How effective is Signatureless AVs like Panda Dome?

Discussion in 'other anti-virus software' started by rpk2006, Mar 3, 2019.

  1. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    I have been using ESET Internet Security from many years and soon the subscription is expiring. Recently, I came across Cylance and Panda Dome, which claims to be modern AV with signature-less detection using Machine Learning and Big Data.

    While lot of marketing hype is prevailing about Machine Learning, I want to know if anyone has used Panda Dome. How effective is Panda Dome? Is it worth going after it to leverage any benefits of signature-less detection?

    For now, I am evaluating Zone Alarm Extreme Security. When comparing with ESET, Zone Alarm has very limited set of settings which you can fine tune.
     
  2. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    As far as I know, Panda Dome is not signatureless. Panda's sigs are in the cloud, not on one's computer. Maybe that's what they meant by signatureless.

    ESET is an excellent AV -- why not stay with it?
     
  4. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    @Azure Phoenix Yes, I read ESET is also using Machine Learning from many years.

    @bellgamin just evaluating if any new trends have come in this industry. Panda was claiming signatureless so was carried away.

    Heuristics, based on my experience, is the best in ESET. However, I doubt how any AV decides when to use heuristics or not.

    Cylance has a video on this. They say one bit change in malware and game over for an AV which depends on signature. Similarly, one property change bluffs heuristics.

    Most AVs come with Sandbox environment. Only when heuristic doubts are the file put into emulation. Right?
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Quote from ESET:
    from https://www.welivesecurity.com/2019/02/22/ml-era-cybersecurity-step-toward-safer-world-brink-chaos/
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    That is pure and simple unmitigated BS which one has come to expect from Cylance.

    As noted in a prior posting, AV vendors like Eset use DNA signatures. These are code snippets of malware which are extremely effective in detecting polymorphic malware variants. Additionally, the major AV vendors use behavior YARA rule based signatures to detect malicious activities. Eset and other AV vendors employ memory scanners that can detect malicious code injection into a process. Finally Eset and Kaspersky for example, use their HIPS protection to monitor suspicious API calls and like activity.
     
    Last edited: Mar 4, 2019
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    PC Magazine did a review of Cylance Anti-Virus here: https://www.pcmag.com/review/362381/cylance-smart-antivirus . Overall, it is what Cylance doesn't detect that should be noted; PUA's , web based phishing, etc.. And at a subscription price of $6 per month, far from cheap. Bottom line - you get better overall protection with the major AV products at a lower cost.

    -EDIT- Just checked the Cylance web site and the price is $29 annual for 1 device which is more realistic. Since Cylance appears to be excellent at ransomware protection, might be a good substitute for anyone using AppCheck for example which costs $25 annually.
     
    Last edited: Mar 4, 2019
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    1 Most AVs nowadays use some non-signature-based detection, in addition to their smart sig-based detection as @itman explained it.

    2 Cylance emphasizes their non-sig detection, with less than stunning results. It's a good companion AV, though, if you are into that kind of thing.

    2 Panda dome, at least at default settings, is an inconsistent performer. It has its good months and its bad months. It is not very good against zero-days. Over on Malwaretips, you can find folks with recipes for tweaking the protection of Panda dome. Some people believe in Panda dome with tweaks.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Since the OP now has Eset installed, I will add that the upcoming 12.1 version will be introducing additional behavior detection in that one will start seeing alerts detecting suspicious behavior.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Another thing about Cylance that sucks is they don't have a trial option. So your forced to purchase a one month license and then try to get an upgrade to one year license if you decide to keep it. Or, ask for a refund of your one month/year license purchase.
     
  11. guest

    guest Guest

    What really sucks is that the home user version, the "smart AV" one is totally ignorant of scriptors, which is the actual plague those days. So basically you have to add a default-deny solution on top to be secure...ludicrous ... in that case I would just use the D-D soft and ditch Cylance... Lol
     
  12. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    276
    Location:
    Rio de Janeiro, Brazil.
    Actually you can set the HIPS as a default deny for scripts but those rules should come as default Maybe an option during install.

    https://support.eset.com/kb6119/?locale=en_US&viewlocale=en_US
     
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  14. guest

    guest Guest

    Indeed.
     
  15. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    276
    Location:
    Rio de Janeiro, Brazil.
    My apologies I should read the thread with more attention.
     
  16. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    219
    It didn't do too poorly in some of the malwaretips tests which had a few script based malware included:

    DN5868.js
    Launches--wscript.exe
    Payload on temp folder--intercepted by Cylance
    Process shutted down
    No autoruns created nor further processes


    HS5768.js

    Launches--wscript.exe
    Payload on temp folder--intercepted by Cylance
    Process shutted down
    No autoruns created nor further processes

    pax.js

    Launched--cmd.exe
    Child processes: conhost.exe powershell.exe
    Payload detected and deleted
    No further processes created nor autoruns
    15/17 wasn't a bad score at all. In fact, it only got one less detection than some others that were bolstered with third party script blockers.

    Then there was this test done bit ITCUBE:
    https://i.imgur.com/CW6HOCk.png

    talked about here:
    https://www.computerworld.com.au/me...ceprotect-called-most-advanced-of-all-tested/
     
    Last edited: Mar 4, 2019
  17. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    114
    Location:
    Planet Earth
    Thanks all. One final question though, is there any other other tool which I can use with ESET, in a way that both work without conflict and make it a complete protection? ESET is a very good product indeed and I have been using it from around ten years but my concern is that because of the variety of risks, is one product sufficient? What if I use a combination of Panda Dome and ESET.
     
  18. guest

    guest Guest

    Ridiculous, you have all you need in ESET, just learn how to use it and make it tighter.
    using an analogy: better be a master in one martial art than a beginner in 20...
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I wouldn't add anything like second AV next to ESET. It can do it's job by itself.
    A few years ago I got computer which had installed ESET and Norton at the same time. When they both detected something the fun began. Popups were so massive that I had really hard time uninstalling one. That person also thought that using 2 AVs is better than 1. This incident proved him wrong.
     
  20. guest

    guest Guest

    +1, and even if you manage to run them both, the resource usage makes the task isn't even worth trying.
     
    Last edited by a moderator: Mar 5, 2019
  21. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    It is very reasonable to add another security layer on top of ESET. I would. But that additional layer should not be another AV. Look into things like OSArmor, VoodooShield, SysHardener, etc etc.. There are other and perhaps even better solutions, too. Many of them are free. Just poke around on this forum a bit, and you will find them.
     
  22. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
    No it's not. What is reasonable is to learn how to configure and harden ESET.
     
  23. Deckard

    Deckard Registered Member

    Joined:
    Dec 13, 2016
    Posts:
    46
    Location:
    France
    Some AV use multiple engines and they are not ridiculous. Or maybe yes, they are. Personally, I am not an AV developer and I will not judge this point.
    Same thing when you install for MBAM with your traditional AV. The difference is in the fact that they have mamanged the 'multiple' engines to work well together, as Minimalist says, without conflit.
     
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Your suggestion is right for a skilled user who is ready and willing to roll up his sleeves and start tweaking ESET. That's not for everyone.
     
  25. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    ESET is perfectly fine at default settings, no need to tweak or add other solutions to complement it.

    PS: About next gen antivirus, signature less solutions all I have to say is "don't believe the hype".
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.