In the world of antivirus, you’re probably hearing a lot of people ranting on about “Machine Learning” and how it’s a good thing, or maybe a bad thing, possibly an old thing or definitely a new thing. But what is Machine Learning and should you really care?
What is Machine Learning?
Machine Learning may be defined as a subfield of computer science that “gives computers the ability to learn without being explicitly programmed”. Essentially, computer programmes can continually improve their own ability and get “smarter”. Just like a child spends time playing with shapes and learning what blocks fit into what holes, ML helps software, such as data analytics to see patterns, understand what they mean and then make that useful in the real world. In fields with vast amounts of data, such as medicine or IT, ML allows problems to be solved much faster than if humans were solely relied upon.
The world of antivirus has recently been turned on its head by Cylance, the provider of a Next-Generation anti-malware software that utilises Machine Learning in part of its product. Other new AV vendors have emerged, but no one has seen the explosive growth, funding and quality of Cylance.
Of course, traditional antivirus vendors were not pleased. Accordingly, their marketing departments all fell head first into the “Three Stages of Machine Learning Grief”™.
- Proclaim that ML is useless and doesn’t work.
- Admit the ML is slightly useful, but it’s an old technology that they’ve always had in their products. And because their existing products are so good (100% in many test reports) they certainly don’t need any more ML.
- Announce their new ML focused product that includes significant enhancements over their previous products. (I assume they will again score 100% in tests, but in a much better way??
So if you look around the AV industry right now, you’ll see vendors in different stages of ML grief. Interestingly, one right now is still replaying its old marketing posts on social media, from both stages 1 and 3. So one minute you’ll see them say how ML is stupid, but then the next minute say how ML is a superb feature in their latest version.
What’s the Reality?
It’s pretty obvious how important Machine Learning is to security. Trying to solve vast data problems that grow exponentially requires automated intelligent solutions that scale beyond adding another engineer behind a computer screen. All the vendors are starting to admit this.
But Machine Learning isn’t just a tickbox feature. It’s a whole system of people, process and technology that scales from one technician and a PC, to whole organisations and truck loads of computing power. Stating that two products are equal because they both use Machine Learning is like comparing a goldfish to Stephen Hawking. They’ve both got brains right? They both learn right?
In antivirus land we’re seeing countless vendors claim they’re now overnight experts in ML to counter the claims of Cylance, a company that was built from the ground up on ML, and leads the industry in its investment in ML data scientists, software and computing resources. As a general rule, if an antivirus company is big enough to cause an Amazon AWS brown-out from the intensity of its Machine Learning, you know you’re onto a winner.
Machine Learning in Antivirus Detection
Any vendor marketing department can give you stats and mathematical white papers on why their ML is the best. But in the real world that doesn’t mean much until you see how well it blocks malware. For that reason I recommend people test for themselves. If you’d like to test out just the ML component only, you should be able to disable all other features in your product, drop a huge quantity of malware into a directory and then let your AV product statically scan it whilst the malware sits dormant. For more testing guides and loads of fresh malware, have a look at our free website TestMyAV.com.
So next time you see another AV vendor jump on the ML bandwagon, be sceptical of how well they’re really doing it, and then test for yourself.