Heuristic Virus Definition

Antivirus programs employ heuristic analysis in order to find previously unknown computer viruses or to detect new variants of known viruses. Heuristic analysis is often performed by antivirus software by running the suspect program in a virtual machine (a separate operating system installation within the normal operating system), allowing the antivirus program to see what the suspect program will do in a controlled environment before allowing the program to run on the user’s actual computer. If the program performs any actions normally associated with malware, the antivirus will notify the user. This is also known as file emulation (also known as sandbox testing). Antivirus software can also decompile the suspected program and analyze the source code and see if it matches any known source code of known malware. Constantly changing computer viruses pose a challenge for heuristic analysis as its success depends on finding a balance between false positives and false negatives. Security professionals are improving heuristic analysis to limit the number of false positives, which can sometimes identify and quarantine non-threatening files. However, it is very valuable to keep track of known viruses and investigate possible new ones using similar, but slightly changed or mutated code (known as variants). The identification of new variants and their removal by using a single virus definition is known as generic detection.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>