heuristic

Discussion in 'other anti-virus software' started by waters, Feb 5, 2005.

Thread Status:
Not open for further replies.
  1. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Just wonderd if kaspersky uses heuristics.
    If so how does it compare.
     
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
  3. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    Yes it does but not up to Bitdefender, NOD32, Norman Sandbox, Mcafee and Dr Web standards. These product are superior in Heuristic detection.

    Although this is of set by the Kaspserky technicians adding more viruses defs far more regularly than the competition and have a very quick response time from time of receiveing virus sample to releasing Defs.

    Kasperky is one of the leading products. (along side Nod32 of course :D )

    Cheers


    Jlo

    (Nod32user)
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    KAV's Heuristic Code Analyser is certainly an important part of its engine.

    And the Retrospective/Proactive Tests that Don notes above, certainly show that heuristic/generic analysis by KAV is certainly not shabby!

    Further, since, the recent main threats appear to have shifted from worms to backdoors and botgens, KAV's proactive results shown with zoo backdoors should give confidence in its detection abilities.

    However, remember that both heuristic and 'signature' abilities are important in looking at an AntiVirus program's detection strengths.
     
  5. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Just a question. I agree Kaspersky has great signatures, and they are fast to get them out. But, do you think that heuristics are the way of the future?? And if so won't companies like Eset be far ahead of the game.
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Look,there is just one problem. The balance between signature and heuristic detection. In Kaspersky's case heuristics cannot prove itself because signatures cover like 95% of all known malware to date.
    NOD32 on the other side cover way less (i mean way less) so there is still space for heuristic detections. In majority of cases these heuristic detections are submited to ESET and converted to signature based (so the malware gets a real name and instead of heuristic generated).
    With other words,Kaspersky cannot detect something with heuristics since they already have it in signature database (we all know that Kaspersky has the largest database). Thats the biggest difference.
    If ESET would add so many signatures their heuristics would prove "less" effective as they are now with smaller signature database.
    I hope you understand now :)
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    It is not know malware but zero-day infections that NOD's Advance Heuristic detection has proven itself on my end a number of times.

    Example: https://www.wilderssecurity.com/showthread.php?t=42010
    This has occured a number of times on my end with the machine running NOD.

    https://www.wilderssecurity.com/showthread.php?t=58482


    Isn't this what the Av-comparatives Retrospective/ProActive Test
    does take into account.
    http://www.av-comparatives.org
     
    Last edited: Feb 5, 2005
  8. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    In my opinion, heuristics/generic detection or something similarities of the traditional AV scene are not the main way of the future but it should be there anyway, heuristics/generic detection are succeed in some degree but for some or most cases it's not and in the future the main malware trend may change to something that are not depend solely on files but maybe the exploitation or memory attack or something that we can't imagine.

    I think the main way of the future probably is generic detection+behaviour blocking that are currently used by host intrusion prevention such as Prevx Home/Pro, this is the real zero-day attack defence since it doesn't rely on signature, code emulator or something else in AV scene. Prevx is far more better than any other heuristics/generic detection of an AV in term of unknown malware/malicious activities prevention. IMHO
     
    Last edited: Feb 5, 2005
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I disagree, I think heuristics is the way of the future, behaviour blocking like that being used in PreVx and Panda's Tru Prevent, has been tried by Norton before the Symantec days and by McAfee in the days of Dr. Solomon. Both abandoned the approach because it is too intrusive and requires too much user intervention. Remember the average home user doesn't want to be bothered with 15 or 20 prompts while trying to install legitimate software. Yes Prevx works but you must disable it to install most software and to let system utilities do their jobs properly. The average home user will not tolerate this and simply disable the software. Heuristcs on the other hand does almost the same thing but looks for malicious action by programs as well as certain known patterns with previous malware. A much more tolerable approach.
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Actually, I believe heuristics AND generic detections are the way of the future. As heuristics do advance and provide better detection of newer viruses, generic detections can atleast provide some sort of disinfection of the same. For example, if a new bagle came out, then a 'generic' bagle signature can provide limited disinfection to keep the virus at bay while the engineers develop a new signature. This approach of using heuristics alongside generic detections would prove to be pretty much effective in stopping new viruses.

    Regards,
    Firecat
     
  11. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I agree with Firecat.. the combination of the two will probably become more common. The problem is that malware is becoming more and more varied, and something like Prevx is the only way to catch the widest spread of threats. Programs like Prevx and ProcessGuard are also becoming both more numerous and easier to use.. I think we'll probably see more of these becoming more 'set and forget' to give a minimum of alerts to anyone but those that install numerous applications per day.
     
  12. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    I understand you point very well as I mentioned to this drawback in another thread long time ago. So that's just one of the drawback of generic detection+behaviour blocking but nothing is perfect.

    But since heuristics can't cover most of all type malware and its successful rates are still rare and plus it generates false positive or gives false sense of security (false negative) sometimes so What will protect you?

    Heuristics have been used/developed/hyped probably more than decade and it gives some proof that it's not reliable and not succeed as much as it should be. But now maybe some AVs (e.g. NOD32, Norman-Sandbox, MKS_Vir,...) could change it.

    Generic detection+behaviour blocking is far more reliable in term of protection but it has its own drawback as mentioned but this can be improved to balance or reduce that drawback in anyway if it is becoming more popular as the appearance of something like Prevx Home.
     
  13. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  14. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Very good article.
     
  15. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    Re: heuristic... NOD32 WINS!

    After reading a zillion threads, and googling 'till my fingers hurt... my eyeballs and brian finally will be able to (almost) rest... NOD32 wins!! :D :D

    Now to find the funds. :eek:

    Mike
     
  16. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Heuristics are useful but in some cases may generate more false positives.
     
  17. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Re: heuristic... NOD32 WINS!

    In Michigan Avast! works real good and its Free :)
     
Thread Status:
Not open for further replies.