Feb 25, 2015

What is heuristic scanning?

Most antivirus software performs heuristic scanning as part of a system scan. How does this scanning differ from “normal” scanning?
In the AVG heuristic analysis, the core is the emulator of the Intel processor instructions. It is a kind of "virtual computer" allowing you to "run" a program or a system operation, such as booting the operating system from the boot sector or from the hard disk MBR.
According to Kaspersky, "...in the anti-virus industry, the term “heuristics” (a noun) is invariably used to describe a specific type of virus detection technology. Specifically, heuristics is a term coined by anti-virus researchers to describe an anti-virus program that detects viruses by analyzing the program’s structure, its behavior, and other attributes instead of looking for signatures."

Symantic has a good white paper on Understanding Heuristics, but at least on my laptop, the font is nearly illegible. Still, you might want to take a look at it. http://www.symantec.com/avcenter/reference/heuristc.pdf
Heuristic analysis

"Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".[1]

Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs from statistical analysis, which bases itself on the available data/statistics."
Answer this