Forget signatures for malware detection. SparkCognition says AI is 99% effective

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Most big companies (Avast,Kaspersky, ect) use some sort of Machine Learning ("AI") when scanning for new malware. They just don't rely 100% on it like this new products that market "Artificial intelligence" as a "perfect god" that will remove all malware from the world. That's just their marketing plays to put themselves on the market. Signature will never be obsolete., because there is no best between Signatures/heuristics(Static analysis), behavioral analysis and Machine Learning. All techniques of detecting malware will always have their pros and cons.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
I'm less interested in these "next-gen" AV vendors with their Second Coming marketing drivel and more interested in what happens when blackhats start integrating machine learning into their repertoire.
 

Cohen

Level 7
Verified
Well-known
May 22, 2016
328
For the average person who doesn't download very much and doesn't stray too far from the websites, they're comfortable on (Facebook, Youtube, Reddit, etc.), I'd say using signatures for malware detection will keep them safe.
For people who are more curious about malware and the internet or companies, things such as Default-Deny products and Emsisoft's Behaviour Blocker are possibly more necessary to keep their system safe.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
With all my respect for the machine learning, and for its great importance in cybersecurity, I think the most effective approach is multi-layered.
The antivirus should use signatures, behavioral analysis, sandbox, and yes, even machine learning.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
You have said this many times, and again, I will say:
It does at first as it is learning, but as with VoodooShield, the FP's go away.
As an actual user I can tell you I don't hear anything FP related from it these days.
I did for the first "approximately" 90 days maybe and it was intermitten not constant FP's.
I compare it to the FP's of VS because it was a similar pattern, and duration but as we know they
are two very different software. Just wanted to make myself very clear ;)
You are right, the FPs do go away. They do not interfere with a good user experience. I only mentioned FPs in order to put this product's impressively high detection rate into proper perspective.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
With all my respect for the machine learning, and for its great importance in cybersecurity, I think the most effective approach is multi-layered.
The antivirus should use signatures, behavioral analysis, sandbox, and yes, even machine learning.

Agreed 100%. Malware is way too unpredictable. It's like a battlefield, where you need infantry, marines, the air force, etc. to win a war, which we call security layers. It's complicated with the beginner user in mind though, who doesn't have the infrastructure, resources or knowledge to think like this.
 
Last edited:

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Just a little comment from my side...When I check new samples on VT most of the time these are first and many times only detected by next-gen AV that (also) use AI...So somehow, sometimes AI works.;)

If you have more false postives you will detect a lot more malware too.
 
  • Like
Reactions: XhenEd and erreale

Peter2150

Level 7
Verified
Oct 24, 2015
280
Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.
 
  • Like
Reactions: XhenEd

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.
sure you can get 100% with a hermetically sealed offline computer.
 
  • Like
Reactions: Parsh and XhenEd

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
you can't have the whole cake unfortunately.

Questionable. Depends on what cake are you willing to accept for dinner.

Well for me the detection rate of this product is ZERO! They won't let me test it so it can't detect anything. Besides for me 99% isn't acceptable. I run a small business and have critical data on my machines. I can't accept a 1% risk. Is that possible. I think so. But that is not for this thread.

Agreed. But the weak point will always be the space between the keyboard and the chair, unless that space is filled with void. So you have to get ready for disaster mitigation as best as you can...
 
A

acemnr suvwxz

DeepArmor produces lots and lots of FPs.
Yes, it produces lots of FPs. Many programs get 50% & above score. For average users, the score is nothing & kinda FPs or detection. For knowledgeable users, the score could be helpful to take action or further analyse the sample.
 

Peter2150

Level 7
Verified
Oct 24, 2015
280
sure you can get 100% with a hermetically sealed offline computer.

Nope it is actually possible. But it's not detection it's preventing anything getting on in the first place. Also it's not an install and forget it solution. It takes a bit of work and also care and feeding.
 
  • Like
Reactions: XhenEd

Peter2150

Level 7
Verified
Oct 24, 2015
280
.....


Agreed. But the weak point will always be the space between the keyboard and the chair, unless that space is filled with void. So you have to get ready for disaster mitigation as best as you can...

Absolutely. But that is why I have some overlap in my setup. Some of it is duplication, but I like to look at it as a 2nd chance to get it right. Also I have Macrium running hourly incrementals. So I am never far in time from "mitigation"
 
  • Like
Reactions: XhenEd

katharn

Level 1
Apr 23, 2017
14
quality over quantity. my company is carrying a few of these next gen av's but theres a big problem with most of them. they eat the CPU. mostly occupy it like 80 to 100%.

and it really bogs down the system.... and coming from a place that still has people using win xp.....

has anyone here used cylance before? seen a few demo's and it looks to be quite good
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top