Among the famous AVs,which is the best in heuristic detection?

Discussion in 'other anti-virus software' started by quding, Oct 20, 2006.

Thread Status:
Not open for further replies.
  1. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    Such as NOD32,VBA32,McAfee,BD,etc.

    By the way,I'm a student interested in heuristic detection technology

    Does anybody have the same hobby?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
  3. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    haha,i considered "test" as a only reference but not the key evidence
    Can you agree with me
     
  4. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Yes, i do.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Nod and Antivir are both pretty close I would think. But would have to give the nudge to Nod.
     
  6. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    So you are?but i am just a newbie,Would you mind teach me somthing?
     
  7. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    Does anybody know some details about it

    I mean,Maybe we can conclude it from some "tests",but,obviously,code details are more important
     
    Last edited by a moderator: Oct 20, 2006
  8. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    :D :D
     
  9. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    haha,recently, i am dealing with it as my school work,but,
    there are 2 problems mostly
    1 is how to realize a virtual environment in order to simulate CPU instructions?

    2 is how to make sure of heuristic rules?
     
  10. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    I tried to seeking for it from google,but i found few information
     
  11. mario_l

    mario_l Registered Member

    Joined:
    Aug 4, 2006
    Posts:
    9
    Location:
    Iceland/Argentina
  12. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    Is it becoming to AV function?
    Let me see...
     
  13. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    How to carry it out in AV environment ?
     
  14. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    1. it's not a so-easy question to answer. There are still a lot of debate about heuristic and how to implement it. Companies follow different ways to implement heuristic: starting from "simple" (relative) static analysis, emulating only based instructions, emulating a full pc, don't emulate nothing and hooking some well choosed Windows API and then evaluate which one are called and how they are called (obviously, this isn't a complete list, there are lots of different techniques to implement heuristic). You just need to evaluate which one better adapt to your needs.
    Follow Mario_l hint: you can see how a full pc is fully emulated so you can understand a lot of things from it. Ah, a hint from me: don't start looking for antivirus heuristic source codes, start from the beginning trying to understand every little part of techniques used. Only through this way you are able to choose cleverly which one is what you need and how to better implement it.

    2. Obviously there isn't a correct way, every company follow different ways. In fact every heuristic is different from a product to another one. The good heuristic rule is the one that you think, after lot of testing, can identify a malware without false positive (or small percentage of FPs)

    Best regards :)

    Marco
     
  15. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    NOD323, AntiVir and BitDefender. Can't say much for F-Prot but so far it looks promising.
     
  16. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    Did they (Eset) finally release a new version? :shifty:
     
  17. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Also Norman SandBox is very good.

    Regards
    joter
     
  18. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    My impression is that NOD32,Dr.Web,Vba32, and AntiVir have the better heuristics.
     
  19. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    NOD32 & DrWeb are my favorites...Well at least when it comes to advanced detection.:shifty:


    tD
     
  20. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    I know AVG and Avast! use a lot of generic signatures, but do either of them actually have a heuristic engine?

    Regards
     
  21. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    They could really have better performances on unpackers with their sandbox

    However, Norman Sandbox is a clear example of a fully emulated pc :)
     
  22. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    NOD32 and BitDefender have the best heuristics. AVIRA and Dr.Web have about equally as good heuristics but these programs are known to generate more false positives than NOD32 and BitDefender.

    F-Prot 4.0 + Maximus also looks extremely promising. :)
     
  23. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    I have an interest in heuristics; although, my interests lie in the more mathematical foundations of heuristics, as opposed to the more practical applications in this field.

    Dave
    The guy who got Dana Scott and Robin Gandy to join the very short-lived Balkan Logical Society
     
  24. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    Thanks loads

    First,what you said did correct lots of my misunderstandings before,thank you ;

    and then,as you mentioned ,"every company follow different ways",can you tell details of the venders?
     
  25. quding

    quding Registered Member

    Joined:
    Oct 20, 2006
    Posts:
    42
    Location:
    China
    I think VBA32 should be added in best heuristic detection camp
     
Loading...
Thread Status:
Not open for further replies.