Solarquest

Moderator
Verified
Staff member
Malware Hunter
If you have more false postives you will detect a lot more malware too.
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
DeepArmor produces lots and lots of FPs.
Yes, it does and it will, unless it matures enough. Still there will be some scope of FPs since it's an ML trained product.

When I installed 'ezvid' (free) recently for recording Windows screen, it was detected with a 100% confidence. Though I allowed, I found that the app kindof forces some unrelated downloads onto your computer during installation. That's it. And then it does its work. It's actually a highly downloaded app.
Here we had an executable that was preparing to do such uncalled stuffs and it showed a full confidence. That doesn't mean it was exactly a malware. But it was fishy for sure according to DeepArmor. (Another nice thing I find is that it provides an 'allow' option on detection unlike Zemana, BD, ...)

Users can somehow benefit from such alerts. I think that it is great for some classes of users who will find the 'threat confidence' intuitive and then make their own judgements, be it via extra analysis of the alerted file, directly blocking it or creating an exception when you're sure that its a good one.
And some of the quickest decisions we can make are for some well known apps. We know that an XYZ app does some critical activities on Windows. And if an alert is raised for the same executable, we know what it 'can be' about (except that it's a spoof/ stolen/ rogue file....exceptions are always there right)!
 

Dani Santos

From Xvirus
Verified
Developer
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...
I agree that's why I already said you shouldn't use only AI but a combination of different detection methods, because all of them have their pros and cons. That's why I hate these companies saying signatures are outdated and that AI is perfect. But I understand it's their marketing strategy and many fall for it.
 

jamescv7

Level 85
Verified
Trusted
SparkCognition team should also take seriously on the problematic scripts and other fileless attacks which easily bypassed including AI due to nature of quick obfuscation source codes.

Nevertheless, so far effective on the general executable attacks.

Still Ai is a sensitive component that will undergone different learning to ensure least mistakes will happen.
 

Peter2150

Level 7
Verified
Yawn. This is another fancy attempt that won't be effected. Anything AI can learn can be defeated. The problem as always is people. One of my favorite applications is No Virus Thanks's Exe Radar Pro. It will effectively stop everything. It's weakest link is the user. But that can be solved easily. Simply set the password to a strong password, and then apply it in all the places you can. User won't be able to cause any trouble. None of AI glitz.
 
Top