Forget signatures for malware detection. SparkCognition says AI is 99% effective

Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Dani Santos said:
If you have more false postives you will detect a lot more malware too.
Click to expand...
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...
 
  • Like
Reactions: Dani Santos, Parsh and XhenEd
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Amelith Nargothrond said:
Better not have any false positives and in the meantime not getting infected. This should be the goal, not accepting false positives.
Click to expand...
I fully agree with this, security products have raised the detection range trying to avoid something can escape, but the number of false positives is not synonymous of quality for a product.
 
  • Like
Reactions: Amelith Nargothrond, Parsh and frogboy
katharn

katharn

Level 1
Apr 23, 2017
14
XhenEd said:
Cylance Protect here isn't generally accepted due to various reasons, particularly its claims and sales strategy. :)
Click to expand...
ahh i see. i really have my doubts on cylance :/ seen a few articles calling them out on some of their bs
 
  • Like
Reactions: XhenEd
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
shmu26 said:
DeepArmor produces lots and lots of FPs.
Click to expand...
Yes, it does and it will, unless it matures enough. Still there will be some scope of FPs since it's an ML trained product.

When I installed 'ezvid' (free) recently for recording Windows screen, it was detected with a 100% confidence. Though I allowed, I found that the app kindof forces some unrelated downloads onto your computer during installation. That's it. And then it does its work. It's actually a highly downloaded app.
Here we had an executable that was preparing to do such uncalled stuffs and it showed a full confidence. That doesn't mean it was exactly a malware. But it was fishy for sure according to DeepArmor. (Another nice thing I find is that it provides an 'allow' option on detection unlike Zemana, BD, ...)

Users can somehow benefit from such alerts. I think that it is great for some classes of users who will find the 'threat confidence' intuitive and then make their own judgements, be it via extra analysis of the alerted file, directly blocking it or creating an exception when you're sure that its a good one.
And some of the quickest decisions we can make are for some well known apps. We know that an XYZ app does some critical activities on Windows. And if an alert is raised for the same executable, we know what it 'can be' about (except that it's a spoof/ stolen/ rogue file....exceptions are always there right)!
 
  • Like
Reactions: Solarquest, Winter Soldier, XhenEd and 1 other person
Dani Santos

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Solarquest said:
I cannot comment on the number of FP since I didn't test them. I can comment on VS where I don't see that many at all.
A user should be able to decide if he wants the additional possible protection from AI or not and if yes leave with the alerts and learn how to deal with them.
Now we have between 300k and 3M new malware/day, I think this number will only increase in the future.
Signature detection does what it can, BB, Hips etc do also their part....AI or other protection/detection mechanism will come/evolve and help detecting what the other lines of defense didn't.
Who wants higher detection/protection has to take some possibles "side effects" into account at least until the advanced mechanism is not mature enough..then a new one will be developed to allow again higher detection or the detection of missed samples by the "standard" security products/mechanism....and so on...
Click to expand...

I agree that's why I already said you shouldn't use only AI but a combination of different detection methods, because all of them have their pros and cons. That's why I hate these companies saying signatures are outdated and that AI is perfect. But I understand it's their marketing strategy and many fall for it.
 
  • Like
Reactions: Solarquest, Amelith Nargothrond, XhenEd and 1 other person
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
SparkCognition team should also take seriously on the problematic scripts and other fileless attacks which easily bypassed including AI due to nature of quick obfuscation source codes.

Nevertheless, so far effective on the general executable attacks.

Still Ai is a sensitive component that will undergone different learning to ensure least mistakes will happen.
 
  • Like
Reactions: XhenEd
P

Peter2150

Level 7
Verified
Oct 24, 2015
280
Yawn. This is another fancy attempt that won't be effected. Anything AI can learn can be defeated. The problem as always is people. One of my favorite applications is No Virus Thanks's Exe Radar Pro. It will effectively stop everything. It's weakest link is the user. But that can be solved easily. Simply set the password to a strong password, and then apply it in all the places you can. User won't be able to cause any trouble. None of AI glitz.
 
  • Like
Reactions: XhenEd
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
Malware News Updated FakeCall Malware Targets Mobile Devices with Vishing
Replies
1
Views
891
Security News
lokamoka820
lokamoka820
lokamoka820
    • Like
    • +Reputation
Malware News Android malware 'Necro' infects 11 million devices via Google Play
Replies
1
Views
1,583
Security News
i7ii
i7ii
[correlate]
    • Like
    • +Reputation
Security News Ransomware gang deploys new malware to kill security software
Replies
0
Views
1,576
Security News
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top