What is heuristic virus

What is heuristic analysis?

Heuristic analysis is a method of detecting viruses by checking code for suspicious properties.

Traditional methods of detecting a virus involve identifying malware by comparing code in a program with code for known types of viruses that have already emerged, analyzed, and recorded in a database. This is known as signature recognition.

While signature recognition is useful and still in use, it has become increasingly limited because of the development of new threats that exploded and continued to emerge around the turn of the century.

To address this problem, the heuristic model was specifically designed to detect suspicious features found in unknown, new viruses, and modified versions of existing threats and known malware samples.

Cyber ​​criminals are constantly developing new threats, and heuristic analysis is one of the few ways to deal with the large volume of these new threats that are emerging every day.

Heuristic analysis is also one of the few methods capable of combating polymorphic viruses, the term for malicious code that is constantly changing and adapting. Heuristic analysis is built into advanced security solutions from companies like Kaspersky Labs to identify new threats before they can cause damage, without the need for a specific signature.

How does heuristic analysis work?

Heuristic analysis can use a number of different techniques. A heuristic technique called static heuristic analysis involves decompiling a suspicious program and examining the source code. This code is then compared with viruses that are already known and are in the heuristic database. If a certain percentage of the source code matches information in the heuristic database, the code is flagged as a possible threat.

Another method is known as dynamic heuristics. When scientists want to analyze something suspicious without putting people at risk, they contain the substance in a controlled environment, such as a safe laboratory, and run tests. The procedure is similar to heuristic analysis, but in a virtual world.

It isolates the suspicious program or piece of code in a special virtual machine (or sandbox) and gives the antivirus a chance to test the code and simulate what would happen if the suspicious file were allowed to run. It examines each command, when it is activated, looking for suspicious behavior such as self-replication, file overwriting, and other actions common with viruses.

Potential problems

Heuristic analysis is ideal for identifying new threats, but to be effective the heuristic must be carefully tuned to provide the best possible detection of new threats, but without generating a false positive for completely innocent code.

Because of this, heuristic tools are often just a weapon in a sophisticated antivirus arsenal. They are typically used in conjunction with other virus detection methods, such as signature analysis and other proactive technologies.

More articles:

Further products:

What is heuristic analysis?

Kaspersky
Heuristic analysis is a method of detecting viruses by checking code for suspicious properties. It is designed to detect unknown new viruses and modified versions of existing threats.