN is going to significantly reduce their security. Your VPN provider - whoever it is - doesn't care about malware passing through it. Those VPN's don't sit behind UTM/NGFW's at their colos. VPN's are best used outside of your secured network if you have a reasonably secure network. Those with cheap routers it doesn't matter much, you've got no protection either way.

 

[509322]

Someone asked me about testing FortiClient in the hub and if I would tweak a special configuration file up for it with some juiced up secret sauce settings. (which I can do) A legitimate request. But I told them that FortiClient would get hammered. FortiClient is not really designed to function stand-alone, and it's best aspects wouldn't be levied in a pack test. Now if you put FortiClient behind a Fortigate and then test, it will usually score pretty nicely (as AV-Comparatives showed). If you put it behind a Fortigate and FortiSandbox, I could tweak it up so it would pass every single pack thrown at it. But stand alone? No way, it's kind of lame stand alone - but it's good at some things. That URL filter is really good, and some may be surprised, it's good against script viruses.

So we can always be honest, even if our castles and carriages are paid for by such firms.

You can call it whatever you wish, but what goes on here is a less dramatic version of Triple Helix's and Baldrick's behaviors. Whether you call it fanboyism or whatever... the one prevailing thing that happens over-and-over on the forums is people losing their wits and getting way too emotionally involved. In the most extreme cases, some people cannot control themselves to the extent that they do things that gets them banned and/or into legal troubles.

Just because a person posts something that some might find contrarian doesn't make the contrarian the devil. Only those that are easily offended and want to censor and launch personal attacks are the ones who really cause the trouble.

 

[509322]

That's exactly what happened. If you use a VPN you negate your network/gateway protection so you need to be very careful. This is why we block VPN's in enterprise environments, not because we're worried we can't see what people are doing, but because VPN's are going to let a whole lot of nasty critters into the enterprise systems.

For the kid running a D-Link router at home, a VPN won't be any better or worse. For anyone running a UTM or UTM-Like or even a URL scanning router, the VPN is going to significantly reduce their security. Your VPN provider - whoever it is - doesn't care about malware passing through it. Those VPN's don't sit behind UTM/NGFW's at their colos. VPN's are best used outside of your secured network if you have a reasonably secure network. Those with cheap routers it doesn't matter much, you've got no protection either way.

A lot of the privacy fanatics on the forums incorrectly promote full-time VPN usage. People pick it up and carry it forward... unfortunately. That's where the utter mis-use of VPNs comes from. And also, the promotion of VPNs for malware testing to evade problems with ISPs and such.

The mis-application of full-time VPN usage is rampant. People are getting bad infos.

 

[simmerskool]

That's exactly what happened. If you use a VPN you negate your network/gateway protection so you need to be very careful. This is why we block VPN's in enterprise environments, not because we're worried we can't see what people are doing, but because VPN's are going to let a whole lot of nasty critters into the enterprise systems.

For the kid running a D-Link router at home, a VPN won't be any better or worse. For anyone running a UTM or UTM-Like or even a URL scanning router, the VPN is going to significantly reduce their security. Your VPN provider - whoever it is - doesn't care about malware passing through it. Those VPN's don't sit behind UTM/NGFW's at their colos. VPN's are best used outside of your secured network if you have a reasonably secure network. Those with cheap routers it doesn't matter much, you've got no protection either way.

thanks for confirming my security thoughts about vpn.

 

[509322]

People keep saying Ai\ML is the future. That is bogus because companies have been using it forever. Ai\ML has been and is now - for a long time now. It is a marketing gimmick to say that a product is "Next Gen" because the "Next Gen" has been in use for over a decade. Cylance even admitted in an article that had contributed to the marketing confusion.

Ai\ML is nothing new. It isn't some recent innovation.

Stop feeding the pigeons.

 

[ForgottenSeer 58943]

People keep saying Ai\ML is the future. That is bogus because companies have been using it forever. Ai\ML has been and is now - for a long time now. It is a marketing gimmick to say that a product is "Next Gen" because the "Next Gen" has been in use for over a decade. Cylance even admitted in an article that had contributed to the marketing confusion.

Ai\ML is nothing new. It isn't some recent innovation.

Stop feeding the pigeons.

Well yeah, it's not really the future. It's now.. Most companies have some sort of AI/ML technologies in place. Have you seen how good SEPC is with ML now? It's probably way better than Cylance at this point and is ridiculously robust because SEPC covers almost all vectors and has that ragingly good Firewall+IPS.

I guess the proper phrase might be 'AI/ML has been around, is getting better and will be more capable as time goes on'.. Is that better? LOL

I think the future for Cylance is either it is acquired and integrated with another product/suite, or it becomes a licensed product for other solutions. They already signed a multi-million deal with Watchguard Security to put Cylance on the gateway of ALL Watchguard Appliances - that's already rolled out. Those kinds of licensing arrangements are where I predict it is heading. Or like InterceptX, they get bought out and tucked inside another product.

Watchguard is going places in that they license some of the top technologies in their areas, most recently adding some big players to try and score higher on the quadrant.

OEM Partners

 

[Burrito]

You can call it whatever you wish, but what goes on here is a less dramatic version of Triple Helix's and Baldrick's behaviors. Whether you call it fanboyism or whatever... the one prevailing thing that happens over-and-over on the forums is people losing their wits and getting way too emotionally involved. In the most extreme cases, some people cannot control themselves to the extent that they do things that gets them banned and/or into legal troubles.

In my time here at MT.... this board is superior to that dying board featuring those two... -- and their constant drumbeat for a flawed and inferior product.

And yes, people get way too emotional about their purchases. Some people need purchase validation so badly.... that they lose their logic and reason.

In cognitive science, choice-supportive bias or post-purchase rationalization is the tendency to retroactively ascribe positive attributes to an option one has selected. It is a cognitive bias. For example, if a person chooses option A instead of option B, they are likely to ignore or downplay the faults of option A while amplifying those of option B. Conversely, they are also likely to notice and amplify the advantages of option A and not notice or de-emphasize those of option B.

 

[Nightwalker]

People keep saying Ai\ML is the future. That is bogus because companies have been using it forever. Ai\ML has been and is now - for a long time now. It is a marketing gimmick to say that a product is "Next Gen" because the "Next Gen" has been in use for over a decade. Cylance even admitted in an article that had contributed to the marketing confusion.

Ai\ML is nothing new. It isn't some recent innovation.

Stop feeding the pigeons.

Exactly, "traditional" security vendors have been using it since many years (decades?) ago.

I like the articles that ESET has done about "Next gen" solutions:

Next-gen security software: Myths and marketing

Machine learning and math can’t trump smart attackers

https://www.welivesecurity.com/wp-content/uploads/2017/08/NextGen_ML.pdf

Machine learning by ESET: The road to Augur

 

[ForgottenSeer 58943]

In my time here at MT.... this board is superior to that dying board featuring those two idiots.... Triple Hernia & Bald-dick -- and their constant drumbeat for a flawed and inferior product.

And yes, people get way too emotional about their purchases. Some people need purchase validation so badly.... that they lose their logic and reason.

In cognitive science, choice-supportive bias or post-purchase rationalization is the tendency to retroactively ascribe positive attributes to an option one has selected. It is a cognitive bias. For example, if a person chooses option A instead of option B, they are likely to ignore or downplay the faults of option A while amplifying those of option B. Conversely, they are also likely to notice and amplify the advantages of option A and not notice or de-emphasize those of option B.

Don't forget sunk cost fallacy which could also apply. You buy something, spend money, justify the money spent, then continue to spend money (or time) promoting what you purchased under the need to justify what you've already done without realizing that the money, time and effort you spent would be better served by avoiding the continued fallacy and stop investing in said venture.

There used to be a dude around here, Mekelek or something that reminded me of Triple Herixmer and Baldrick. He'd pop into every thread bandwagoning the same solution and cutting everything and everyone else down that said anything different. It's amazing how one or two guys like that can run a forum into the gutter. But MT mods, to their credit, dealt with it properly.