Heuristics

Malware detection method using rules and pattern-matching

Heuristics is a term that refers to any method of detecting unknown malware using systems of rules and patterns. Most anti-malware products use some form of heuristics to supplement signature-based detection, improving detection and efficiency.

Malware that is not detected exactly using signatures may be compared to a set of rules which determine if a file meets any suspicious criteria. Use of certain coding techniques, behaviours or even phrases may be considered suspicious, and a combination of suspicions may be enough to alert on a file.

Some products allow considerable fine-tuning of the 'paranoia' level of their heuristics, particularly in server or mail gateway products which can safely allow suspect items to be blocked for some time pending further analysis.

Glossary


	Similar entries Anti-malware Anti-spyware Anti-virus Behaviour blocker Blacklist CAPTCHA Challenge-response Content filtering Demilitarized Zone Encryption Firewall Intrusion detection system Intrusion prevention system Layered defence OCR On-access scanning Patch Patch Tuesday Public Key Cryptography Service pack Spam filter URL filtering Walled garden Whitelisting See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Virus Bulletin


	In this month's magazine: Living the meme If Svar is the answer... Static analysis of mobile malware And the devil is six: the security consequences of the switch to IPv6 Behind enemy lines: reporting from the CCC 28C3 Congress Subscribe now!

Virus Bulletin currently has 224,239 registered users.

Fighting malware and spam

Heuristics

See also