Forget signatures for malware detection. SparkCognition says AI is 99% effective

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
If you have more false postives you will detect a lot more malware too.
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Better not have any false positives and in the meantime not getting infected. This should be the goal, not accepting false positives.
I fully agree with this, security products have raised the detection range trying to avoid something can escape, but the number of false positives is not synonymous of quality for a product.
 

katharn

Level 1
Apr 23, 2017
14
Cylance Protect here isn't generally accepted due to various reasons, particularly its claims and sales strategy. :)
ahh i see. i really have my doubts on cylance :/ seen a few articles calling them out on some of their bs
 
  • Like
Reactions: XhenEd

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
DeepArmor produces lots and lots of FPs.
Yes, it does and it will, unless it matures enough. Still there will be some scope of FPs since it's an ML trained product.

When I installed 'ezvid' (free) recently for recording Windows screen, it was detected with a 100% confidence. Though I allowed, I found that the app kindof forces some unrelated downloads onto your computer during installation. That's it. And then it does its work. It's actually a highly downloaded app.
Here we had an executable that was preparing to do such uncalled stuffs and it showed a full confidence. That doesn't mean it was exactly a malware. But it was fishy for sure according to DeepArmor. (Another nice thing I find is that it provides an 'allow' option on detection unlike Zemana, BD, ...)

Users can somehow benefit from such alerts. I think that it is great for some classes of users who will find the 'threat confidence' intuitive and then make their own judgements, be it via extra analysis of the alerted file, directly blocking it or creating an exception when you're sure that its a good one.
And some of the quickest decisions we can make are for some well known apps. We know that an XYZ app does some critical activities on Windows. And if an alert is raised for the same executable, we know what it 'can be' about (except that it's a spoof/ stolen/ rogue file....exceptions are always there right)!
 

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...

I agree that's why I already said you shouldn't use only AI but a combination of different detection methods, because all of them have their pros and cons. That's why I hate these companies saying signatures are outdated and that AI is perfect. But I understand it's their marketing strategy and many fall for it.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
SparkCognition team should also take seriously on the problematic scripts and other fileless attacks which easily bypassed including AI due to nature of quick obfuscation source codes.

Nevertheless, so far effective on the general executable attacks.

Still Ai is a sensitive component that will undergone different learning to ensure least mistakes will happen.
 
  • Like
Reactions: XhenEd

Peter2150

Level 7
Verified
Oct 24, 2015
280
Yawn. This is another fancy attempt that won't be effected. Anything AI can learn can be defeated. The problem as always is people. One of my favorite applications is No Virus Thanks's Exe Radar Pro. It will effectively stop everything. It's weakest link is the user. But that can be solved easily. Simply set the password to a strong password, and then apply it in all the places you can. User won't be able to cause any trouble. None of AI glitz.
 
  • Like
Reactions: XhenEd

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top