heuristic

Just wonderd if kaspersky uses heuristics.
If so how does it compare.

 

It does use heuristics. Link to the latest Av-comparatives Retrospective/ProActive Test http://www.av-comparatives.org.

 

Hi,

Yes it does but not up to Bitdefender, NOD32, Norman Sandbox, Mcafee and Dr Web standards. These product are superior in Heuristic detection.

Although this is of set by the Kaspserky technicians adding more viruses defs far more regularly than the competition and have a very quick response time from time of receiveing virus sample to releasing Defs.

Kasperky is one of the leading products. (along side Nod32 of course )

Cheers


Jlo

(Nod32user)

 

KAV's Heuristic Code Analyser is certainly an important part of its engine.

And the Retrospective/Proactive Tests that Don notes above, certainly show that heuristic/generic analysis by KAV is certainly not shabby!

Further, since, the recent main threats appear to have shifted from worms to backdoors and botgens, KAV's proactive results shown with zoo backdoors should give confidence in its detection abilities.

However, remember that both heuristic and 'signature' abilities are important in looking at an AntiVirus program's detection strengths.

 

Just a question. I agree Kaspersky has great signatures, and they are fast to get them out. But, do you think that heuristics are the way of the future?? And if so won't companies like Eset be far ahead of the game.

 

Look,there is just one problem. The balance between signature and heuristic detection. In Kaspersky's case heuristics cannot prove itself because signatures cover like 95% of all known malware to date.
NOD32 on the other side cover way less (i mean way less) so there is still space for heuristic detections. In majority of cases these heuristic detections are submited to ESET and converted to signature based (so the malware gets a real name and instead of heuristic generated).
With other words,Kaspersky cannot detect something with heuristics since they already have it in signature database (we all know that Kaspersky has the largest database). Thats the biggest difference.
If ESET would add so many signatures their heuristics would prove "less" effective as they are now with smaller signature database.
I hope you understand now

 

It is not know malware but zero-day infections that NOD's Advance Heuristic detection has proven itself on my end a number of times.

Example: https://www.wilderssecurity.com/showthread.php?t=42010
This has occured a number of times on my end with the machine running NOD.

https://www.wilderssecurity.com/showthread.php?t=58482

Isn't this what the Av-comparatives Retrospective/ProActive Test
does take into account.
http://www.av-comparatives.org

 

In my opinion, heuristics/generic detection or something similarities of the traditional AV scene are not the main way of the future but it should be there anyway, heuristics/generic detection are succeed in some degree but for some or most cases it's not and in the future the main malware trend may change to something that are not depend solely on files but maybe the exploitation or memory attack or something that we can't imagine.

I think the main way of the future probably is generic detection+behaviour blocking that are currently used by host intrusion prevention such as Prevx Home/Pro, this is the real zero-day attack defence since it doesn't rely on signature, code emulator or something else in AV scene. Prevx is far more better than any other heuristics/generic detection of an AV in term of unknown malware/malicious activities prevention. IMHO

 

I disagree, I think heuristics is the way of the future, behaviour blocking like that being used in PreVx and Panda's Tru Prevent, has been tried by Norton before the Symantec days and by McAfee in the days of Dr. Solomon. Both abandoned the approach because it is too intrusive and requires too much user intervention. Remember the average home user doesn't want to be bothered with 15 or 20 prompts while trying to install legitimate software. Yes Prevx works but you must disable it to install most software and to let system utilities do their jobs properly. The average home user will not tolerate this and simply disable the software. Heuristcs on the other hand does almost the same thing but looks for malicious action by programs as well as certain known patterns with previous malware. A much more tolerable approach.

 

Actually, I believe heuristics AND generic detections are the way of the future. As heuristics do advance and provide better detection of newer viruses, generic detections can atleast provide some sort of disinfection of the same. For example, if a new bagle came out, then a 'generic' bagle signature can provide limited disinfection to keep the virus at bay while the engineers develop a new signature. This approach of using heuristics alongside generic detections would prove to be pretty much effective in stopping new viruses.

Regards,
Firecat

 

I agree with Firecat.. the combination of the two will probably become more common. The problem is that malware is becoming more and more varied, and something like Prevx is the only way to catch the widest spread of threats. Programs like Prevx and ProcessGuard are also becoming both more numerous and easier to use.. I think we'll probably see more of these becoming more 'set and forget' to give a minimum of alerts to anyone but those that install numerous applications per day.

 

I understand you point very well as I mentioned to this drawback in another thread long time ago. So that's just one of the drawback of generic detection+behaviour blocking but nothing is perfect.

But since heuristics can't cover most of all type malware and its successful rates are still rare and plus it generates false positive or gives false sense of security (false negative) sometimes so What will protect you?

Heuristics have been used/developed/hyped probably more than decade and it gives some proof that it's not reliable and not succeed as much as it should be. But now maybe some AVs (e.g. NOD32, Norman-Sandbox, MKS_Vir,...) could change it.

Generic detection+behaviour blocking is far more reliable in term of protection but it has its own drawback as mentioned but this can be improved to balance or reduce that drawback in anyway if it is becoming more popular as the appearance of something like Prevx Home.

 

Read this article http://www.viruslist.com/en/analysis?pubid=153595662 about signature-based virus detection and other technology for detection viruses.


Bye,

Izi

 

Very good article.

 

Re: heuristic... NOD32 WINS!

After reading a zillion threads, and googling 'till my fingers hurt... my eyeballs and brian finally will be able to (almost) rest... NOD32 wins!!

Now to find the funds.

Mike

 

Heuristics are useful but in some cases may generate more false positives.

 

Re: heuristic... NOD32 WINS!

In Michigan Avast! works real good and its Free