Daxdi now accepts payments with Bitcoin

Cylance Smart Antivirus Review | Daxdi

Back when the concept of a computer virus was new, antivirus programs simply scanned files for known infections and fixed them if they could.

Malware types and techniques have evolved exponentially since then, as have techniques for fighting these new attacks.

Heuristic detection, behavioral analysis, sandboxing, and many other advanced features go into most modern antivirus programs.

And Cylance Smart Antivirus uses none of those familiar techniques.

Instead, this security software relies completely on artificial intelligence and machine learning to distinguish malware from legitimate programs.

Based on our hands-on tests and some commissioned lab tests, it seems to work.

Cylance has been around since 2012, but the company initially focused on business- and enterprise-level endpoint protection.

Cylance Smart Antivirus brings that same technology to consumers, and it's relatively inexpensive.

A single license costs $29 per year, whereas popular products like Bitdefender, Kaspersky, and Webroot go for $39.99.

Cylance's $69 household pack lets you install protection on five machines, Windows or macOS.

And for $99 you get the 10-device family pack.

If even that isn't enough licenses, you might consider McAfee; for $59.99 per year you can install McAfee AntiVirus Plus protection on all devices in your household, Windows, macOS, Android, or iOS.

Limited Independent Lab Testing

Cylance is a well-known name in business endpoint security, but this product is the company's first consumer-level product.

Since it's so new, the independent testing labs that I follow haven't had a chance to include it in their testing.

In addition, this product's unusual detection methodology makes it a bit hard to test.

None of the labs that I follow include even the business product in their regular reports.

The company did commission a test with AV-Test Institute that shows the product to be effective, but the other vendors involved objected to the methodology.

While SE Labs doesn't include Cylance in its ongoing tests, the company did commission a one-off test designed to showcase its predictive detection abilities.

Researchers installed a version of Cylance from three years ago and didn't permit any updates.

They challenged it with "very impactful threats" discovered since the freeze, threats including WannaCry, BadRabbit, and Petya.

By choosing multiple strains of each malware family, released at different times, they devised a Predictive Advanced metric—in effect, the number of months in the future that Cylance's AI system still proved effective.

The report itself goes into plenty of detail.

The main takeaway is that on average, Cylance managed to detect threats released two years after the machine-learning model's creation.

In the real world, Cylance updates the model periodically, but even without updates, it worked well.

NSS Labs is a bit different from the labs that I follow regularly.

Fortune 500 companies pay for the testing, to help them make important security purchase decisions.

Since the products under test are enterprise-level endpoint protection solutions, they're not in my usual coverage area.

Still, it's worth noting that Cylance did well in the latest Advanced Endpoint Protection test.

Or rather, the retest; a glitch during the initial test drove down its score.

Out of 20 products, NSS Labs recommended Cylance and 10 others as having both effective protection and good pricing.

The report identified another four products as having effective protection but a higher cost.

None of these lab reports apply directly to Cylance Smart Antivirus, and the labs clearly state that their results apply only to the precise product tested.

Still, it's good to see reports that Cylance's AI-based protection does work.

But I'd be even happier with top scores from all the labs I follow, scores like Bitdefender and Kaspersky Anti-Virus routinely achieve.

Getting Started With Cylance

As with many products, you manage your Cylance account online, starting by registering your purchase.

Log in to your account on a PC or Mac to download and run the appropriate installer.

The site supplies an installation token that activates the product and associates it with your account.

That's it.

There's no lengthy initial signature update like you encounter with F-Secure and some other competitors, because there are no signatures.

You don't have to make any configuration tweaks, because there aren't any settings to speak of.

In addition to installing the product on your own devices, you can send an email with a download link and installation token to anyone you like—perhaps a parent or another relative.

The product doesn't have a main window, as such.

By clicking its notification area icon, you can view its list of events, and a separate list of threats.

In my testing, I saw plenty of events, but nothing in the threats list.

Machine-Learning Malware Protection

With no direct lab results to report, my hands-on malware protection testing becomes especially important.

With many products, this test starts the moment I open the folder containing my collection of malware samples.

The minimal file access that occurs when Windows Explorer displays a file's information is enough to trigger many real-time scans.

Cylance doesn't bother with scanning static files; it only takes notice when a file is about to launch.

That being the case, I just went down the list launching one sample after another, reverting to a clean virtual machine state every so often.

In almost every case, the samples failed to launch.

Windows displayed an error message, the file vanished, and a new line appeared in Cylance's Events list, reporting that it quarantined a threat.

If I didn't have the events list open, all I saw was the Windows error message.

My company contact was surprised, as Cylance is supposed to pop up a notification when it detects a threat, and when it moves the threat to quarantine.

I verified that the menu option titled Show notifications was turned on, but I still saw no notifications.

I did supply Cylance's technicians with advanced logs, but they couldn't find a reason for the missing popups, and couldn't duplicate my experience.

Since the product did the job, quarantining malware, and logged its activities, the lack of the pop-up notifications isn't such a big deal, however.

The only samples Cylance missed in my testing were the type that some companies call potentially unwanted applications, or PUAs.

A PUA isn't as actively malicious as a ransomware attack, or a data-stealing Trojan, but most people don't want them around.

Apparently, these didn't match the Cylance AI's definition of malware closely enough.

It still matched the top score among products tested with my current malware collection.

Cylance and F-Secure Anti-Virus are tied with 9.3 of 10 possible points.

It's worth noting that Norton and Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot) both achieved a perfect 10 in this test when challenged with my previous collection of samples.

Results aren't directly comparable, since the samples are different, but 10 points is impressive nonetheless.

Malware Protection Results Chart

When testing antivirus products that use statistical or behavioral detection techniques, I'm wary of the possibility that they may quarantine a file just because it resides in a folder with other bad files.

One way I cut down on that worry is to revert the virtual machine frequently during testing.

I also mix 20 old Daxdi utilities in with the malware samples.

Cylance correctly kept its mitts off those legitimate utilities; it exhibited no false positives.

My sample collections remain static for quite a while, which lets me make direct comparisons of how different products handle them.

For another measure of a product's capabilities, I use a feed of the very latest online malware, typically detected no more than a day earlier by MRG-Effitas.

I launch each malware-hosting URL and note whether the antivirus prevents all access to the URL, eliminates the malware after download, or sits idly by without taking any action.

Cylance does not attempt to keep the browser away from malware-hosting URLs.

My contact explained that "the bad guys can quickly change URLs and IP addresses, forcing web blocking technologies to chase after constantly moving targets." However, Cylance does check all downloads, and I give equal credit for either kind of protection.

I did find that Cylance's background examination of downloads ran a bit behind my typical testing.

I would frequently launch a URL, observe the completed download, and move to the next URL… only to see the earlier download arrive in quarantine a few minutes later later.

Even with the test nominally complete at 100 valid URLs, I had to wait a bit for the last few quarantine actions.

That detection delay isn't in any way a problem.

I verified that if I tried to launch the downloaded malware, Cylance quarantined it immediately, just as it did in my static malware protection test.

In all, it eliminated 89 percent of the samples.

As with my other test, the missed items were ones that other products would classify as PUAs rather than virulent malware.

Even so, other products have done a lot better.

Symantec Norton AntiVirus Basic achieved 98 percent protection in this test, and Trend Micro came in at 97 percent.

Trend Micro handled most of the test items by blocking all access to the URL, while Norton eliminated the majority during the download phase.

See How We Test Security Software

What Cylance Doesn't Do

As noted, Cylance doesn't attempt to identify malware-hosting websites, instead relying on its AI to identify and block the actual malware, no matter where it came from.

That makes sense.

But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.

Yes, modern browsers include detection of these frauds, but the best antivirus utilities perform significantly better than the browsers in my hands-on phishing defense test.

Check Point ZoneAlarm PRO Antivirus + Firewall($39.95 at ZoneAlarm) presently tops the list, averaging 52 percent better detection than Chrome, Firefox, and Internet Explorer.

Bitdefender is close behind at 49 percent.

It's true that phishing frauds are not malware in any way.

But taking the bait can have serious consequences, so the best antivirus products steer users away from these sites.

In testing, Cylance killed off all my ransomware samples, and in theory it should do the same to any brand-new programs that look and act like ransomware.

But some competing products add components specifically designed for ransomware protection, to minimize damage even if the detection system misses an attack.

Bitdefender, Trend Micro Antivirus+ Security, and a few others all include a component that stops unauthorized programs from modifying any files in the Documents folder and other protected folders.

Legitimate apps like word processors and image editors get a pass, but for unknown programs, it's hands off.

Panda Internet Security goes even further, preventing even read-only access to protected folders.

Would Cylance consider a program that peeks at your through your webcam to be malware? I'm not sure, and I don't have a sample of such a program to test with.

Bitdefender, Kaspersky, and a few others offer spyware protection.

Specifically, they limit use of the webcam to authorized programs.

You can argue that security layers like ransomware mitigation, spyware protection, and the bank transaction protection found in Bitdefender Antivirus Plus and Kaspersky are irrelevant if the antivirus successfully eliminates all malware.

However, that's a big if.

I'd like to think that Cylance can do just what it says, but without more independent lab results I wouldn't bet my data on it.

Does the Job

While the antivirus labs haven't made Cylance Smart Antivirus part of their regular testing regimen, one-off tests have shown that the AI-based predictive detection technology really does work.

In our own hands-on testing, Cylance caught all the worst malware samples, only missing some less-risky ones.

It's extraordinarily simple to use, with no settings and no worries about frequent updates.

But it lacks those just-in-case layers of protection that other products use to deal with the possibility of malware getting past the initial scan.

It's a good first effort at a consumer product, and we anticipate seeing it grow (and get more lab results).

Go with Cylance if you want to be part of the cutting-edge AI revolution.

But keep in mind that we've scoured the vast field of antivirus utilities and identified some that deserve special notice.

Bitdefender Antivirus Plus and Kaspersky Anti-Virus routinely earn top scores from the independent labs and offer a wealth of useful security bonus features.

Symantec Norton AntiVirus Basic also scores well and includes protection against exploit attacks, something you won't get with Cylance.

Webroot SecureAnywhere AntiVirus, like Cylance, doesn't jibe with some testing regimens, but its journal-and-rollback handling of unknown threats is effective, and it's the smallest antivirus you'll find.

Finally, if you need to protect a ton of devices, a single McAfee AntiVirus Plus subscription offers licenses for every device in your household.

At present, these are our Editors' Choice antivirus products.

Pros

  • Easy installation, no configuration.

  • Good scores in our tests.

Cons

  • Not included in regular independent lab tests.

  • No protection against fraudulent or malicious URLs.

  • Lacks additional protection layers found in many competitors.

The Bottom Line

Commissioned lab tests and our own tests show that the machine-learning detection engine in Cylance Smart Antivirus really can identify malware, but it lacks the full range of protection features found in many competitors.

Back when the concept of a computer virus was new, antivirus programs simply scanned files for known infections and fixed them if they could.

Malware types and techniques have evolved exponentially since then, as have techniques for fighting these new attacks.

Heuristic detection, behavioral analysis, sandboxing, and many other advanced features go into most modern antivirus programs.

And Cylance Smart Antivirus uses none of those familiar techniques.

Instead, this security software relies completely on artificial intelligence and machine learning to distinguish malware from legitimate programs.

Based on our hands-on tests and some commissioned lab tests, it seems to work.

Cylance has been around since 2012, but the company initially focused on business- and enterprise-level endpoint protection.

Cylance Smart Antivirus brings that same technology to consumers, and it's relatively inexpensive.

A single license costs $29 per year, whereas popular products like Bitdefender, Kaspersky, and Webroot go for $39.99.

Cylance's $69 household pack lets you install protection on five machines, Windows or macOS.

And for $99 you get the 10-device family pack.

If even that isn't enough licenses, you might consider McAfee; for $59.99 per year you can install McAfee AntiVirus Plus protection on all devices in your household, Windows, macOS, Android, or iOS.

Limited Independent Lab Testing

Cylance is a well-known name in business endpoint security, but this product is the company's first consumer-level product.

Since it's so new, the independent testing labs that I follow haven't had a chance to include it in their testing.

In addition, this product's unusual detection methodology makes it a bit hard to test.

None of the labs that I follow include even the business product in their regular reports.

The company did commission a test with AV-Test Institute that shows the product to be effective, but the other vendors involved objected to the methodology.

While SE Labs doesn't include Cylance in its ongoing tests, the company did commission a one-off test designed to showcase its predictive detection abilities.

Researchers installed a version of Cylance from three years ago and didn't permit any updates.

They challenged it with "very impactful threats" discovered since the freeze, threats including WannaCry, BadRabbit, and Petya.

By choosing multiple strains of each malware family, released at different times, they devised a Predictive Advanced metric—in effect, the number of months in the future that Cylance's AI system still proved effective.

The report itself goes into plenty of detail.

The main takeaway is that on average, Cylance managed to detect threats released two years after the machine-learning model's creation.

In the real world, Cylance updates the model periodically, but even without updates, it worked well.

NSS Labs is a bit different from the labs that I follow regularly.

Fortune 500 companies pay for the testing, to help them make important security purchase decisions.

Since the products under test are enterprise-level endpoint protection solutions, they're not in my usual coverage area.

Still, it's worth noting that Cylance did well in the latest Advanced Endpoint Protection test.

Or rather, the retest; a glitch during the initial test drove down its score.

Out of 20 products, NSS Labs recommended Cylance and 10 others as having both effective protection and good pricing.

The report identified another four products as having effective protection but a higher cost.

None of these lab reports apply directly to Cylance Smart Antivirus, and the labs clearly state that their results apply only to the precise product tested.

Still, it's good to see reports that Cylance's AI-based protection does work.

But I'd be even happier with top scores from all the labs I follow, scores like Bitdefender and Kaspersky Anti-Virus routinely achieve.

Getting Started With Cylance

As with many products, you manage your Cylance account online, starting by registering your purchase.

Log in to your account on a PC or Mac to download and run the appropriate installer.

The site supplies an installation token that activates the product and associates it with your account.

That's it.

There's no lengthy initial signature update like you encounter with F-Secure and some other competitors, because there are no signatures.

You don't have to make any configuration tweaks, because there aren't any settings to speak of.

In addition to installing the product on your own devices, you can send an email with a download link and installation token to anyone you like—perhaps a parent or another relative.

The product doesn't have a main window, as such.

By clicking its notification area icon, you can view its list of events, and a separate list of threats.

In my testing, I saw plenty of events, but nothing in the threats list.

Machine-Learning Malware Protection

With no direct lab results to report, my hands-on malware protection testing becomes especially important.

With many products, this test starts the moment I open the folder containing my collection of malware samples.

The minimal file access that occurs when Windows Explorer displays a file's information is enough to trigger many real-time scans.

Cylance doesn't bother with scanning static files; it only takes notice when a file is about to launch.

That being the case, I just went down the list launching one sample after another, reverting to a clean virtual machine state every so often.

In almost every case, the samples failed to launch.

Windows displayed an error message, the file vanished, and a new line appeared in Cylance's Events list, reporting that it quarantined a threat.

If I didn't have the events list open, all I saw was the Windows error message.

My company contact was surprised, as Cylance is supposed to pop up a notification when it detects a threat, and when it moves the threat to quarantine.

I verified that the menu option titled Show notifications was turned on, but I still saw no notifications.

I did supply Cylance's technicians with advanced logs, but they couldn't find a reason for the missing popups, and couldn't duplicate my experience.

Since the product did the job, quarantining malware, and logged its activities, the lack of the pop-up notifications isn't such a big deal, however.

The only samples Cylance missed in my testing were the type that some companies call potentially unwanted applications, or PUAs.

A PUA isn't as actively malicious as a ransomware attack, or a data-stealing Trojan, but most people don't want them around.

Apparently, these didn't match the Cylance AI's definition of malware closely enough.

It still matched the top score among products tested with my current malware collection.

Cylance and F-Secure Anti-Virus are tied with 9.3 of 10 possible points.

It's worth noting that Norton and Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot) both achieved a perfect 10 in this test when challenged with my previous collection of samples.

Results aren't directly comparable, since the samples are different, but 10 points is impressive nonetheless.

Malware Protection Results Chart

When testing antivirus products that use statistical or behavioral detection techniques, I'm wary of the possibility that they may quarantine a file just because it resides in a folder with other bad files.

One way I cut down on that worry is to revert the virtual machine frequently during testing.

I also mix 20 old Daxdi utilities in with the malware samples.

Cylance correctly kept its mitts off those legitimate utilities; it exhibited no false positives.

My sample collections remain static for quite a while, which lets me make direct comparisons of how different products handle them.

For another measure of a product's capabilities, I use a feed of the very latest online malware, typically detected no more than a day earlier by MRG-Effitas.

I launch each malware-hosting URL and note whether the antivirus prevents all access to the URL, eliminates the malware after download, or sits idly by without taking any action.

Cylance does not attempt to keep the browser away from malware-hosting URLs.

My contact explained that "the bad guys can quickly change URLs and IP addresses, forcing web blocking technologies to chase after constantly moving targets." However, Cylance does check all downloads, and I give equal credit for either kind of protection.

I did find that Cylance's background examination of downloads ran a bit behind my typical testing.

I would frequently launch a URL, observe the completed download, and move to the next URL… only to see the earlier download arrive in quarantine a few minutes later later.

Even with the test nominally complete at 100 valid URLs, I had to wait a bit for the last few quarantine actions.

That detection delay isn't in any way a problem.

I verified that if I tried to launch the downloaded malware, Cylance quarantined it immediately, just as it did in my static malware protection test.

In all, it eliminated 89 percent of the samples.

As with my other test, the missed items were ones that other products would classify as PUAs rather than virulent malware.

Even so, other products have done a lot better.

Symantec Norton AntiVirus Basic achieved 98 percent protection in this test, and Trend Micro came in at 97 percent.

Trend Micro handled most of the test items by blocking all access to the URL, while Norton eliminated the majority during the download phase.

See How We Test Security Software

What Cylance Doesn't Do

As noted, Cylance doesn't attempt to identify malware-hosting websites, instead relying on its AI to identify and block the actual malware, no matter where it came from.

That makes sense.

But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.

Yes, modern browsers include detection of these frauds, but the best antivirus utilities perform significantly better than the browsers in my hands-on phishing defense test.

Check Point ZoneAlarm PRO Antivirus + Firewall($39.95 at ZoneAlarm) presently tops the list, averaging 52 percent better detection than Chrome, Firefox, and Internet Explorer.

Bitdefender is close behind at 49 percent.

It's true that phishing frauds are not malware in any way.

But taking the bait can have serious consequences, so the best antivirus products steer users away from these sites.

In testing, Cylance killed off all my ransomware samples, and in theory it should do the same to any brand-new programs that look and act like ransomware.

But some competing products add components specifically designed for ransomware protection, to minimize damage even if the detection system misses an attack.

Bitdefender, Trend Micro Antivirus+ Security, and a few others all include a component that stops unauthorized programs from modifying any files in the Documents folder and other protected folders.

Legitimate apps like word processors and image editors get a pass, but for unknown programs, it's hands off.

Panda Internet Security goes even further, preventing even read-only access to protected folders.

Would Cylance consider a program that peeks at your through your webcam to be malware? I'm not sure, and I don't have a sample of such a program to test with.

Bitdefender, Kaspersky, and a few others offer spyware protection.

Specifically, they limit use of the webcam to authorized programs.

You can argue that security layers like ransomware mitigation, spyware protection, and the bank transaction protection found in Bitdefender Antivirus Plus and Kaspersky are irrelevant if the antivirus successfully eliminates all malware.

However, that's a big if.

I'd like to think that Cylance can do just what it says, but without more independent lab results I wouldn't bet my data on it.

Does the Job

While the antivirus labs haven't made Cylance Smart Antivirus part of their regular testing regimen, one-off tests have shown that the AI-based predictive detection technology really does work.

In our own hands-on testing, Cylance caught all the worst malware samples, only missing some less-risky ones.

It's extraordinarily simple to use, with no settings and no worries about frequent updates.

But it lacks those just-in-case layers of protection that other products use to deal with the possibility of malware getting past the initial scan.

It's a good first effort at a consumer product, and we anticipate seeing it grow (and get more lab results).

Go with Cylance if you want to be part of the cutting-edge AI revolution.

But keep in mind that we've scoured the vast field of antivirus utilities and identified some that deserve special notice.

Bitdefender Antivirus Plus and Kaspersky Anti-Virus routinely earn top scores from the independent labs and offer a wealth of useful security bonus features.

Symantec Norton AntiVirus Basic also scores well and includes protection against exploit attacks, something you won't get with Cylance.

Webroot SecureAnywhere AntiVirus, like Cylance, doesn't jibe with some testing regimens, but its journal-and-rollback handling of unknown threats is effective, and it's the smallest antivirus you'll find.

Finally, if you need to protect a ton of devices, a single McAfee AntiVirus Plus subscription offers licenses for every device in your household.

At present, these are our Editors' Choice antivirus products.

Pros

  • Easy installation, no configuration.

  • Good scores in our tests.

Cons

  • Not included in regular independent lab tests.

  • No protection against fraudulent or malicious URLs.

  • Lacks additional protection layers found in many competitors.

The Bottom Line

Commissioned lab tests and our own tests show that the machine-learning detection engine in Cylance Smart Antivirus really can identify malware, but it lacks the full range of protection features found in many competitors.

PakaPuka

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue