It's literally what the article is describing - a strong bias towards a specific game. That's not to say there's not other files that won't fall under the same category. But if there's no evidence of something like that out there, it's a hell of an asumption to make. Publications often overblow the severity of a problem to get clicks. Calling this a monumental problem that is difficult to fix is disingenuous when the only thing Cylance needs to do to prevent these false negatives is to tell their algorithms to disregard that specific string that they've been using as a whitelisting mechanism.Nah.... that's just the way the industry and process work.
Vendors don't just whitelist a few games and / or other random files.
White lists are vast.
White lists in six-figures can be purchased from established vendors.
This article alludes to the enormity of the problem.
And don't misunderstand me.... I'm a Cylance fan. I use it and like it. The model is great. It works. They just need to go in and fix the algorithm -- which is doable but can be an arduous task.
Here's the quote again:
"Combining an analysis of the feature extraction process, its heavy reliance on strings, and its strong bias for this specific game, we are capable of crafting a simple and rather amusing bypass. Namely, by appending a selected list of strings to a malicious file, we are capable of changing its score significantly, avoiding detection."
Here's another quote:
"By taking STRINGS from an online gaming program and APPENDING them to malicious files, researchers were able to trick Cylance’s AI-based antivirus engine into thinking programs like WannaCry and other malware are benign."
If you wanted to call it lazy whitelisting I'd agree with you. But hard to fix? Get outa here.