Antivirus based on artificial intelligence.

[Nazareno]

Hello, I wanted to suggest that the antivirus no longer download signatures and that is only based on artificial intelligence. Thank you very much in advance. Best regards!!!!

[exile360]

Greetings,

True AI doesn't actually exist yet.  Products that claim the term are actually referring to things like machine learning (which Malwarebytes already has/uses in some of its components) and threat detection algorithms (also in use by Malwarebytes already for some of its detection capabilities) which are not by any real definition, Artificial Intelligence.

Malwarebytes uses a combination of technologies, including those that several in the industry currently refer to as "AI" (again, not one is actually using any form of true Artificial Intelligence because it doesn't exist yet) as well as more traditional threat detection signatures (the updates), however the vast majority of signatures in use by Malwarebytes are themselves heuristic pattern signatures designed to target more than a single/specific threat, and instead are designed to target entire threat families and sometimes multiple families of threats.  It's one of the reasons Malwarebytes tends to be so good at 0-hour threat detection where it is capable of detecting a new, never before seen threat without requiring a signature update to do so.

Malwarebytes also uses signature-less behavior based detection methods such as those built into the Anti-Exploit and Anti-Ransomware components of Malwarebytes which require no signatures/updates to remain effective at detecting new attacks and threats.

[Aura]

Quote

I wanted to suggest that the antivirus no longer download signatures and that is only based on artificial intelligence.

Every known Antivirus still uses signature detection by the way.

[Nazareno]

Like Cylance, etc.

[exile360]

Cylance, SentinelOne and all the others claiming to use AI are using exactly what I mentioned in my response above.  It isn't in any way, shape or form true "Artificial Intelligence".  It's just basic Machine Learning and Decision Tree algorithms and the like which use varying degrees of complex math and existing samples of both clean and malicious files to attempt to classify and identify new/unknown files either as safe or malicious.

Malwarebytes already includes technologies based on these kinds of models and also already has the cloud analysis component (another aspect of Cylance and the like) built in as well for uploading and analyzing new/unknown samples for further enhancement of the engine (that's the Machine Learning part in action).

The problem is, if you base a product entirely on these kinds of technologies with no threat researchers and no definitions/signatures then you're going to end up missing a lot of malware and you're going to end up with a lot of false positives (we've tested, we know) so the Malwarebytes approach is to combine these kinds of technologies with the existing tech, continue to do research and both automated and manual threat analysis which allows Malwarebytes to better adapt when threats change (remember, if all AVs used these techniques then it would be very easy for the bad guys to fool them; all they'd need to do is make their threats look enough like legitimate/safe files, a trick they've used for years now).  There is no single 100% effective silver bullet technique when it comes to threat detection, because just as soon as you discover something that works effectively, the bad guys discover what you're doing and deliberately write their next wave of infections to trip it up so that they aren't detected (the bad guys buy AVs too in order to test and see whether or not their threats are detected and they also have multi-engine scan tools similar to VirusTotal for this purpose).

Edited May 25, 2018 by exile360

[Nazareno]

Or they could have the definitions on external server and thus make Mbam not download more signatures. Greetings and thanks!

[exile360]

That's how cloud AVs work.  The only problem with that is, if the infection on your system has disabled your internet access or is blocking your security software from connecting to its servers then there's no way for it to be able to use its definitions, thus crippling its detection capabilities.  Locally stored databases don't have that issue, especially if you are able to transfer defs from another system that can access the web.

[Nazareno]

I do not know to me and it seems old that an antivirus download signatures. Thanks a lot. Best regards.

[exile360]

Most of them still do, and the ones that don't are crippled and typically useless against many of today's threats that deliberately block communications with security related servers.  It's OK if the antivirus is on the system first and is able to prevent the infection from getting in, but if anything gets through and is able to infect the system, it can render the AV helpless by cutting off communications with its servers which is when you end up needing a remediation tool that doesn't have to connect to the internet to function.  Something like Malwarebytes.

[Cleatus]

YOU WANT SKYNET?...CAUSE THATS HOW YOU GET SKYNET...