This question is about whether heuristics really work. According to last summer's PC Magazine (yeah, yeah I know - please no flames) none of the AV tools tested picked up on new viruses after not being updated for a month and off the web (except for McAfee and NAV and they already had sigs on the new viruses somehow). The article basically said that it's nice to talk about but it doesn't actually work. I was reading at SANS.org the other day and they were saying how heuristics were basically the cause of a lot of false positives. Any thoughts?