Jump to content

Time to kick off the Anamolous detection...


Recommended Posts

"False positive Anamolous 100%"

Every other day this will pop up in the forum, asking for correction. Like never happened before, a "malware analyst" will answer with "This is detected by our Machine Learning engine" and "this is a heuristic engine" and " give me 10 min to fix the problem (usually adding it to a white list )

And next day again; and again; and again.

Maybe is time to reconsider this "machine learning" ...

Edited by AlexSmith
Link to post
Share on other sites

  • Staff

If everything encountered was attributable to a common source, you would have a point.  Unfortunately, it is not as simple as you would like to believe.

Link to post
Share on other sites

13 minutes ago, gonzo said:

Unfortunately, it is not as simple as you would like to believe

Nobody said is simple, but really doesn't work.

What's the point of inducing a false sense of security with "machine learning"  (!!!!) , when in fact the technology used is immature , classifying something benign as "100% malicious"?????

Just continuing to add them to the "white list " will not solve the problem but will only perpetuate an illusion  ( mmm!  machine learning!!!)

Link to post
Share on other sites

  • Staff

If you have suggestions, please submit them. I am not privy to the topics that our researchers use, but signature-less technology is far better than creating bloat as other vendors have done. When it comes down to it, being able to classify a threat by its behavioral characteristics is far better than itemizing every possibility that could ever exist.  a file is a collection of bits.  Bits by themselves are harmless. It is what the bits do when activated that creates issues, and machine learning is all about proper identification of those characteristics.  It works AND it can work better, but complaining about anything less than perfection is of little value.

My final words...if you have suggestions, please submit them.  You, I, and all Malwarebytes users can benefit from good suggestions.

Link to post
Share on other sites

13 minutes ago, gonzo said:

It works AND it can work better, but complaining about anything less than perfection is of little value

If MBAM machine learning classifies something as 100% malicious when in fact it is not, how can you affirm that "it works"?????

100% wrong is not "less than perfection" , is A LOT less than perfection.

My suggestion: remove it from MBAM and continue working on the lab, test it 100 times and after that integrate  it into the program and try to sell it as "machine learning"

You remember "ThreatFire" ?  and Mamutu??? All of them at the time claimed to be the best in antiviruses since sliced bread , signature-less.

All of them failed.

Link to post
Share on other sites

  • Staff

My final words on this thread, since you enjoy this so much and we both probably have better things to do...

Nothing is 100%...period.  Perfection does not exist.  It is very easy to complain about when it is wrong, but people often pay no attention to the number of times it is right.  Do some analysis on your own computer over the next year or so, and find out how many times you are protected versus not, and how many times that is due to machine learning and anomalous protection.  It is 100%?  No.  It is better than you would like to think it is?  I think so.

Please study it for a year or so and report back in with your findings.

Link to post
Share on other sites

  • gonzo locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.