Forget signatures for malware detection. SparkCognition says AI is 99% effective

Dani Santos

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Most big companies (Avast,Kaspersky, ect) use some sort of Machine Learning ("AI") when scanning for new malware. They just don't rely 100% on it like this new products that market "Artificial intelligence" as a "perfect god" that will remove all malware from the world. That's just their marketing plays to put themselves on the market. Signature will never be obsolete., because there is no best between Signatures/heuristics(Static analysis), behavioral analysis and Machine Learning. All techniques of detecting malware will always have their pros and cons.
 
  • Like
Reactions: inuyasha, Der.Reisende, Parsh and 10 others
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
I'm less interested in these "next-gen" AV vendors with their Second Coming marketing drivel and more interested in what happens when blackhats start integrating machine learning into their repertoire.
 
  • Like
Reactions: Parsh, malis2007 and XhenEd
Cohen

Cohen

Level 7
Verified
Well-known
May 22, 2016
328
For the average person who doesn't download very much and doesn't stray too far from the websites, they're comfortable on (Facebook, Youtube, Reddit, etc.), I'd say using signatures for malware detection will keep them safe.
For people who are more curious about malware and the internet or companies, things such as Default-Deny products and Emsisoft's Behaviour Blocker are possibly more necessary to keep their system safe.
 
  • Like
Reactions: frogboy, XhenEd and _CyberGhosT_
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
With all my respect for the machine learning, and for its great importance in cybersecurity, I think the most effective approach is multi-layered.
The antivirus should use signatures, behavioral analysis, sandbox, and yes, even machine learning.
 
  • Like
Reactions: Der.Reisende, Parsh, Solarquest and 4 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
_CyberGhosT_ said:
You have said this many times, and again, I will say:
It does at first as it is learning, but as with VoodooShield, the FP's go away.
As an actual user I can tell you I don't hear anything FP related from it these days.
I did for the first "approximately" 90 days maybe and it was intermitten not constant FP's.
I compare it to the FP's of VS because it was a similar pattern, and duration but as we know they
are two very different software. Just wanted to make myself very clear ;)
Click to expand...
You are right, the FPs do go away. They do not interfere with a good user experience. I only mentioned FPs in order to put this product's impressively high detection rate into proper perspective.
 
  • Like
Reactions: Parsh, Winter Soldier, _CyberGhosT_ and 2 others
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Winter Soldier said:
With all my respect for the machine learning, and for its great importance in cybersecurity, I think the most effective approach is multi-layered.
The antivirus should use signatures, behavioral analysis, sandbox, and yes, even machine learning.
Click to expand...

Agreed 100%. Malware is way too unpredictable. It's like a battlefield, where you need infantry, marines, the air force, etc. to win a war, which we call security layers. It's complicated with the beginner user in mind though, who doesn't have the infrastructure, resources or knowledge to think like this.
 
Last edited:
  • Like
Reactions: Winter Soldier, Der.Reisende, Solarquest and 2 others
Dani Santos

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Solarquest said:
Just a little comment from my side...When I check new samples on VT most of the time these are first and many times only detected by next-gen AV that (also) use AI...So somehow, sometimes AI works.;)
Click to expand...

If you have more false postives you will detect a lot more malware too.
 
  • Like
Reactions: XhenEd and erreale
P

Peter2150

Level 7
Verified
Oct 24, 2015
280
Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.
 
  • Like
Reactions: XhenEd
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Peter2150 said:
Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.
Click to expand...
sure you can get 100% with a hermetically sealed offline computer.
 
  • Like
Reactions: Parsh and XhenEd
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
mekelek said:
you can't have the whole cake unfortunately.
Click to expand...

Questionable. Depends on what cake are you willing to accept for dinner.

Peter2150 said:
Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.
Click to expand...

Agreed. But the weak point will always be the space between the keyboard and the chair, unless that space is filled with void. So you have to get ready for disaster mitigation as best as you can...
 
  • Like
Reactions: Parsh, XhenEd and frogboy
A

acemnr suvwxz

shmu26 said:
DeepArmor produces lots and lots of FPs.
Click to expand...
Yes, it produces lots of FPs. Many programs get 50% & above score. For average users, the score is nothing & kinda FPs or detection. For knowledgeable users, the score could be helpful to take action or further analyse the sample.
 
  • Like
Reactions: Parsh, XhenEd and frogboy
P

Peter2150

Level 7
Verified
Oct 24, 2015
280
mekelek said:
sure you can get 100% with a hermetically sealed offline computer.
Click to expand...

Nope it is actually possible. But it's not detection it's preventing anything getting on in the first place. Also it's not an install and forget it solution. It takes a bit of work and also care and feeding.
 
  • Like
Reactions: XhenEd
P

Peter2150

Level 7
Verified
Oct 24, 2015
280
Amelith Nargothrond said:
.....


Agreed. But the weak point will always be the space between the keyboard and the chair, unless that space is filled with void. So you have to get ready for disaster mitigation as best as you can...
Click to expand...

Absolutely. But that is why I have some overlap in my setup. Some of it is duplication, but I like to look at it as a 2nd chance to get it right. Also I have Macrium running hourly incrementals. So I am never far in time from "mitigation"
 
  • Like
Reactions: XhenEd
katharn

katharn

Level 1
Apr 23, 2017
14
quality over quantity. my company is carrying a few of these next gen av's but theres a big problem with most of them. they eat the CPU. mostly occupy it like 80 to 100%.

and it really bogs down the system.... and coming from a place that still has people using win xp.....

has anyone here used cylance before? seen a few demo's and it looks to be quite good
 
  • Like
Reactions: XhenEd and Handsome Recluse
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
Malware News Updated FakeCall Malware Targets Mobile Devices with Vishing
Replies
1
Views
891
Security News
lokamoka820
lokamoka820
lokamoka820
    • Like
    • +Reputation
Malware News Android malware 'Necro' infects 11 million devices via Google Play
Replies
1
Views
1,583
Security News
i7ii
i7ii
[correlate]
    • Like
    • +Reputation
Security News Ransomware gang deploys new malware to kill security software
Replies
0
Views
1,576
Security News
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top