Heuristics

Malware detection method using rules and pattern-matching

Heuristics is a term that refers to any method of detecting unknown malware using systems of rules and patterns. Most anti-malware products use some form of heuristics to supplement signature-based detection, improving detection and efficiency.

Malware that is not detected exactly using signatures may be compared to a set of rules which determine if a file meets any suspicious criteria. Use of certain coding techniques, behaviours or even phrases may be considered suspicious, and a combination of suspicions may be enough to alert on a file.

Some products allow considerable fine-tuning of the 'paranoia' level of their heuristics, particularly in server or mail gateway products which can safely allow suspect items to be blocked for some time pending further analysis.

Poll

Should anti-virus software be free for personal use?

Leave a comment
View 43 comments

VB2009

VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland. A call for papers will be issued in December.

Virus Bulletin currently has 144,137 registered users.

Fighting malware and spam

Heuristics

Anti-malware

Anti-spyware

Anti-virus

Behaviour blocker

Blacklist

CAPTCHA

Challenge-response

Content filtering

Demilitarized Zone

Encryption

Firewall

Intrusion detection system

Intrusion prevention system

Layered defence

OCR

On-access scanning

Patch

Patch Tuesday

Public Key Cryptography

Service pack

Spam filter

URL filtering

Walled garden

Whitelisting

See also

Glossary

Resources

Poll

VB2009