Subscribe by Email

Friday, March 5, 2010

Antivirus Software - Heuristic Analysis

Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild. Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods.

The common heuristic/behavioral scanning techniques :
- File Emulation : It allows the file to run in a controlled virtual system (or “sandbox”) to see what it does.
- File Analysis : It involves the software taking an in-depth look at the file and trying to determine its intent, destination, and purpose. Perhaps the file has instructions to delete certain files, and should be considered a virus.

The effectiveness using heuristic analysis is fairly low regarding accuracy and the number of false positives.This sort of scanning and analysis can take some time, which may slow-down system performance.
False positives are when the anti-virus software determines a file is malicious (and quarantines or deletes it) when in reality it is perfectly fine and/or desired.

Extensive use of heuristic analysis is also made in anti-spam solutions, to highlight those characteristics of an e-mail message that are spam-like.

No comments:

Facebook activity