Correct me if I'm wrong, but aren't Heuristics different to Behavioural?
As in similar, but a different kind.
Well not exactly let me try to explain.
BEHAVIORAL:
Behavioral detection methods within a antivirus program works like a police officer looking for odd behavior in a suspect. If you install an antivirus application that uses behavior detection and monitoring techniques, it watches your operating system, searching for suspicious events. For instance, if the antivirus program witnesses an attempt to change or modify a file or communicate over the Web, it may take action and warn you of the threat. It may also block the threat depending on how you adjust its security settings.
HEURISTIC:
Antivirus software that use heuristics are similar to signature-based detection programs. They seek to identify malware by examining the code in a virus program and analyzing the program's structure. A heuristic antivirus engine using this detection method might run a process that simulates actually running the code it’s examining. When it does that, the antivirus engine seeks to identify additional code logic that may help it determine if the suspected virus is really a threat, so if a code is 1000 characters long then heuristics looks in how far the code is identical to a known signature, and if this percentage is like 30% good vs 70% bad then the file is classed as a virus, however if the outcome is like: 49% good vs 51% bad then it does class it as suspicious.
Some known malware have parts within their source code that are identical to known legit files, remember that actions done by malware are very much the same actions as legit programs make. The difference is the reason why.
So by comparing codes and anticipate the holes within the scanned codes heuristic techniques can be very powerful.
CODE PATTERNS:
Because antivirus programs that use behavior detection look for suspicious behavior in a potential virus, they can identify threats that some heuristic antivirus programs may miss. Assume, for example, that a heuristic database contains a code pattern that consists of A-B-B-A. If a virus's creators modify their code so that the pattern changes to A-A-B-B, a heuristic antivirus app may not detect that modified version.
Also you should keep in mind that, A false positive occurs when an antivirus program informs you that a program is dangerous even though it is not. Malware detection using heuristic methods often increase the number of incidents of false positives. It can also take more time for heuristic antivirus programs to scan files than it does programs that use behavior detection. Many modern antivirus programs use both heuristics and behavioral methods to protect computers from malware.
That being said Heuristics and Behavioral techniques are pretty much the same, the difference is that Heuristics can predict and class malware where Behavioral deals with files that have a legit code but bad actions to put it in layman words.
And as such both need to work side by side in order to give a AV program its potency.
Specially the new generation of Heuristics based and Behavioral based engines and other new analyzing techniques will make a AV increasingly smarter, but yet with the exception of Symantec and Sophos there is not a single AV company out there that uses Next Gen technology within their mainstream packages.
And thus its save to say that next gen technology while its being advertised really will start making results in late 2014 begin 2015.
Anyway i hope this explains.
Cheers