Heuristics

I know heuristics have been discussed in the past but here is an interesting feature from the BBC News site regarding the amount of new viruses lately. (Just look at how often avast has been updated recently)

http://news.bbc.co.uk/1/hi/technology/4080420.stm

The article states that heuristics are:

"Also necessary were programs that use general rules, called heuristics, to spot unknown variants that resemble known viruses.

“Heuristics are essential, otherwise it’s just not going to work,” he said."

Is this an over exageration? Does avast without heuristics compare with an av with heuristics as long as it is kept updated?

Probably not…

Some users (and technicians) say ‘yes’… some others think it would be better avast! has heuristic analysis like NOD32 for instance.

I say we have a fair amount of updates, heuristic makes your scanner run slower but on the other hand, it does detect some unknown threats to users to find and send to the company. :slight_smile:

Heuristics are not slower. From worse to best ones and i never experienced slowdown due to heuristics. I always used Max possible heuristics level and everything ran perfectly smooth.
But world is strange place… AntiVir uses heuristics,but it doesn’t have Quarantine (like chest in avast!),while avast! has the quarantine,but lacks heuristics.
Well quarantine is usually the primary place to store new malware or possible false positives generated by heuristics.
Heuristics will generate false positives in the begining,but when you fine tune them, they should perform much better. And if avast! manages to someday update heuristics along VPS instead when program update is available it should kick ass.
But Alwil guys seem to hesitate with heuristics somehow… :-\

The article isn’t very clear. I think they’re saying the heuristics are best applied at ISP level.

I would probably agree with that.

I hate ISP level stuff. You have no control over it and can mess stuff you’re working with. It’s especially dumb in case of false positives (let them be heuristics or signature based FPs) where you’re left on cold foer any kind of possible exclusions…

My cousin is has a firewall on ISP level and this is the greatst shit i have ever seen.
So as long as ISP is not using such crap i’ll be fine. ISP email scanning is fine,but other should be left to user itself imo.

I hope that the v5.0 will be the begining of the heuristics in avast!..

Sorry RejZoR but I cannot agree with almost anything you said above…

And i also cannot agree with you by denying heuristics. They might be marketing “trick” for you, but i see them as potential detection increase and ability to catch even limited range of malware before signatures are released (outbreaks).
I’d even go with better generic detection, but there is no one or another.
Working only with signatures in these days can work only with Kaspersky policy of updating imo.

I am not, in any way, refusing heuristics (there may be others that do, but I definitely don’t).
That said, I still think that the things you said in Reply #3 are not true.

Which part exactly? The quarantine place? Heuristics fine-tunning? VPS updating? Performance impact by heuristics?

Quarantine was mainly a joke (they lack opposite things)).
Fine-tunning should apply yes,but you already seem to have lots of FPs with just signatures. I haven’t seen any perfromance impact by any heuristics (AntiVir,AVG,NOD32,ArcaVir etc… all at max possible).