system
4
Technical,
Normally, when a scanner searches a file for the presence of a virus, it looks for one or more signatures, unique byte sequences that are always present in that virus. This may be as simple as a text string or as complex as a code sequence. However, when a scanner uses heuristics, it also checks whether the program attempts to perform a potentially malicious activity, for example low-level disk writes, perhaps to overwrite the Master Book Record and destroy the computer’s ability to access the hard drive.
Heuristics allows a scanner to detect new viruses, and also some moldy oldies, whose signatures are not in its database, although it can’t identify them. There’s a downside though, an increase in false positive detections; a disk editor, to continue the example, might be reported as containing a virus even though it does not.
Regards,
Hornus