How does heuristics work?

As the subject. Anyone knows exactly how a deep heuristics scan works?

Regards.

I doubt anyone other than the avast developers know that and I also doubt they would divulge commercially sensitive information.

See this for general info on Heuristics, http://en.wikipedia.org/wiki/Heuristic.

What I meant I just want to know what it is and basically some short info about it, how good is it? etc. Thanks for that link but they describe it very badly! :frowning:

That’s the problem Heuristics isn’t a standard thing as there are many different things that could fall under the category of heuristics.

avast doesn’t actually say it has heuristics, aside from standard signatures it uses generic and algorithmic signatures to try and detect multiple variants of malware and obviously some that new and aren’t detected by the standard signatures. The avast anti-rootkit scan also uses heuristic methods to detect what might otherwise not be detected by normal scans.

But how can you quantify how effective they are or how they even work when we don’t know the rules that govern the methods. We can check out sites like av-comparatives or similar antivirus tests, various reviews, etc. and we can also look at our own personal experience. For me that is 6 years and no infections.

From http://www.avast.com/free-antivirus-download#tab2

NEW Heuristics engine

Starting with version 5.0, avast! features a new heuristics engine designed to proactively detect malware undetectable with normal definitions. The heuristics engine is able to cover both binary (executable) and script malware.

go security focus"i will not put the link coz if you want to learn you should learn how to learn

Heuristics would be quite synonymous to an “intelligent guessing”. A heuristic method can accomplish its task by utilizing search trees. However, instead of generating all possible solution branches, a heuristic selects branches more likely to produce outcomes than other branches. It is selective at each decision point; picking branches that are more likely to produce solutions.

http://sites.google.com/site/appinventor/_/rsrc/1253206729604/conditional-blocks/Picture%2014.png

Though as stated, heuristics is a guess after all so it may fail to accurately determine a file’s harmlessness.