American security firm Cylance has refused to say whether stored malware samples that it used in a product demonstration in Melbourne were really malware as they were made out to be.
The company held the demonstration, under the name "Explore the cyber crime UNDRWRLD with Cylance" on 19 October but only replied on 8 November to iTWire's queries about whether the samples used were really malware.
The Melbourne demonstration was the last of a series in Australia and was held by Cylance product marketing manager Matt Stephenson and senior security technologist Richard Melick.
Practically all the attendees were IT workers from various companies. The writer was the lone journalist who attended, though others had apparently been invited but did not turn up.
{loadposition sam08}Held in a bar in the CBD, the demonstration was slick and ran smoothly for two hours, with the audience permitted to take advantage of an open bar.
Richard Melick and Matt Stephenson at Cylance's Melbourne demonstration.
During their talk, Stephenson and Melick made reference to an article in the US website Ars Technica which had pointed out that Cylance had used files that were not malware to prove the superiority of its product over others.
The two Cylance employees had one member of the Melbourne audience create a malware sample using SATAN, a malware-as-a-service site that was said to be located on the dark web.
iTWire queried the location of this site, asking: "...was the SATAN site that was accessed from an internal setup in the Cylance US office or was it from the dark web? Can I have the address (.onion) of the site?"
To this, Brian Robison, senior director of security technology, responded: "The SATAN site was accessed on VDI systems located in the United States. Unfortunately Cylance is unable to share the address of the site."
A second query submitted by iTWire was this: "...lots of stored malware was used in the demo. Ars Technica has raised this in an article which was cited by the Cylance guys themselves and asked how one can know whether all these are really malware samples."
Robison replied: "Cylance in the UWT demo actually invites audience members, who have no experience in creating malware, to create new malware, step by step on the spot in front of the audience, and this newly created malware is then tested in the demonstration."
But this one piece of malware was not the only one used in the Melbourne demo; in later stages, numerous samples of what were said to be malware were accessed on the Cylance servers in the US to test the company's product. The question referred to these samples as is obvious.
Robison offered a number of links for anyone who wanted to read more about anti-malware testing: 1, 2, 3, 4. He said the first was a direct response to the Ars Technica article.
iTWire also asked what proportion of the Australian market Cylance had at the moment and what it was aiming for. Robison again did not offer a direct answer, saying: "Cylance doesn't breakdown its market share in specific geographic regions, but what we can say is the company recently delivered a 283% year-over-year revenue growth." He offered a link which he said contained additional details.