_CyberGhosT_

Level 53
Verified
Trusted
Content Creator
Hello everyone, I would like to know which antivirus that uses machine learning,
and also the advantages and disadvantages (if any) of this technology, thanks in advance :)
Greetings @Claudiano
The only one I can give a nod to and one I am familiar with, is DeepArmor.
A lot of them "claim" to use or have the ability seeing that is the current bandwagon to jump on, but I can't
say for sure seeing I don't utilize most of the stuff out there.
I have used DeepArmor for quite some time and can tell you they have a pretty good product.
I am sure there may be other legitimate practitioners, but I only have experience with DeepArmor.
Good Luck and great thread ;)
 
Last edited:

XhenEd

Level 27
Verified
Trusted
Content Creator
Symantec, Kaspersky, Microsoft, VoodooAI (VoodooShield), Avira, etc.
Symantec & Kaspersky use ML (or AI or anything) in endpoint products (bases on information on their sites).
I don't see any advantages (for now)
How do you think they keep up with their detection of hundreds of thousands of malware everyday through signature? All through manual categorization, meaning by people? ML does most of the job, while experts address special cases. That's one of the advantages of ML. :D

Those companies have been employing Machine Learning for many years already for their home and enterprise products. :)

As I said, most, if not all, AV companies have already been employing ML for their AVs. Some had made big news about it, while some didn't. :)
 

Faybert

Level 22
Verified
Malware Hunter
Many thanks to all for the attention, to finish, I wanted everyone's opinion about McAfee AntiVirus Plus 2017, I read good things about it (mainly this new version) I was drawn and I got a 1 year license, I am in doubt if I use Or not, I've never had experience with McAfee and I've never seen anyone testing this in Malware Hub, so I wanted to hear from you, things like it has behavioral blocker? Is it good against malware attacks of 0 days? Thank you :) '
Sorry my english, i'm brazilian and i use google translate :(
 

Evandro

Level 3
Many thanks to all for the attention, to finish, I wanted everyone's opinion about McAfee AntiVirus Plus 2017, I read good things about it (mainly this new version) I was drawn and I got a 1 year license, I am in doubt if I use Or not, I've never had experience with McAfee and I've never seen anyone testing this in Malware Hub, so I wanted to hear from you, things like it has behavioral blocker? Is it good against malware attacks of 0 days? Thank you :) '
Sorry my english, i'm brazilian and i use google translate :(
Cara conselho de amigo, vc vai jogar dinheiro no lixo! McAfee e um dos 5 piores! Baita encrenca...
 
  • Like
Reactions: Faybert and XhenEd

jamescv7

Level 61
Verified
Trusted
90% of major Antiviruses are already implemented machine learning and it usually run through internal component to gather information.

It depends on how AI became accurate to determine the information alone, although it will still rely on other sources like signatures, BB/HIPS and heuristics.
 

Winter Soldier

Level 25
Traditional AVs are using ML in addition to the signatures, so AV, in the first instance, checks the signatures, then the behavior and/or sandboxing and at the end, it uses ML engine. But generally it seems post - execution and not pre - execution approach.
Really, a good ML engine needs of millions of datapoints to be fully mature and effective.
I think traditional AV vendors are working in this direction, but they need an impressive number of samples to implement good ML algorithms.
 

Game Of Thrones

Level 5
Verified
Traditional AVs are using ML in addition to the signatures, so AV, in the first instance, checks the signatures, then the behavior and/or sandboxing and at the end, it uses ML engine. But generally it seems post - execution and not pre - execution approach.
Really, a good ML engine needs of millions of datapoints to be fully mature and effective.
I think traditional AV vendors are working in this direction, but they need an impressive number of samples to implement good ML algorithms.
so far the best implementation I see is Symantec, really powerful pre-execution, it changed the static detection of Symantec and brought them to the top 3
Symantec endpiont protection is one of the best out there, ML really changed their quality.
 

Winter Soldier

Level 25
I think all AV That have a capability of
heuristic detection or behavioral detection
Apply some sort of machine learning
I think ML technology has to be used in conjunction with other technologies because there is an actual problem.

A considerable part of the malware that is currently around, is represented by families with a large number of variants of the same malware.
Considering the high amount of sample, the model can actually “learn”; it acquires the ability to detect future threats (within certain limits, of course). In this case, therefore, the machine learning works well.

But it often happens that the family is made up of just some samples; sometimes, it can even count a single sample. This can be done, simply, in the case in which the malcoder is not worried about the AV detections: we suppose, for example, that his malware has been detected according to the specific malicious behavior and that the author of the code, does not want to counteract the action of the security solution, then decided to attack only the users that are using antivirus that does not have good malware detection based on the malicious behavior: in this case, it is very difficult to instruct a security model; the process of generalization is then impossible (and it represents the essence of machine learning). One or two samples of the malware, then, are not sufficient to be able to implement machine learning. In this case, it is much more efficient to proceed to the detection of the threat by using well tested methods: hash/signatures based and additional methodologies.
Another example of particular relevance is then made by the targeted attacks. The author of this attack is not going to spread new variants of the malware, but his goal is to fly under the radar.

So, my conclusion: it is absolutely reasonable using a variety of tools, to deal with the various situations that may arise. A multi-layered protection is certainly much more effective than a mono-layered protection; we can not certainly refuse to resort to the use of a truly effective solution only because it is something that, perhaps, “not following the fashion” of the moment.
 

DeepWeb

Level 24
Verified
New security companies like to advertise themselves as being the only one that have machine-learning and "next-gen" antiviruses. But, the truth is, if you go with one of the major antivirus companies, you will get machine-learning
a) through cloud analysis (server side)
b) through on-host (client side) heuristics/behavioral analysis
c) through updates to their engines that they trained on site

Follow the news on sites like MT and pay attention to antivirus/anti-malware that was able to detect recent 0day malware and ransomware right away. They just don't brag about it as much as those startups that think they invented something new.

All major security companies use a combination of signatures, machine-learning, on-host behavioral analysis and cloud analysis to give you the best detection rates so I would never turn off one component unless you are absolutely confident that you don't need it. :)

The Top 5 Myths of Next-Gen Endpoint Protection -
 
5

509322

AI and ML have been around for a long, long time. Today the terminology is nothing but a marketing gimmick for so-called "Next Gen" products. It's a "re-branding" marketing scheme to get people to pay a much higher price for old technology. The technology is essentially the same (probably incrementally better), but the scale is much larger.