Heuristics

Avast Free Antivirus / Premium Security
21

Beating any heuristics engine currently on the market is actually much easier than you might thing…
Fortunately for the planet, most of today’s malware writers are not very good programmers. :slight_smile:

22

Ok,so if there won’t be any heuristics,please think about this:
http://forum.avast.com/index.php?topic=13091.0

23

But if you can programm better than the virus makers then, why don’t you provide avast! with an even better shield of heuristics?
If we won’t have Heuristics, the virus samples must be faster analysed to have avast! at the same level of other antivirus programs.
Well, we realise you’re on USA :wink:

24

What I meant is that heuristics is by design weak in the sense that virus authors can freely test their code and tweak it in the way it slips thru, and that such a tweaking is very easy. That is, a CONTRARY of what Technical is suggesting - i.e. that building a reliable heuristics engine is easy. :wink: :slight_smile:

25

Trust me,no one will tweak viriis against avast! for few more years,so take advantage of this when you can. avast! detection rates are good,but not excellent.

26

We all realise thats its better to remove a virus asap. If you take a virus today lets say, that avast cannot recognize it, then in two days that the virus definitions are issued, you will be already in a big trouble…
here you realise the need of heuristics… Its better removing a potential virus and have false positives instead of detecting nothing

27

I was not suggesting this or being ironic.
I - the same as you - want avast! better and the Heuristic won’t make it worse than now.
Elsewhere I suggested a beta update of the VPS (like we have into SpyBot). This way, only the beta testers will update the very new signatures, avoiding a huge number of false positives.
Like RejZor said, avast! detection rates are good,but not excellent. :slight_smile:

28

I found this on Wilders…

Scan performed at: 29/04/2005 10:49:13
Scanning Log
NOD32 version 1.1083 (20050429) NT
Operating memory - probably unknown NewHeur_PE virus [7]

date: 29.4.2005 time: 10:50:07
Scanned disks, directories and files: C:
C:\pagefile.sys - error opening (file locked) [4]
C:\Documents and Settings\All Users\Application Data\mp3intrahelpsupport\bibblue.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\All Users\Application Data\mp3intrahelpsupport\Glue Web.exe - probably unknown NewHeur_PE virus [7]

C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\axsdoqdk.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\ewwnqxzy.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\Global Wipe Base.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\jcoxyzjq.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\qqdqjohm.exe - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\Nicholas\Application Data\BinBatDoes\saaqaawy.exe - probably unknown NewHeur_PE virus [7]

number of scanned files: 3827
number of viruses found: 103
time of completion: 10:51:34 total scanning time: 87 sec (00:01:27)

Notes:
[4] File cannot be open. It is being exclusively used by another application or operating system.
[7] File is probably infected with an unknown virus. Please send it to sample@nod32.com

Lots of heuristic detections? According to filenamings they are not false positives.
I’m talking about such situations.