Skip Navigation
BlackBerry Blog

Five Dirty Secrets of the Antivirus Industry

NEWS / 03.20.15 / Kris Harms

The antivirus industry is almost 30 years old at this point and in that time it's amassed quite a few skeletons in its proverbial closet. Unless you spend all day comparing hit rates, false positives (and negatives) or trying to get around the various detection technologies like we do, it's easy to miss the little white lies that AV tells the world.

1. Different Vendors DOESN'T Mean Different Detection

Think the antivirus (AV) software you bought from Company A is different from Company B? Think again! The industry is only made up of a few unique engines that are heavily licensed. AV Comparatives has an excellent breakdown of third party engines. Regardless of which AV you choose, there's a good chance you actually just bought Bitdefender. This licensing program also makes it that much easier for attackers to target and avoid AV.

At Cylance we built our own engine without using signatures, instead we leverage predictive mathematics – the same math that is disrupting a variety of other industries including marketing, insurance, finance, defense, manufacturing and medicine to name a few.

2. AV Actually INCREASED Pop-Ups

Traditional AV has been such a failure that they had to start bringing in the marketing guys to find a way to stay relevant in the eyes of the consumer. The solution: More pop-ups! That’s right, over the last few years, AV software has INCREASED the number of times it interrupts your day to let you know it's “working”. Working, of course, is a relative term. And “air quotes” could never be more appropriately applied.

At Cylance, we chose our name with purpose, so it should be obvious that we appreciate that security should be silent.

3. You Get What You Pay For

Have you ever turned down an option to renew your AV subscription only to be offered a deep discount seconds later? It should be no surprise that you get what you pay for. AV is so cheap, it might as well be free. In many cases, it is. Symantec has already claimed that traditional AV is dead but with compliance standards like PCI-DSS still requiring endpoint antimalware, you can’t drop AV just yet.

Cylance provides a PCI-DSS and Microsoft VIA certified next generation AV that stops tomorrow’s threats today. Enterprise customers should consider checking this out if your traditional AV subscription is up for renewel.

4. AV is Why Your PC is Slow and Your Battery Is Dead

Traditional AV companies take so much heat for hogging system resources, they will do anything to reduce the complaints, including hiding resource usage from computer users and even reducing the threat detection! In the playbook are tricks like paging memory to disk to hide memory usage, the invention of quick scans, and the worst offender of them all, on-access scanning. These tricks have hidden costs that cause instability, slowness, and decreased battery life.

Cylance took a generational leap away from this broken architecture. CylancePROTECT uses predictive mathematics, and obviating the need for daily updates. No daily updates, means no daily scans, and no dirty tricks. 

5. Detection Relies On Internet Access

Ever tested your traditional AV without the internet? You might be surprised to learn that all that virus knowledge isn’t actually jammed into that signature file you have to download every day to "stay up to date". Cloud lookups are a huge percentage of AV’s ability to detect things. And cloud-based lookups mean malware executes while the lookup occurs. This is also why one of the first things malware does to attack AV is stop AV from calling home. It’s partially to stop signature downloads, but it’s more effective at stopping detections the AV company has using the cloud.

The great part about a machine learning based solution is that our model file contains the entirety of what we know about malware distilled down into one convenient package. It’s a mini-brain. Offline or online, we are still killing malware all the same.


Regardless of the very scary and expensive "detect and respond" trend that is occurring in the industry, prevention is possible with CylancePROTECT. PROTECT is the next generation of antivirus with orders of magnitude increases in detection and orders of magnitude decreases in resource usage. Cylance is ushering in a mathematical revolution to the security industry, one math model at a time.

For more information and a demo of our unbelievable technology, check out one of our unbelievable tour dates or just email

Kris Harms
Sales Engineer and human

Kris Harms

About Kris Harms

Senior Technical Director at Cylance

Kris Harms is the Senior Technical Director at Cylance. Prior to Cylance, he was an Incident Responder at Mandiant Corporation, where he led high-profile investigations at Fortune 100 companies in financial services, hospitality and commerce sectors, and supported multiple counter-intelligence operations for several government entities.