- Nov 15, 2012
- 1,765
Heuristics - Mean
- Thread starter MrExplorer
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Heuristics are algorithms used by the AV engine to detect malicious files when the AV doesn't have a signature for that particular malware. It will examine characteristics of the file and flag it if it deems it malicious. Since the AV is not detecting the file using signatures, this method creates false positives.
Heuristics are important because AV vendors simply can't keep up making signatures for all the malware out there. Therefore, it resorts to heuristics to catch malware not in the signature database.
Heuristics are important because AV vendors simply can't keep up making signatures for all the malware out there. Therefore, it resorts to heuristics to catch malware not in the signature database.
to compare with real life (malware = criminal)
Signature = the police have the ID of a criminal (name & photo)
Heuristic = the clues that say to the police that this guy look like a criminal (but he may not be one, so: false accusation = False Positive)
Signature = the police have the ID of a criminal (name & photo)
Heuristic = the clues that say to the police that this guy look like a criminal (but he may not be one, so: false accusation = False Positive)
Also heuristics can miss many things that's why vendors try to developp new techs ... Cloud based analysis etc etc ... Sandbox ...
House_maniac
Level 1
- Sep 21, 2011
- 426
you seriously don't know what you are talking the only downside of heuristics is that you may get some false positive sometime! and like umbra said all av have heuristics because signature can't cover all viruses mainly new!DeadDrop said:
Littlebits
Retired Staff
- May 3, 2011
- 3,893
Fiery said:
I would like to add, the most common way AV vendors try to limit the false positives in their heuristics is to use file digital signatures. For example if a file is digitally signed by Microsoft, it is allowed even though maybe suspicious. Some AV's have setting where you can change the heuristics configuration to ignore digital file signatures which will create a bunch of false positives, or it sometimes it call aggressive heuristics mode.
Since it is extremely rare that digital file signatures are altered or fake, most of the time it is best to leave the setting on default. Unless you are paranoid and like a lot of false positives. It really doesn't help the detection of real malware by using aggressive heuristics (ignore digital file signatures). Of coarse Windows own protection will warm you about running files or programs that don't have a digital signature. Then if you have UAC enabled you will get a second warning. The third time if you AV doesn't detect the malware after two warnings then you are out.
Enjoy!!
- Dec 27, 2012
- 621
- Nov 15, 2012
- 1,765
- Nov 15, 2012
- 1,765
- Nov 15, 2012
- 1,765
MrExplorer said:
seriously?!
AV + FW + BB + HIPS + Cloud + Kiosk + Full Sandbox + File Rating + Killswitch + Autorun + CCE...? not enough features for you
- Nov 15, 2012
- 1,765
Umbra Corp. said:MrExplorer said:
seriously?!
AV + FW + BB + HIPS + Cloud + Kiosk + Full Sandbox + File Rating + Killswitch + Autorun + CCE...? not enough features for you
It Does not have Protection against Email & WebProtection etc.
Web Protection & Email protection are gadget feature.
When you go in an infected website or got an infected email, the malware is blocked right away when it is in the memory by the AV.
By using a secured DNS or a patched Hosts file you avoid the need of a Web Filter.
an Email is not malicious by itself, just the joined files sent with it; any AV will block it.
When you go in an infected website or got an infected email, the malware is blocked right away when it is in the memory by the AV.
By using a secured DNS or a patched Hosts file you avoid the need of a Web Filter.
an Email is not malicious by itself, just the joined files sent with it; any AV will block it.
- Nov 15, 2012
- 1,765
