Cylance Smart Antivirus for Home users

It might have done it without you noticing. There was a log in the events tab last-night, but now there's nothing listed there, and there was no notice or alert, it seemed to handle everything without user intervention.

 

nah i was doing malware testing, was monitoring it all the time.

 

The only AV lab testing I know of it by NSS Labs and its for their commercial product: https://pages.cylance.com/2018-04NSSLabsReport.html . You will have to "sign up" there to get the test results.

There are numerous postings on Wilders in regards to Cylance testing with the end result being Cylance believes none of the "mainstream" AV labs are competent to test it. Draw your on conclusions.

 

I don't remember them saying that the testers were too incompetent to test, but that the vendor commissioning the test chooses the samples/methodology to make itself look good. I dug up the quote:

"The defrauding and manipulation of the public with these tests also stems from vendors who pay so that their test results will show 100% efficacy. These reports not only deceive the buyer, but they also set up impossible standards for the entire security industry. Repeat after me:there is no such thing as a 100% efficacy rate in security. There is no single silver bullet that will provide total, unbreachable protection against every type of malware in every situation - ever!
If a vendor does get 100% on an anti-malware test, they either:

1) Paid for perfection, bribing the testing house to hide the negative results of their tests.
2) Tested using a statistically invalid sample set of malware like 100 samples.
3) Tested with samples not in any way reflective of real world attacks.
4) All of the above."

source: https://blog.cylance.com/security-testing-houses-know-the-truth

 

But it is funded by the CIA.

 

I forgot about the Cylance commissioned AV-Test for Cylance Protect you can read about here: https://blog.cylance.com/real-world-av-testing-with-integrity . To say this test "caused an uproar" in the security community would be an understatement. To summarize, AV-Test created a custom methodology with Cylance's assistance where most of the samples used were "synthetic" malware and not actual real world malware samples. The synthetic samples more closely resembled tools/attacks used by penetration testers in evaluating network perimeter defenses.

 

What's the difference between synthetic malware and actual malware?

 

It is created by the AV Lab to simulate the behavior of an actual attack scenario method. A classic example is the Surfright test tool that was developed to verify HitmanPro-Alert functionality: https://community.sophos.com/produc...st-tool-for-the-exploit-prevention-technology. Since most of the tests used are customized to HMP-A protection methods, many other AV products would have difficulty passing these tests. Whether they would be employed in an actual malware attack and with the specific test method used is debatable.

 

I'm not sure that's the same thing. They do call them simulated attacks, but they also said this:

"AV-TEST is the first testing organization to create their own malware with self-developed tools. This is significant and hugely important to validate the security solutions’ ability to detect never-before-seen malware."

The malware wasn't made by Cylance, it was made by the third party AV-TEST.

 

Here's a better analogy.

Simulated malware is theoretical. I guess that is appropriate since AI detection methods at this point are pretty much so.

In my lab, I set out to create a great attack method that is based of behavior; after all, that is what Cylance says it excels at. I really have no expertise in behavior malware methods but my sponsor of the test does. He subsequently assists in suggestions to be deployed while at the same time ensures that only techniques his product can detect are deployed.

Finally, there is the "reality aspect" of this simulated malware. Whereas the test malware qualifies as 0-day grade, there is currently no effective method it can be actually deployed on a device without being detected at that phase or causing a blue screen. Nor does there appear to be any chance of this being successful in the future.

 

It is a little hypocritical for them to complain about tests being crafted to make products look good while essentially doing the same thing with AV-Test. But I don't really see a testing org making custom malware as any less of a test. In fact, I'm probably more curious to read those results than if they can catch prevalent malware.

 

Just out of curiosity since you own the product, have you ran any tests against Cylance?

 

I haven't, other than seeing how well it plays on my home system. All I can speak to at this point is the two false positives I've seen, the one that fixed itself I mentioned earlier. Though the second I'm not certain that it is a false positive. It detected a uplaycrashreporter.exe as a PUA. I remember reading something that several game publishers had been caught embedding something for a shady company to do analytics within their games. Fatshark was one of the game companies that were caught doing this. Maybe ubisoft was doing the same thing and Cylance detected it.

 

i would run tests but i can't purchase it cause of store restrictions..

 

As far as the AV-Test bit goes, I believe the following Sophos comments sum it up best. The posted link also contains other vendors comments who were included in the test without their permission:

https://www.csoonline.com/article/3...ylances-new-testing-methods-with-av-test.html

 

From the link you provided:

"Commissioned tests are usually performed to highlight the strong sides of the product of the commissioning party. All other vendors in the test have been commissioning public tests in the past with AV-TEST or other testing labs with a similar purpose.

When this is done, it is important to state that the test was commissioned and by whom. It is also important to clearly outline the methodology and what the purpose is. This has been done by us. We are even explaining the caveats of some of the test cases and point out that they may not represent a usual/common case."

I'm racking my brain, trying to think of a commissioned test I've seen where the vendor lost.

 

is there a comparison page somewhere that highlights protection and features of cylanceSmart v cylanceProtect? I've been using cylanceProtect for several months with (via) cyberforce, and have not had any complaints oor issues. Other than obvious, user controls Smart, is the protection the same with the home user version?
PS. mekelek, haven't seen you at MT for couple of months?

 

so is Tor

 

+1

 

Guess if it was the FSB, that would be OK .

 

yea they banned me for some made up reason, i guess their license key sponsors didn't like me trashing on their products.

there isn't any comparison page, but you have full control over it, and a way to restore quarantine/exclude stuff, i would personally switch to this if i were you

 

Don't like their pricing. $29 converts to £22 not £29. That's lazy or greedy, I don't know which.

 

But then you have the VAT on top of that, took mine up to £27 something. You save a couple of pounds buying in dollars, thats all, and very dependent on the exchange rate at the time.

 

Same here; I have never seen the sponsoring vendor score other than in first place.

As far as commissioned tests go, there are two variants of it. The first and most common is when a vendor wants to get AV lab certification for his product. The second type which is controversial is when testing is done in comparative fashion against competitor products; many times without their consent to participate. Sophos is correct in stating these type of tests are nothing more than "marketing" vehicles. However and ironically, Sophos is not without fault in this area. Since they now own Surfright and their HitmanPro product line, like sponsored comparatives of it have been performed by Malware Research Group: https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf.

My statement on the subject is no sponsored comparative test results should be made public. The reasons are obvious. I also imagine this would result in the end of sponsored comparative testing.

 

There is no escape lol!