computer Heuristic Analysis is a new technique being used widely by antivirus programs to detect threats within the system. They claim that this method of detecting malware is much different, having the ability to find viruses that were previously unknown. In other words, it is a modern technology that detects viruses which have not yet been discovered and adds their info to the definition files. This method of computer protection can be found in premium security packages.
Working
Antivirus softwares may use multiple techniques to proactively find malware, but the base of all heuristic methods is examining a suspected file and analyzing its behavior to determine if it can harm or slow down the system in any way. It is also checked whether a certain procedure is being run without permission. It uses several decision rulings and weighing methods in order to determine the system’s vulnerability towards specific threats. MCA (Multi-Criteria Analysis) is applied as a way of weighing methods in heuristic analysis. In this way, this technique differs from statistical ones that are mainly based on available data and/or stats.
Detection Methods Employed in Heuristic Analysis
File Analysis:
We can have a better understanding of this method by supposing the suspect files going through airport security (including the carry on checks). This method of analyzing a file involves the software having a deep look at the intents of the file, its purpose, and destination. It checks if a certain file tends to delete files or perform any unauthorized action, and if it does, it is considered to be a virus.
File Emulation:
File emulation can also be referred to as ‘dynamic scanning’ or ‘sandbox testing’. It lets the file work in an organized system to see how it behaves. This virtual environment, organized for the virus is also known as a ‘sandbox’. If the file’s behavior resembles that of a virus, it is taken as a virus.
Signature Detection:
Genetic Signature detection is one of the most import detection methods used in Heuristic Analysis. Various viruses re-occur after being removed, but they do not appear with the same filenames or specifications. They reach the computer having similar properties as their family (or class). This method is specifically designed to detect the viruses that re-create themselves with certain variations. It uses the antivirus old records to find the previously removed viruses’ relatives. This trick usually works because the viruses are practically the same, having similar characteristics, with very slightly varied names and properties. To understand this phenomenon clearly, we can think of identical twins having the exact same DNA with only different fingerprints.
Positives and Negatives
Surely, heuristic analysis is one of the most effective ways to locate every threat of your computer as it analyzes the behavior of the files. But it has its disadvantages as well. Sometimes, perfectly fine files are deemed to be viruses when they really are not. In this way, useful files may get quarantined or deleted. Moreover, this method of scanning takes a lot of time, which can slow down the performance of the system.
