There have been many tests over the past few years. The product is not new. It is the same CylancePROTECT as has been carefully tested and reviewed many times. The only difference are the graphics and Cylance doesn't want users having access to the settings. The default settings are probably less secure than the enterprise version. Because home users are "users that want to use stuff." So, I am assuming, Cylance will oblige them and make the settings block a lot less - because Cylance doesn't want to hear complaints from home users "Hey... Cylance is blocking stuff."
- Status
There have been many tests over the past few years. The product is not new. It is the same CylancePROTECT as has been carefully tested and reviewed many times. The only difference are the graphics and Cylance doesn't want users having access to the settings. The default settings are probably less secure than the enterprise version. Because home users are "users that want to use stuff." So, I am assuming, Cylance will oblige them and make the settings block a lot less - because Cylance doesn't want to hear complaints from home users "Hey... Cylance is blocking stuff."
- Nov 19, 2014
- 2,350
The testing done here usually benefits signature products as the malware are old. Cylance, in that case, doesn't benefit from age. What i am saying is not that the product is perfect but if it's hitting numbers close to the other AV then it means it's a decent AV for home usage and a light one. I didn't talk about a one-step solution to get rid of malware or something as every application has advantages and disadvantages.
But now it is being shilled on MalwareTips. Then the next solution will be promoted. It's an endless cycle. The objection is not that it is specifically Cylance. The objection is that every few weeks a new AV\IS is being shilled as the latest and greatest - it becomes front and center. It's a revolving "What is best AV ?" The focus is always on "What is best AV ?" and people changing their softs daily. That's the point that some have been making.
Just a few weeks ago, the argument was that Cylance is a scion of the CIA. But now it is awesome. That is the kind of stuff that is objectionable.
People getting bent out of shape, not willing to accept what some of us are trying to say... that is proof that people are too emotionally involved in this stuff.
I don't care what people use. They should use whatever makes them happy.
Last edited by a moderator:
This goes back many years @ wilders. They how ever not allowed any AV v AV there. Except here it is AV v AV v AV and maybe even an extra AV v AV for good measure. So unless the ADMIN stops allowing it like wilders did, ii will go on forever.
It generates site traffic so it will never be put to an end. But at the same time it causes this persistent drama on MT.
Re-make of the Cylance thread was not to promote it again. It just seemed logic to have a thread open where people could continue to share experience with it and discuss the product.
At least they are offering it for half the price per year now. Reason I stopped using it was 60 bucks was a bit much and between Appguard, Voodooshield and Shadow defender, Fort Knox, I am pretty good to go with overkill. Unless Cylance tells home users they need to compliment their AV with something else to block scripts, they won't know.
Some of these AI solutions may not be ready to perform as solo artists yet and need to run along side traditional solutions or next generation type firewall appliances, as ForgottenSeer 58943 suggests, but they are the next big thing, they have to be.
With the advent of AI based malware traditional signature based solutions are not going to stand much of a chance due to the speed at which they can/will mutate.
As such I think incorporating an strong AI solution in to one security configuration will become a necessity sooner rather than later.
At first I didn't even realize Avast was being tested with tweaked settings and ginned up with Syshardener. I wonder how many other people didn't notice? It finally dawned upon me what was going on when I saw Avast performing uncharacteristically great. So my question is - testing a tweaked and ginned up configuration against default ones - isn't that just a bit misleading? IMO it should have it's own category.
As of right now on that pack, Cylance is the second best performer assuming you ignore the ginned Avast (which you should).
As of right now on that pack, Cylance is the second best performer assuming you ignore the ginned Avast (which you should).
These days have basically arrived with the rapid morphology of malware now. Traditional vendors will be left behind soon. Fortinet knows they're behind the curve. 6.0 and the Fabric is mostly marketing hype. FortiSandbox will now be default on every Fortigate, regardless of how high or low end the device is. But FortiSandbox isn't a panacea (yet), and probably will be used to morph into an AI/ML solution next year. Watchguard was way behind, but licensed out Cylance for gateway realtime scanning. Sophos XG w/Sandstorm is pretty good and once InterceptX gets tossed onto the gateway it will be better. PfSense is dead. Untangle is way behind but recently added realtime VT scanning on all downloads which was a stop-gap measure. Gryphon Router is the best (and only) AI you'll find for home routers right now.
As for endpoints - any of them not pushing for with AI/ML solutions or adjunct technologies will be left in the dust. Unfortunately, a huge number appear to not even have solutions in the pipe, others are struggling, yet some have solutions already deployed. Over the next few years I think it will be a question of if a product has AI/ML or not on whether or not it's fully usable given the threat landscape we're projecting.
- Mar 13, 2016
- 1,298
@ Lockdown I should have been more specific my remark is on the second sentence (not the Eula part)
As far as I know Gates sort of bought QDOS (Quick and Dirty Operating System) and copied OS/2 for Windows, so technically they did not create the monster, they sort of fed it with code to mature. Windows 10 seems to mature very well from a security point of view (when compared to third party security). For the coming years I don't think people will be inclined to stop using Windows. So I wish you luck with the monster.
I don't know whether something got lost in translation, because (l am watching a movie at the same time
) the hero in the movie just called his car a monster (but with pride and adoration for his fine master piece of technique), so when you did intend to say Windows 10 is a monster compared to (for instance) Windows 95, security wise, I agree fully.
Lock Don said:
As far as I know Gates sort of bought QDOS (Quick and Dirty Operating System) and copied OS/2 for Windows, so technically they did not create the monster, they sort of fed it with code to mature. Windows 10 seems to mature very well from a security point of view (when compared to third party security). For the coming years I don't think people will be inclined to stop using Windows. So I wish you luck with the monster.
I don't know whether something got lost in translation, because (l am watching a movie at the same time
) the hero in the movie just called his car a monster (but with pride and adoration for his fine master piece of technique), so when you did intend to say Windows 10 is a monster compared to (for instance) Windows 95, security wise, I agree fully.
Last edited:
Ai has been around for a long time. It is marketing. "Next Gen" is nothing but a marketing gimmick. All the major AVs have been using ML for decades. What one calls ML another calls Ai and vice versa.
@ Lockdown I should have been more specific my remark is on the second sentence (not the Eula part)
As far as I know Gates sort of bought QDOS (Quick and Dirty Operating System) and copied OS/2 for Windows, so technically they did not create the monster, they sort of fed it with code to mature. Windows 10 seems to mature very well from a security point of view (when compared to third party security). For the coming years I don't think people will be inclined to stop using Windows. So I wish you luck with the monster.
I don't know whether something got lost in translation, because (l am watching a movie at the same time
I could care less what people use.
Microsoft is responsible for the mess that is Windows. And it isn't limited to security. The fragmented user-base is their creation. The packing of unneeded attack surface, because it wants to sell only a general OS is their doing. An essentially borked Windows Update is their doing. I could go on and on, but the web is a repository of all the issues that IT Pros as well as a significant portion of end-users abhor about Windows. All one need do is to look.
I have seen where Microsoft unilaterally makes a decision and it costs a company literally millions of dollars. IT Pros are not enamored with Windows. They are essentially "stuck" with it. But most I know, "would throw it out the window"... no pun intended. Maybe "flush it down the toilet" is more apt.
Windows 10 security isn't that great. Independent tests have shown time and again that people are better off using a 3rd-party security soft. By "people" I mean people who don't spend months researching Windows security and tweak it. And that means virtually the entire population. The average Joe is better off on Chromebook.
Last edited by a moderator:
To be honest, almost all of the stuff out there is marketing gimmick with FUD used to sell. Virtually every Fortinet offering is largely a gimmick right now.. 'Fabric this or that', 'Pane of Glass', blah blah blah.. Sandboxes are old, we've had Sandboxing appliances for a decade now. Cloud-Based SB with the heavy lifting on Fortinet serves is newer, but still basically the same technology.
The newest thing I have seen lately is AI/ML based IPS/IDS systems. Datasets are built from how your network functions in normal situations and anomalies are recognized in realtime with device level quarantine issuance as the need arises. That's new. Gryphon is the first with it out for the home, but there are enterprise APT offerings that utilize similar (although not identical) technology. Signature based IPS/IDS is dead... Put a nail in it, it's dead. It's too slow to adapt, and by that time a network is already compromised and it works only off known variables. AI/ML is what's needed for IPS/IDS.
As for desktops/endpoints.. AI/ML goes way back. Heck, Trend had it in their TDS about 10 years ago.
Cylance is great for spotting new, morphed/modified crap though, that much I can tell you. As part of an integral security layout I think it's actually really really cool. It's pretty hard to code something to squeak past a product designed to spot every anomaly at the outset.
- Apr 1, 2017
- 1,782
ForgottenSeer 58943 you are Right but you cant pair paid products with SysHardener in the MT HUB because you paid for it! it should protect alone.
Avast BB blocks all Exe malware but its weak against scripts so its okay if you add smth like SysHardener to it(they are both free).
Now tell me why would someone pay for Cylance if Avast free+syshanrder protect you better?
You can achieve the same results with Kaspersky cloud free+smart screen+syshanrer!but all for free.
Cylance also doesn't have smth like system watcher in Kaspersky(while it's paid)! you paid 30$ just for a local Ai(smth like VoodooShield Ai but better) no more no less!
Avast BB blocks all Exe malware but its weak against scripts so its okay if you add smth like SysHardener to it(they are both free).
Now tell me why would someone pay for Cylance if Avast free+syshanrder protect you better?
You can achieve the same results with Kaspersky cloud free+smart screen+syshanrer!but all for free.
Cylance also doesn't have smth like system watcher in Kaspersky(while it's paid)! you paid 30$ just for a local Ai(smth like VoodooShield Ai but better) no more no less!
To be honest, almost all of the stuff out there is marketing gimmick with FUD used to sell. Virtually every Fortinet offering is largely a gimmick right now.. 'Fabric this or that', 'Pane of Glass', blah blah blah.. Sandboxes are old, we've had Sandboxing appliances for a decade now. Cloud-Based SB with the heavy lifting on Fortinet serves is newer, but still basically the same technology.
The newest thing I have seen lately is AI/ML based IPS/IDS systems. Datasets are built from how your network functions in normal situations and anomalies are recognized in realtime with device level quarantine issuance as the need arises. That's new. Gryphon is the first with it out for the home, but there are enterprise APT offerings that utilize similar (although not identical) technology. Signature based IPS/IDS is dead... Put a nail in it, it's dead. It's too slow to adapt, and by that time a network is already compromised and it works only off known variables. AI/ML is what's needed for IPS/IDS.
As for desktops/endpoints.. AI/ML goes way back. Heck, Trend had it in their TDS about 10 years ago.
Cylance is great for spotting new, morphed/modified crap though, that much I can tell you. As part of an integral security layout I think it's actually really really cool. It's pretty hard to code something to squeak past a product designed to spot every anomaly at the outset.
You understand. I understand. But most people here don't understand. They buy into Cylance's Ai marketing and think it is some new cyborg security solution - when it is the furthest thing from that.
I am extremely close to CMU's Software Institute. So I get to see a lot of neat stuff. And, based upon what people say there, truly autonomous Ai-based security is many lifetimes away.
I sort of feel that AI/ML security is like Autonomous for vehicles.
I predicted years ago that it would be 'decades' for 100% autonomous vehicles perfected to be truly autonomous. The MORE LIKELY outcome from all of this is that those autonomous features would be trimmed and utilized as assistance technology. Thus far, that's what is coming of it. Long highway trips it will reduce fatigue and keep you centered but it's going to ask for your help fairly regularly..
Cylance is in no way autonomous, I've already had to whitelist 2 steam games today. One Russian, one Asian, because both exhibited 'malware like' traits. But they aren't. Hence, it's not autonomous and likely will never be - it'll need your input here and there.
However - AI/ML IPS/IDS is actually already fully autonomous. The reason is, there are long accepted and established protocols and parameters for how each network operates. IDS/IPS really only has a limited amount of points to examine and deal with. It's so effective that there isn't any whitelisting on the AI/ML IDS/IPS systems I've seen because their FP's are zero. With endpoints it is MUCH harder as you already know, the variables and potentials are monstrous.
--allow me to elaborate. When you setup devices on Gryphon, you tell it what kind of device it is. (Camera, Sprinkler System, Computer, Tablet, Smart Plug, whatever) Gryphon engineers examined the network traffic on hundreds of different brands of cameras and established a dataset using those, which amounts to around 4 different ports that should be used for 99% of every camera. (80, 443, 53, 123) Further, there is an established PPS (Packets Per Second) each device should function in a range of - for example 400 PPS for 99% of every camera. Gryphon watches the camera, it knows the 4 ports, any port use variance from the 4 would quarantine it. Any PPS higher than 400 may indicate it's been botnet controlled and would quarantine it. Furthermore, it's smart enough to know 'some' brands might have variables not factored, so it overcomes this by observing normal packet flow on your network and alerting to rampant variances outside of the normal operations.
Gryphon has my printer quarantined right now for continually opening ports 22, 23, 80. Gryphon says to close the ports on it, upgrade the printer firmware otherwise it's going to keep it quarantined. Fair enough! Also since my printer doesn't need WAN connectivity, I'm just leaving Gryphon to manage it's misbehavior.
I predicted years ago that it would be 'decades' for 100% autonomous vehicles perfected to be truly autonomous. The MORE LIKELY outcome from all of this is that those autonomous features would be trimmed and utilized as assistance technology. Thus far, that's what is coming of it. Long highway trips it will reduce fatigue and keep you centered but it's going to ask for your help fairly regularly..
Cylance is in no way autonomous, I've already had to whitelist 2 steam games today. One Russian, one Asian, because both exhibited 'malware like' traits. But they aren't. Hence, it's not autonomous and likely will never be - it'll need your input here and there.
However - AI/ML IPS/IDS is actually already fully autonomous. The reason is, there are long accepted and established protocols and parameters for how each network operates. IDS/IPS really only has a limited amount of points to examine and deal with. It's so effective that there isn't any whitelisting on the AI/ML IDS/IPS systems I've seen because their FP's are zero. With endpoints it is MUCH harder as you already know, the variables and potentials are monstrous.
--allow me to elaborate. When you setup devices on Gryphon, you tell it what kind of device it is. (Camera, Sprinkler System, Computer, Tablet, Smart Plug, whatever) Gryphon engineers examined the network traffic on hundreds of different brands of cameras and established a dataset using those, which amounts to around 4 different ports that should be used for 99% of every camera. (80, 443, 53, 123) Further, there is an established PPS (Packets Per Second) each device should function in a range of - for example 400 PPS for 99% of every camera. Gryphon watches the camera, it knows the 4 ports, any port use variance from the 4 would quarantine it. Any PPS higher than 400 may indicate it's been botnet controlled and would quarantine it. Furthermore, it's smart enough to know 'some' brands might have variables not factored, so it overcomes this by observing normal packet flow on your network and alerting to rampant variances outside of the normal operations.
Gryphon has my printer quarantined right now for continually opening ports 22, 23, 80. Gryphon says to close the ports on it, upgrade the printer firmware otherwise it's going to keep it quarantined. Fair enough! Also since my printer doesn't need WAN connectivity, I'm just leaving Gryphon to manage it's misbehavior.
Last edited by a moderator:
I think Stephen Hawking was right. Ai will kill us all. Any true sentient Ai being in its right mind will set out to kill all humans.
Defender too was tweaked from what a typical user would get out-of-the-box.
I have already explained this once, but shall again. The hub methodology was never designed to pit product vs product, it is set up to show users how the products work as far as seeing modules perform and work with other modules, ect, and to submit missed samples to vendors for analysis as well as bug reports from issues found along the way. There used to be set a default only rule, although this not being the case right now, really does not matter. Dont judge products from HUB tests.... Complete testing is not allowed via forum staff, meaning URL testing/ mark of the web/filters as it was deemed too dangerous and they are acting responsibly here with the handled malware now that it is locked down and only accessed by users allowed into testing, and the more dangerous stuff as stated, is not allowed at all.
So judging how any product performs in the HUB is just silly, it is a basic methodology a minimum base.
- Status
Similar threads
