Who says that Heuristic.Detection is not better then adding signatures?

Woow it feels so good to have NOD32 on the pc, detected without adding a signature this file, but so did bitdefender, but anway NOD32 is da best one=)
And you are keep telling that adding signatures is more important...
0-time protection iz da best.. //GermanyBoy.

http://img513.imageshack.us/img513/9151/screenshot0051bn.jpg

 

heuristics can be part of signature database too

 

In the old days signatures would be more important, but these days when worms and other nasties are spreading lightning fast each day, good heuristics are a must-have to protect you from yet unknown threats.

And I agree, it's quite nice to have NOD32 - The very best heuristics money can buy

 

I guess I just don't understand all the one way or the other opinions on heuristics or signatures. It all knd of reminds me of the earlier days in computer processor designs where you had one group swearing by nothing but RISC and the others saying only CISC was the way to go. My opinions in those days was that neither by itself was the answer as RSIC was great for some things and horrible compared to CISC at others, vice versa and such.

Anyway I always felt that a combination of the two would be the future of processors and low and behold that was exactly what has happened with almost all modern cpu designs being super-scaler combinations.

So to me this whole thing between two AV detection technologies appears to be the same exact thing and I suspect that eventually all AVs will be a blend of the two. Obviously heuristics are important for 0 day detections as are definitions for other things that I have personally seen go undetected by heuristics only.

Now I am no expert in these two approaches but it seems to me that a blend using both would be the best approach.

 

Yeah a blend of both should be a true winner, but really, heuristics are the real player these days
(supported by signatures, otherwise it would detect alot less)

Of course heuristics cannot detect 100% of unknown threats, and nobody should make the assumption that it will, but it helps alot against unknown threats. Unfortunately not every AV vendor is using the same code or method to detect these nasties, so there will always be a top dog amongst the heuristics department and the signature department.

Currently these two are NOD32 and Kaspersky (according to av-comparatives.org & other test sites).

 

Ehhh....

I still remember me day 1 of the WMF Exploit and the poor results of some AV's....

 

Well for me, signaures still have higher priority though i also like heuristics (especially those which also rely on signatures). Mail is excluded as potential invection vector, other "threats" are pretty minor...

 

If signatures or heuristic is more important I don't know, but:

Kaspersky Signatures + NOD32 Heuristics = THE BEST AV

I already said that NOD32 need to invest in signatures and will be the best soon (IF isn't the best now).
Is more easy to NOD32 add signatures than Kaspersky add heuristics... (i think...)