Cylance Smart Antivirus

[Deleted Member 3a5v73x]

Cylance is offering the home version for free until November ("to protect political organization data") for U.S. citizens.

LOL... I know for sure there will be those that cry "Foul, foul ! Conspiracy. Political spying ! Spylance ! Spylance ! Government surveillance puppet !"

Could turn out to be a digital Watergate. LOL.

You mean by the time elections are going to "spy on users who they are voting for" to use Cylance AV for that time as citizen data gathering tool? Well, I don't personally believe it, but I am not living in the US so not sure how constitutional rights are there for you guys. @ForgottenSeer 58943 already confirmed together with hes lab guys that no telemetry is sent over and connections are entirely encrypted, so..

 

[509322]

You mean by the time elections are going to "spy on users who they are voting for" to use Cylance AV for that time as citizen data gathering tool? Well, I don't personally believe it, but I am not living in the US so not sure how constitutional rights are there for you guys. @ForgottenSeer 58943 already confirmed together with hes lab guys that no telemetry is sent over and connections are entirely encrypted, so..

I don't believe it either, but there are a lot of conspiracy theorists out there. They will accuse Cylance of being Spylance.

 

[ForgottenSeer 58943]

Cylance is offering the home version for free until November ("to protect political organization data") for U.S. citizens.

Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.

 

[SHvFl]

Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.

Isn't it still a flaw of the program though? If your application can't run properly it should alert you somehow.

PS nice promotion of their home product. They would care less about elections integrity.

 

[artek]

Isn't it still a flaw of the program though? If your application can't run properly it should alert you somehow.

PS nice promotion of their home product. They would care less about elections integrity.

It's not really something that would happen on a users computer. The user would have to have to have a very low-spec system. Spike the CPU usage to near 100% while simultaneously running multiple malware samples.

 

[SHvFl]

It's not really something that would happen on a users computer. The user would have to have to have a very low-spec system. Spike the CPU usage to near 100% while simultaneously running multiple malware samples.

Disagree. The application should handle it by either informing me of low system spec or find a way for their application to properly work. It's the home market and the vendor should know better than the user and try to inform him or protect him.

 

[artek]

Disagree. The application should handle it by either informing me of low system spec or find a way for their application to properly work. It's the home market and the vendor should know better than the user and try to inform him or protect him.

Perhaps you're right. The vendor should make considerations for home users that choose to misconfigure their testing virtual-machines.

 

[SHvFl]

Perhaps you're right. The vendor should make considerations for home users that choose to misconfigure their testing virtual-machines.

It's not about vm though mate. Lets say i am encoding at the same time and i get hit with multiple malware because i don't know what i am doing. At that moment my system is very low on recourses. Shouldn't i be informed somehow?

 

[ForgottenSeer 58943]

Isn't it still a flaw of the program though? If your application can't run properly it should alert you somehow.

No flaw at all. How many 'home' users will run Cylance on a 12 year old dual core machine with 2GB of ram and execute 20+ pieces of malware in 18 seconds? The answer is - zero. I work with virtualization all day, that's how I spotted the problem. Because it doesn't matter what application you have you can restrict resources enough to cause problems with anything, including Microsoft Office. AI/ML systems sort of want some resources to crunch the datasets.

You mean by the time elections are going to "spy on users who they are voting for" to use Cylance AV for that time as citizen data gathering tool? Well, I don't personally believe it, but I am not living in the US so not sure how constitutional rights are there for you guys. @ForgottenSeer 58943 already confirmed together with hes lab guys that no telemetry is sent over and connections are entirely encrypted, so..

Cylance is quiet. You can even toggle the cloud aspect of it OFF in the dashboard which makes it one of the most quiet AV's we've ever seen. End of story. If there was some mass conspiracy to manipulate the election, steal voter data, or spy then it would be the death knell for this company. Federal investigations, class action suits, shareholder revolts and more...

 

[artek]

It's not about vm though mate. Lets say i am encoding at the same time and i get hit with multiple malware because i don't know what i am doing. At that moment my system is very low on recourses. Shouldn't i be informed somehow?

You are being informed. If you read the guys test, the VM crashed. Cylance was still processing the files, and on a typical home user system, they would have been processed or quarantined eventually anyway.

Listen, how far do you want to take an unlikely scenario?

You have a home user that's rendering on a system with less that 1gb of ram, who is also not knowledgeable, and manages to download and run multiple different malware samples.

Here's another one: What if Cylance is in the process of restarting due to a software update, and the users system, immediately when the Cylance program reboots is struck by a malware infection that kills the Cylance services. Possible? Certainly. Likely? No.

There's a small possibility I could catch a brain-eating amoeba when I go swimming. Should I now never go in the water to avoid that?

 

[ForgottenSeer 69673]

I would like to put this on my sister's laptop but I think it might be using Vista. Do you know if it works on Vista?

Thanks

 

[artek]

I would like to put this on my sister's laptop but I think it might be using Vista. Do you know if it works on Vista?

Thanks

I don't think it does:

System requirements:

• Windows 7
• Windows 8 and 8.1
• Windows 10
• 2GB Memory
• 500 MB Available Disk Space

 

[In2an3_PpG]

I would like to put this on my sister's laptop but I think it might be using Vista. Do you know if it works on Vista?

Thanks

No it does not.

What are the Windows system requirements?

• Windows 7
• Windows 8 and 8.1
• Windows 10
• 2GB Memory
• 500 MB Available Disk Space

REQUIRES

• Microsoft .NET Framework 3.5 SP1
• Internet browser
• Internet connection to register product
• Local admin rights to install software

 

[AtlBo]

It's not about vm though mate. Lets say i am encoding at the same time and i get hit with multiple malware because i don't know what i am doing. At that moment my system is very low on recourses. Shouldn't i be informed somehow?

No matter what anyone says, if Cylance algorithms are good enough to survive the test of time, I believe this will end up being dealt with somehow. Not saying it's a common vulnerability for abuse, but efficacy can't be compromised with security solutions. Buffer overflows were dealt with back in the day, and this will be too. Kaspersky made rollback work, so I am sure Cylance could come up with some combination of spec requirements and a crash scenario reflex reboot and rollback during reboot or similar.

For me, the efficacy issue is not worth a long discussion over what constitutes tolerable risk imo. It simply will end up being handled in all likelihood in the same way numerous of the a-v companies have found themselves doing the same at one point or another...

 

[SHvFl]

You are being informed. If you read the guys test, the VM crashed. Cylance was still processing the files, and on a typical home user system, they would have been processed or quarantined eventually anyway.

Listen, how far do you want to take an unlikely scenario?

You have a home user that's rendering on a system with less that 1gb of ram, who is also not knowledgeable, and manages to download and run multiple different malware samples.

Here's another one: What if Cylance is in the process of restarting due to a software update, and the users system, immediately when the Cylance program reboots is struck by a malware infection that kills the Cylance services. Possible? Certainly. Likely? No.

There's a small possibility I could catch a brain-eating amoeba when I go swimming. Should I now never go in the water to avoid that?

The system doesn't have to be 1gb to not have recourses available when the malware hits. Now about yours and my awesome understanding of malware on restart i asked someone that knows so we can both learn. Your understand sadly is wrong.

Here's a better one: if Cylance was a good security solution, then it would be capable of updating any components critical to the security of my environment without compromising the security. Let's consider the scenario of the device drivers belonging to Cylance being updated. Now, obviously, the process creation filtering (and if they support normal real-time protection on the file system, such as for file write/read or others) is going to be filtered out from kernel-mode via callbacks (which would be the smart and documented thing to do). But wait... the device drivers need to be updated! Does this mean the system will be vulnerable? No. The smart move would be for the update to be handled on reboot, and thus you'd not be vulnerable whilst a device driver component of Cylance is being updated.



Let's consider the scenario of a real-time protection component based in user-mode and worked by the user-mode service under the SYSTEM account being updated (if this is valid for Cylance in question). Now, usually, the service of a security solution is going to be involved with the filtering procedures (and sometimes cloud integration) but it is not rare for the functionality for all of this to be contained within external libraries (e.g. Dynamic Link Libraries) which the user-mode service will load and make use of. In these scenarios, when the user-mode service receives a scan request, the smart move would be to keep the operation pending until the component being used by the user-mode service which has involvement with the scan operation has been re-loaded post-update, instead of just letting it through blindly because an update was going ahead. What if the actual image on disk of the user-mode service process needs to be updated? Smart move would be to do it on reboot, so the user won't be left vulnerable during that update. I'm not saying Cylance works in the way described above. I don't know how Cylance works because I haven't used it yet. I'm just reading to what others have said on this thread about it so far and am interested in it. But there we have it... an update doesn't necessarily have to leave the user vulnerable during the update procedure.

 

[artek]

What was it 19 malware samples in that test? The last 5 didn't run because the system crashed. So the user you're describing above would have to be rendering, or doing something that used enough system resources to almost hardlock the system, and then on top of that he would have to to run 14 malware samples one after the other.

 

[ForgottenSeer 69673]

Ok so since I get three lic's with this election offer, I installed it in my Win 10 Enterprise VM along with Kaspersky Cloud AV Free. Tomorrow I will grab some malware from testmyav and give it a run. I have 4 gig a RAM dedicated to the VM. That should be plenty.

 

[simmerskool]

It's not about vm though mate. Lets say i am encoding at the same time and i get hit with multiple malware because i don't know what i am doing. At that moment my system is very low on recourses. Shouldn't i be informed somehow?

windows has a resource monitor, I usually have mine open, but that's me.

 

[gin]

Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.

grab it for test

 

[AlanOstaszewski]

I wrote a subjective post out of anger, for which I apologize. At the first test in the HUB the system was locked by password by a sample and at the second test I didn't record the results correctly, so I didn't publish them. But the system was almost clean (except for remains).

I will learn from the mistakes, so I promise you better testing. Good night to all who go to bed in a few minutes.