Cylance Smart Antivirus

  • Thread starter Deleted Member 3a5v73x
  • Start date
Status
Not open for further replies.
BoraMurdar

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Marketing and commercialization of own products is nothing new, as AVs in the past used the good old line "100% detection", and they kinda didn't lie, as the product catches 2 malware out of 2 samples, but it's not either the truth as it was said in the obvious context that average user may think and/or can be fooled to think that this product will protect it 100% of the time.

Many companies use some kind of Machine Learning and call it Artificial Intelligence as it sounds cooler, and unfortunately, it sounds like you don't have to have intelligence or brains, as there is an artificial one that will make decisions for you. As far as I can tell, only a few big companies like Microsoft, Google (Alpha Lella Chess Zero), IBM can do a real business with this, as they have enough power to do it and enough data to feed the monster.

It's easy (it's not really easy, but extremely hard) to make an AI that will play chess, you teach it with rules, teach it basic and advanced reward/punishment motivation systems and let it play with itself to infinity.

Malware doesn't play by the rules, so using AI against it, is or will be our big achievement.
 
  • Like
Reactions: simmerskool, ForgottenSeer 72227, upnorth and 5 others
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,346
ticklemefeet said:
Sentinel one is good for scripts where Cylance is not but costs twice as much.
Click to expand...
Not exactly. One has a home version and the other is the enterprise version. When Cylance didn't have a home version as a home user you could buy it at the same price as sentinelone now. Cylance homeversion is not really comparable with the enterprise one as you don't have access to most settings to tighten security.
Ps sentinelone claims they are good with scripts but that is yet to be seen. They have other interesting stuff though and cover more attack vectors. Anw this a different product topic and don't want to mess it up so i will stop here.
 
Last edited:
  • Like
Reactions: simmerskool, AtlBo, vtqhtr413 and 1 other person
F

ForgottenSeer 58943

Thread author
RoboMan said:
I'm starting to believe I lost those 10 bucks to Umbra when I claimed that Cylance was gonna perform great. Lets stay tuned to @askalan reports who will take the lead on Cylance and luckily will prove my tests garbage.
Click to expand...

Your tests are great, and we appreciate it. This is precisely why I offered testers Cylance (on my dime) because we need to get to the bottom of things. I think this thread, and your testing illustrates the great value of this forum. Our discourse on Cylance is proving valuable, and none of us are 'wedded' to any particular solution and really just want to get past the marketing hype and fud with each product/service.
 
  • Like
Reactions: simmerskool, AtlBo, harlan4096 and 3 others
5

509322

Thread author
BoraMurdar said:
Marketing and commercialization of own products is nothing new, as AVs in the past used the good old line "100% detection", and they kinda didn't lie, as the product catches 2 malware out of 2 samples, but it's not either the truth as it was said in the obvious context that average user may think and/or can be fooled to think that this product will protect it 100% of the time.

Many companies use some kind of Machine Learning and call it Artificial Intelligence as it sounds cooler, and unfortunately, it sounds like you don't have to have intelligence or brains, as there is an artificial one that will make decisions for you. As far as I can tell, only a few big companies like Microsoft, Google (Alpha Lella Chess Zero), IBM can do a real business with this, as they have enough power to do it and enough data to feed the monster.

It's easy (it's not really easy, but extremely hard) to make an AI that will play chess, you teach it with rules, teach it basic and advanced reward/punishment motivation systems and let it play with itself to infinity.

Malware doesn't play by the rules, so using AI against it, is or will be our big achievement.
Click to expand...

There is no such thing as "Truth in Advertising." Unfortunately. Almost everything is an embellishment. I am a harsh critic of our own marketing materials. I see statements, while technically true, but there are exceptions and the exceptions aren't mentioned. And I don't like grey language that has layers of meaning... that can be interpreted in different ways by different people. I suppose it would be too much to hand a person a 10 page marketing brochure that lists all the caveats, corner cases to what is promoted, and describes stuff in-detail... instead of a single page one. The thing about the one page is that it works, but for the 10 pager by the beginning of the second page you've lost the person. Anyway, that's just a few issues with marketing that most people don't stop to think about.

However, the thing that is pertinent here is that Cylance has been both extremely aggressive and defensive of their marketing. It's tour and the methods used in it were, well, how is a diplomatic way to put it... underhanded ? Sohpos is on record as just calling Cylance a pack of liars. There's a lot of folks in the industry that agree with Sophos. It's points were valid. And then during the tour and afterwards, making extraordinary efforts to quash objections about the exceptions that weren't mentioned - such as disabling competitor settings or using non-malicious malware as samples - or, more often, arguing that the industry and testing is flawed, that Cylance is unfairly persecuted because there are those set against it, that it is being violated because people just don't understand or are creating falsehoods about the product. Everything and everyone is the problem except Cylance. Sounds just like Webroot (mostly fanboys) and some other products that I know of (mostly developers). And that is where I think people, like myself, have problems with Cylance - problems with the organization... or more specifically, the people running it - as opposed to the product itself.
 
Last edited by a moderator:
  • Like
Reactions: simmerskool, FleischmannTV, harlan4096 and 2 others
A

artek

Level 5
Verified
May 23, 2014
236
Lockdown said:
There is no such thing as "Truth in Advertising." Unfortunately. Almost everything is an embellishment. I am a harsh critic of our own marketing materials. I see statements, while technically true, but there are exceptions and the exceptions aren't mentioned. And I don't like grey language that has layers of meaning... that can be interpreted in different ways by different people. I suppose it would be too much to hand a person a 10 page marketing brochure that lists all the caveats, corner cases to what is promoted, and describes stuff in-detail... instead of a single page one. The thing about the one page is that it works, but for the 10 pager by the beginning of the second page you've lost the person. Anyway, that's just a few issues with marketing that most people don't stop to think about.

However, the thing that is pertinent here is that Cylance has been both extremely aggressive and defensive of their marketing. It's tour and the methods used in it were, well, how is a diplomatic way to put it... underhanded ? Sohpos is on record as just calling Cylance a pack of liars. There's a lot of folks in the industry that agree with Sophos. It's points were valid. And then during the tour and afterwards, making extraordinary efforts to quash objections about the exceptions that weren't mentioned - such as disabling competitor settings or using non-malicious malware as samples - or, more often, arguing that the industry and testing is flawed, that Cylance is unfairly persecuted because there are those set against it, that it is being violated because people just don't understand or are creating falsehoods about the product. Everything and everyone is the problem except Cylance. Sounds just like Webroot (mostly fanboys) and some other products that I know of (mostly developers). And that is where I think people, like myself, have problems with Cylance - problems with the organization... or more specifically, the people running it - as opposed to the product itself.
Click to expand...

I sympathize with them a bit. If you're an infosec startup - they've moved far beyond that point by now - And someone puts out one of those game'd comparatives from an AV-Testing site, there's not a lot of information out there about your product. It could lead to the death of company. I would be telling people the same thing: test the product yourself. Not that the unbelievable tour wasn't a tad shady. But I also feel that putting your product out there for people in the crowd to bring samples to try and bypass is a bit better than paying for one of those biased product comparison pieces on major testing sites.
 
  • Like
Reactions: simmerskool, AtlBo, vtqhtr413 and 1 other person
5

509322

Thread author
artek said:
I sympathize with them a bit. If you're an infosec startup - they've moved far beyond that point by now - And someone puts out one of those game'd comparatives from an AV-Testing site, there's not a lot of information out there about your product. It could lead to the death of company. I would be telling people the same thing: test the product yourself. Not that the unbelievable tour wasn't a tad shady. But I also feel that putting your product out there for people in the crowd to bring samples to try and bypass is a bit better than paying for one of those biased product comparison pieces on major testing sites.
Click to expand...

"Poor" or "Bad" test performance has never led to the demise of a company. Not that I know of. There are products out there that always perform poorly, but organizations and the buying public keep on purchasing the product(s). Not to mention that there are products out there that have little to no documented test history and the same applies - organizations and people keep buying the product.

Sure, AV test lab results are marketing, but they don't have the kind of influence to bring down a company's house. Afterall, the company can simply stop participating - and still - their product will sell. Webroot and G DATA are examples.

Their tour was a lot more than just shady. And therefore, the backlash position that some take against it is not a technical one, but instead one based upon principle.
 
Last edited by a moderator:
  • Like
Reactions: simmerskool, AtlBo, vtqhtr413 and 1 other person
A

artek

Level 5
Verified
May 23, 2014
236
Lockdown said:
"Poor" or "Bad" test performance has never led to the demise of a company. Not that I know of. There are products out there that always perform poorly, but organizations and the buying public keep on purchasing the product(s). Not to mention that there are products out there that have little to no documented test history and the same applies - organizations and people keep buying the product.

Sure, AV test lab results are marketing, but they don't have the kind of influence to bring down a company's house. Afterall, the company can simply stop participating - and still - their product will sell. Webroot and G DATA are examples.

Their tour was a lot more than just shady. And therefore, the backlash position that some take against it is not a technical one, but instead one based upon principle.
Click to expand...


Maybe death of a company is a little extreme. But Webroot and GDATA weren't brand new, and I think that a poorly designed comparative could really hurt a new company.
 
  • Like
Reactions: simmerskool, AtlBo and vtqhtr413
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
off-topic
people criticize me testing products with syshardener
here is an example of Sophos Home premium with fully tweaked syshardener (almost everything was checked, identical to avast)
syshardener couldn't save sophos from an infected status because it missed 1 malware (.exe)

https://malwaretips.com/threads/13-08-2018-19.85938/post-756902
 
  • Like
Reactions: Gandalf_The_Grey, simmerskool, Sunshine-boy and 7 others
D

Deleted Member 3a5v73x

Thread author
Well.. I won't give any spoilers for recently posted pack (thanks to @silversurfer ), and let's wait for official MH tester results, but imo it's ride to death to use just Cylance Smart AV alone.. system will most likely end up infected after every test and that's understandable that they protect only from PE's, but today's @RoboMan's test is simple proof that it can't protect against all PE's. I vote for SysHardener to be added together with it in MH tests.
 
  • Like
Reactions: simmerskool, AtlBo, vtqhtr413 and 2 others
F

ForgottenSeer 58943

Thread author
Evjl's Rain said:
off-topic
people criticize me testing products with syshardener
here is an example of Sophos Home premium with fully tweaked syshardener (almost everything was checked, identical to avast)
syshardener couldn't save sophos from an infected status because it missed 1 malware (.exe)

https://malwaretips.com/threads/13-08-2018-19.85938/post-756902
Click to expand...

That pack is brutalizing everything. But it's time sensitive as the pack is being submitted so any results after a couple hours are probably jaded due to submissions. I'd remind people - some of SHP's stronger assets aren't utilized in the test. I suspect it likely SHP would snag that with their web filtration, heuristic traffic evaluation and new file reputation on download. (My favorite protection category)

As I said day one - Cylance alone as the sole solution is probably not all that good of an idea. I believe it's a nice solution but only when paired up. What is surprising is it's missing EXE's it should clearly have known as modified/untrusted. I am reaching out to a well known and trusted expert in that field and getting his thoughts on that. (non-Cylance guy) I have a suspicion as to why it missed something, and it's NOT flawed testing.
 
  • Like
Reactions: simmerskool, AtlBo, vtqhtr413 and 2 others
A

artek

Level 5
Verified
May 23, 2014
236
"(I could test only seven because of the restart)"

Wait, so static scan detects 7/19, which leaves 12 files left. And out of those 12 files you were only able to to test 7 further. So there are 5 more files that could have potentially been detected, but are still being counted as misses in your results?

Am I reading this wrong?
 
  • Like
Reactions: AtlBo, vtqhtr413, upnorth and 2 others
Status
Not open for further replies.

Similar threads

I3rYcE
    • Like
New Update Quick Heal V24
Replies
0
Views
364
Other security for Windows, Mac, Linux
I3rYcE
I3rYcE
Bot
    • Like
    • +Reputation
Hot Take From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks
Replies
0
Views
182
General Security Discussions
Bot
Bot
Brownie2019
    • Like
On Sale! AVG Ultimate 1PC,1Yr, $ 10,92
Replies
0
Views
213
Discounts and Deals
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top