Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance

D

Deleted member 178

Thread author
Last November, a systems engineer at a large company was evaluating security software products when he discovered something suspicious.

One of the vendors had provided a set of malware samples to test—48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a "next generation" endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question—and found that seven weren't malware at all.

That led the engineer to believe Cylance was using the test to close the sale by providing files that other products wouldn't detect—that is, bogus malware only Protect would catch.

:rolleyes:
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
"Even if [Cylance products] score well in our tests," said Peter Stelzhammer, co-founder of the testing organization AV-Comparatives, "they 'trust' only their own sponsored test, where they can dictate the methodology."
No doubt, with such practices getting uncovered, independent testers and competitors get to accuse Cylance for tests that favor their (Cylance's) product, rightfully though.

Another hit as @BoraMurdar highlighted -
Cylance executives said that they have used packing utilities to create "mutated" malware for testing, including some of the samples used in the company's "Unbelievable" demos. "We do exactly what the enemy does," said Skipper. "They share malware and repackage that malware to evade signature-based detection."
And their 'Test it Yourself' unprofessional way of demonstrating product strength will only make way to companies lacking common sense.
I find only their name legal and interesting..
The company's management has also got disrupted recently as we know. Maybe now others will get a better chance to push their game up!
 
5

509322

Thread author
I've heard that CIA is behind that company, I mean, really? :confused:

CIA provided money - probably a government grant with no real heavy involvement with Cylance. On the other hand, venture capital (private equity) firms provided money to Cylance. That makes those venture capital firms ultimately the masters of Cylance and therefore Cylance executives must answer to those masters.
 
Last edited by a moderator:

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
No doubt, with such practices getting uncovered, independent testers and competitors get to accuse Cylance for tests that favor their (Cylance's) product, rightfully though.

Another hit as @BoraMurdar highlighted -

And their 'Test it Yourself' unprofessional way of demonstrating product strength will only make way to companies lacking common sense.
I find only their name legal and interesting..
The company's management has also got disrupted recently as we know. Maybe now others will get a better chance to push their game up!

I thought repacking the malware only evades signature scans, but running the malware causes it to unpack and gets picked up by their signatures again.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Simple logic:

If you maintain the integrity and performance wise of the product then no arguments or speculation will thrown to you however in the article mentioned, many alleged statement came from reliable sources about Cylance's actions.

I should agree that the term "Protect" is something abusive and use already for marketing gimmicks; unfortunately many users are still not sure on what is happening in terms of technology and security unless being told by known people.
 
  • Like
Reactions: Der.Reisende

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top