Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How Antivirus Companies Are Hacking the Truth -- and Making Us All More Vulnerable
Message
<blockquote data-quote="RejZoR" data-source="post: 770230" data-attributes="member: 57233"><p>Reading such rubbish "articles" makes me feel like the author still thinks antivirus software only looks for viruses in the literal meaning of teh word (parasitic file infectors) and that only method they are using is simple pattern matching. If, whoever wrote these "articles" actually understood anything, they'd know antiviruses are only called that way as broadly recognizable name, but they detect all sorts of malware types. And their detection capabilities go far beyond just pattern matching.</p><p></p><p>Signatures are still an integral part of antiviruses because the fact is, they are super fast and still work. But they aren't simple pattern matching systems, but far more advanced dynamic detection systems compared to old static pattern matching. Known malware is still best left detected by pattern matching to make things faster.</p><p></p><p>They aid "old" signatures with heuristics, behavior analysis and cloud detection with machine learning where this last one is the most powerful tool. The cloud machine learning basically eliminated human analysts from the equation. They basically only exist to deal with really tricky things that are rejected from automated systems as clear cut detections and to fine tune these systems. No one manually makes detections anymore on regular basis. Machine learning is basically grouping files based on many characteristics into malware, clean and undeclared statuses. Whatever you encounter can be nearly instantly compared to huge sample bases in their clouds. Meaning you're not looking program's code line by line, instead you're checking where the file originated, how quickly it spread, what are its characteristics, what is it most similar to and lastly it's monitored by local behavior blockers and their behavior feed to the cloud.</p><p></p><p>You can't ever make anything 100%, but we're closest to that than ever. And complaining over detection rate scores, people don't seem to have the slightest clue what statistically significant data means. If AV detects 99,9% or even 100% in a specific test, it only means it managed to detect that percentage of samples used in the test. It doesn't mean it has such exact detection globally for everything in existence, but it statistically tells you AV that consistently hits 100% in tests is far more likely to detect malware in general than the one that's jumping all over the place from 96% to 100% or not even ever hitting 100% or other near 100% score. Tests very much tell how good antiviruses are and there is a good reason why AV's like Bitdefender and Kaspersky which constantly and reliably hit 100% in tests are also proven to provide the best protection in real life as well. Of course there is statistical chance they'll miss something, but the chance of it happening is so low and it's decreasing with almost every minute passing after malware sample is being released. Because the longer something exists out there, the higher there is chance it was picked up by the cloud systems by every minute it passes. In the past samples had to be submitted manually after being spotted as "missed". And when company received the sample, they processed it and added detection for it. Now, cloud systems pick up such samples automatically, send it to AV company machine learning systems, process them, classify them and issue detection for them automatically. I think there is no need for me to explain how dramatically that narrows the gap between malware being released out there and malware getting detected. Meaning anything AV's detect is added benefit to user's protection. Expecting flawless 100% perfection is only by idiots who don't understand, well, anything. What is 100% in real life? Seatbelts, airbags, ESP, auto braking systems, vaccines, helmets etc? None ever is. All these things statistically increase your protection with scientifically backed confidence. Why should antiviruses be treated any different? And yet dumb articles keep poping up regularly about it. I really have no clue why. To me it seems like publicity stunts to get clicks and nothing else.</p></blockquote><p></p>
[QUOTE="RejZoR, post: 770230, member: 57233"] Reading such rubbish "articles" makes me feel like the author still thinks antivirus software only looks for viruses in the literal meaning of teh word (parasitic file infectors) and that only method they are using is simple pattern matching. If, whoever wrote these "articles" actually understood anything, they'd know antiviruses are only called that way as broadly recognizable name, but they detect all sorts of malware types. And their detection capabilities go far beyond just pattern matching. Signatures are still an integral part of antiviruses because the fact is, they are super fast and still work. But they aren't simple pattern matching systems, but far more advanced dynamic detection systems compared to old static pattern matching. Known malware is still best left detected by pattern matching to make things faster. They aid "old" signatures with heuristics, behavior analysis and cloud detection with machine learning where this last one is the most powerful tool. The cloud machine learning basically eliminated human analysts from the equation. They basically only exist to deal with really tricky things that are rejected from automated systems as clear cut detections and to fine tune these systems. No one manually makes detections anymore on regular basis. Machine learning is basically grouping files based on many characteristics into malware, clean and undeclared statuses. Whatever you encounter can be nearly instantly compared to huge sample bases in their clouds. Meaning you're not looking program's code line by line, instead you're checking where the file originated, how quickly it spread, what are its characteristics, what is it most similar to and lastly it's monitored by local behavior blockers and their behavior feed to the cloud. You can't ever make anything 100%, but we're closest to that than ever. And complaining over detection rate scores, people don't seem to have the slightest clue what statistically significant data means. If AV detects 99,9% or even 100% in a specific test, it only means it managed to detect that percentage of samples used in the test. It doesn't mean it has such exact detection globally for everything in existence, but it statistically tells you AV that consistently hits 100% in tests is far more likely to detect malware in general than the one that's jumping all over the place from 96% to 100% or not even ever hitting 100% or other near 100% score. Tests very much tell how good antiviruses are and there is a good reason why AV's like Bitdefender and Kaspersky which constantly and reliably hit 100% in tests are also proven to provide the best protection in real life as well. Of course there is statistical chance they'll miss something, but the chance of it happening is so low and it's decreasing with almost every minute passing after malware sample is being released. Because the longer something exists out there, the higher there is chance it was picked up by the cloud systems by every minute it passes. In the past samples had to be submitted manually after being spotted as "missed". And when company received the sample, they processed it and added detection for it. Now, cloud systems pick up such samples automatically, send it to AV company machine learning systems, process them, classify them and issue detection for them automatically. I think there is no need for me to explain how dramatically that narrows the gap between malware being released out there and malware getting detected. Meaning anything AV's detect is added benefit to user's protection. Expecting flawless 100% perfection is only by idiots who don't understand, well, anything. What is 100% in real life? Seatbelts, airbags, ESP, auto braking systems, vaccines, helmets etc? None ever is. All these things statistically increase your protection with scientifically backed confidence. Why should antiviruses be treated any different? And yet dumb articles keep poping up regularly about it. I really have no clue why. To me it seems like publicity stunts to get clicks and nothing else. [/QUOTE]
Insert quotes…
Verification
Post reply
Top