Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance

D

Deleted member 178

Thread author
Last November, a systems engineer at a large company was evaluating security software products when he discovered something suspicious.

One of the vendors had provided a set of malware samples to test—48 files in an archive stored in the vendor's Box cloud storage account. The vendor providing those samples was Cylance, the information security company behind Protect, a "next generation" endpoint protection system built on machine learning. In testing, Protect identified all 48 of the samples as malicious, while competing products flagged most but not all of them. Curious, the engineer took a closer look at the files in question—and found that seven weren't malware at all.

That led the engineer to believe Cylance was using the test to close the sale by providing files that other products wouldn't detect—that is, bogus malware only Protect would catch.
Click to expand...

:rolleyes:
 
  • Like
Reactions: Der.Reisende, soccer97, Solarquest and 9 others
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
"Even if [Cylance products] score well in our tests," said Peter Stelzhammer, co-founder of the testing organization AV-Comparatives, "they 'trust' only their own sponsored test, where they can dictate the methodology."
Click to expand...
No doubt, with such practices getting uncovered, independent testers and competitors get to accuse Cylance for tests that favor their (Cylance's) product, rightfully though.

Another hit as @BoraMurdar highlighted -
Cylance executives said that they have used packing utilities to create "mutated" malware for testing, including some of the samples used in the company's "Unbelievable" demos. "We do exactly what the enemy does," said Skipper. "They share malware and repackage that malware to evade signature-based detection."
Click to expand...
And their 'Test it Yourself' unprofessional way of demonstrating product strength will only make way to companies lacking common sense.
I find only their name legal and interesting..
The company's management has also got disrupted recently as we know. Maybe now others will get a better chance to push their game up!
 
  • Like
Reactions: Der.Reisende and Sunshine-boy
5

509322

Thread author
liubomirwm said:
I've heard that CIA is behind that company, I mean, really? :confused:
Click to expand...

CIA provided money - probably a government grant with no real heavy involvement with Cylance. On the other hand, venture capital (private equity) firms provided money to Cylance. That makes those venture capital firms ultimately the masters of Cylance and therefore Cylance executives must answer to those masters.
 
Last edited by a moderator:
  • Like
Reactions: Der.Reisende, Parsh, Sunshine-boy and 3 others
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Parsh said:
No doubt, with such practices getting uncovered, independent testers and competitors get to accuse Cylance for tests that favor their (Cylance's) product, rightfully though.

Another hit as @BoraMurdar highlighted -

And their 'Test it Yourself' unprofessional way of demonstrating product strength will only make way to companies lacking common sense.
I find only their name legal and interesting..
The company's management has also got disrupted recently as we know. Maybe now others will get a better chance to push their game up!
Click to expand...

I thought repacking the malware only evades signature scans, but running the malware causes it to unpack and gets picked up by their signatures again.
 
  • Like
Reactions: Der.Reisende, Solarquest and ForgottenSeer 19494
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Simple logic:

If you maintain the integrity and performance wise of the product then no arguments or speculation will thrown to you however in the article mentioned, many alleged statement came from reliable sources about Cylance's actions.

I should agree that the term "Protect" is something abusive and use already for marketing gimmicks; unfortunately many users are still not sure on what is happening in terms of technology and security unless being told by known people.
 
  • Like
Reactions: Der.Reisende
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • Wow
The Technology Facebook and Google Didn’t Dare Release
Replies
0
Views
537
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AVLab.pl Advanced In-the-Wild Malware Test January 2024
Replies
8
Views
978
Security Statistics and Reports
Anthony Qian
Anthony Qian
Gandalf_The_Grey
    • Like
    • Hundred Points
    • +Reputation
AV-TEST ATP Test: Defending Against Data Stealers and Ransomware (October 2023)
Replies
4
Views
679
Security Statistics and Reports
SeriousHoax
SeriousHoax

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top