Hot Take Sirius LLM by VoodooSoft / CyberLock

[Victor M]

I would prefer that Sirus be built-inside the main program. Having it start separately is asking for trouble: attackers will attempt to disable it from running.

 

[simmerskool]

I would prefer that Sirus be built-inside the main program. Having it start separately is asking for trouble: attackers will attempt to disable it from running.

fwiw I tend to agree with @Victor M -- unless a separate app is beta to work out bugs and then incorporate Sirius in Cyberlock and ...

 

[Oldie1950]

I would prefer that Sirus be built-inside the main program. Having it start separately is asking for trouble: attackers will attempt to disable it from running.

Dan writes in #1 that Sirius LLM will be integrated into the other programs (CyberLock, DefenderUI Pro, WDAC Lockdown) in 2-3 months. It's apparently only a separate program during the testing phase.

 

[danb]

I like the idea of the personalities for example providing detailed scan result down to simple verdict result. Not sure everyone would get humorous responses but an interesting idea.

Thank you guys for your input! I think we should skip the personalities for now and possibly add them later. The feature is already implemented, but I do not want to risk throwing the LLM for a loop. I do not think that would happen, but there is sense in taking that chance.

 

[danb]

I consider the "Assistant Personality" feature superfluous. Sirius LLM and, ultimately, CyberLock shouldn't be overloaded with features.

Yes, the SiriusLLM version that is integrated into our other products will be just the basic features. The portable SiriusLLM desktop app is mainly for development and to work out all of the bugs before we implement the tech into our other products, thank you!

 

[danb]

sure but Sirius & CL or Sirius incorporated into CL have a switch to turn off extra (perhaps unneeded) features more might be better, although often less is more
@danb -- will Sirius also be incorporated into DefenderUI? -- & can you comment how Sirius compares to VoodooAi -- I'm using chatgpt everyday on various unrelated "projects" some of which I know a lot about, and it is correct 80 or 90% of the time, but sometimes it is just wrong. Even in computational things like astronomy hobby, it says something that sounds reasonable, but is flat out wrong, not by a little but by a lot. Having said that, I find chatgpt usually very helpful, and excited to see Sirius. Happy to help, but you have better sources for malware than me -- I'm not actively looking now a days. PS make Sirius Linux version, upload to cloud version.

Yes, assuming that everything works out as we hope (and that LLM's are technologically advanced enough that they achieve high efficacies), SiriusLLM will be integrated into CyberLock, DefenderUI Pro and WDAC Lockdown. If not, we will just keep polishing SiriusLLM while waiting for the LLM's to further advance. If anything, SiriusLLM is a great malware research tool as it currently is.

Yes, LLM's and Ai in general is not 100%, and it never will be when it comes to malware analysis. But if we can achieve higher efficacies than signature based or current next-gen engines, it is certainly worth it. So far I have been incredibly impressed with the results, but we really need other people like @Shadowra to test as well to make sure.

Another way to look at it... if we were to achieve 100% efficacy with LLM malware analysis, then there would not be a need for CyberLock or other zero-trust products .

If I had to guess, with the limited preliminary testing that I have performed so far, I would say that the LLM's may or may not be quite ready for this tech, but I certainly beleive they will be ready in the next year or two. And by that time SiriusLLM will have evolved into a full-blown AV .

 

[danb]

You may as well include the Assistant Personality option, not going to hurt anything, personally speaking its not something I would use.

Yeah, we are going to skip it for now, thank you!

 

[danb]

I think it is an unnecessary function. But if it doesn't cause bloating of the programme and problems with its further maintenance, you can leave it. Personally, I wouldn't use personalisation of the report, a report with specifics is enough for me.

Yeah, exactly, I do not think anyone would use it anyway. It would be fun for a few samples, but it would get old quick. And there is no point in risking throwing off the model... it already has to refine its response for beginner, intermediate and advanced users. I think performing one translation is okay, but probably not two, thank you!

 

[danb]

Why not re-analyze automatically after the update. It reminds me of Emsisoft. Like after database update, it re-scan the quarantined files for false positive.

And for personalities, I always prefer the professional tone/ wording like the other antiviruses

Great question, thank you! It totally depends on the file. For example, there is no point in going back through the database and reanalyzing every file in the database. We would not be able to do this anyway since files are deleted on the server immediately following analysis. But here is a good example... in our database there are probably 100-200 results for old VoodooShield installers, like say InstallVoodooShield4.44.exe. There is no point in wasting compute time and electricity on these old samples that no one will ever see again... especially if it means that the user has to wait 20-60 seconds for a result.

The reanalyze button is similar to the reanalyze button at VirusTotal... it serves a very similar purpose.

Having said that, while developing VoodooAi, we created new databases for each version of VoodooAi, so we had a total of 5 VoodooAi databases, with all new results from the latest LLM. I am quite sure this will happen with SiriusLLM as well, but who knows... wouldn't it be nice to nail it on the first model?

We are going to test 2 models for sure, and possibly a third and forth... I have already narrowed them down to the exact models that seem to perform really well. So we will see what happens... we kind of have to play everything by ear and just go with the flow .

 

[danb]

fwiw I tend to agree with @Victor M -- unless a separate app is beta to work out bugs and then incorporate Sirius in Cyberlock and ...

Yeah, that is essentially what SiriusLLM started out to be, but I have since fallen in love with it, so it is going to be an app as well... I think you guys will see why once you try it . And we will integrate the barebones (but still fully capable) version into our other products.

 

[danb]

I would prefer that Sirus be built-inside the main program. Having it start separately is asking for trouble: attackers will attempt to disable it from running.

Yes, I completely agree. As it evolves into a blown AV, it will have all of the protections of a standard AV, thank you!