Having said that, it does pretty well, huh?. There are many more features than these that VoodooAi uses in the fingerprint, but for example, if all files were digitally signed and had DEP and ASLP enabled (basically good coding practices), then VoodooAi's job would be a lot easier. but the file is not digitally signed and DEP and ASLR were disabled, you would think it is malicious, right? Well, that is what VoodooAi has to contend with.
#Crystal security vs voodooshield software#
if there is a software utility that you downloaded, and you had no idea if it was malicious or benign, and there was no indication anywhere on the web whether a file was safe or not. There are many other features that VoodooAi looks at, but these are the best examples that I can provide. Then again, you cannot blame VoodooAi, if for example, the file is not digitally signed and DEP and ASLR are not enabled, or if the file was obfuscated with an obfuscator that a lot of malware authors use. Basically, some software utilities are compiled in such a way that they resemble that of malware more than they resemble benign software. Yeah, I looked at DNSJumper and VidCoder, and looking at the metadata (fingerprint / features of these files) I can EASILY see why VoodooAi would classify them as unsafe. I imagine in 6 months or so it will be super accurate.
And keep in mind, we will retrain the machine learning models here in a couple of months with all of the new, truly random samples, and it will be even more accurate. It is a lot more accurate than what you think it would be, huh? I mean, nothing is perfect, but man, it is doing pretty darn well, especially since it is so new.
0 kommentar(er)
