is Heuristic Test just a "lab" result ?

Discussion in 'other anti-virus software' started by new!, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. new!

    new! Guest

    is Heuristics just a "lab" result ?
    is Heuristics method work in real world?
    is there any real story about finding unknown virus by Heuristics which is still undetected by any (AVs definithion) ?
    which is better to use ?
    1-very high detection by definthion and less by Heuristics (KAV)?
    2-very low detection by definthion and very high Heuristics (NOD32)?

    KAV have the biggest (total) detection rate than nod32 even when the nod32 has the highest detection by Heuristics

    why the Heuristics in the nod32 did not found all missed virus that KAV found them in On-demand comparative or at least reduce the (great) difference between them (av-comparatives) ?

    I have not found for more than 6 years a virus by Heuristic !!
    all of Heuristic alarm was false alarm !!!
    I have read a thread in NOD32 version 2 Forum that nod32 found a virus in norton 2006 beta and it was a false alarm


    please help
    im confused :(
     
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    You might take a look at the Retrospective/ProActive Test May 2005 on:
    http://www.av-comparatives.org

    Also NOD's Advance Heuristics has stopped several infections on my end before the definitions were out.

    Here is one I posted a while back. This has occured on my end a number of times.

    https://www.wilderssecurity.com/showthread.php?t=42010

    There are other threads, for example:

    https://www.wilderssecurity.com/showthread.php?t=66565

    I think AVs should strive to have both good reactive detection, using definitions and good zero hour proactive detection with Heuristics.

    I have NOD on one machine and a KAV AV on another machine.:)
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I had many real life heuristic detections.One or two by AVG,few others by AntiVir,even more with ArcaVir and the most with NOD32.
    So yeah they do work and they are not just for lab detection rate increase...
     
  4. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    NOD32 doesn't have VERY LOW DETECTION by definitions. NOD32 has high detection rates by definitions, too but not as high as KAV... 95% is VERY LOW detection?
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Unless i'm mistaken, then 95,50% for Nod & the 99,65% for Kaspersky is with signature & heuristic detection for both.
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But you'll hardly EVER see Kaspersky to detect anything with heuristics because they cover everything so good with signatures.
    But i have seen ONCE (weeee lets party :D ) on jotti where KAV detected something with heuristics. Maybe Jotti made a screenshot of this historical event ;)
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    True, i have also only had 2 of those & so what, keep the signatures coming. Besides we have proactive defense to look forward to in 2-3 months. :D :cool:
     
  8. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493

    I don't like trying beta products very much ( I think I have only tried 2 beta products on my time on computers) so I have not tried KAV 6.0.

    I know you are sort of biased towards KAV but I wanted to ask you what is your opinion of KAV 6.0 heuristics/behavior blocker.

    Starrob
     
  9. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Thats a good question, one I'd like to see answered.
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Although heuristics do help to detect malware they are certanly not allmighty as many people might think.
    Just check Jotti from time to time. You'll hardly ever see KAV miss anything.
    Thats because they use raw detection force of signatures (backed up with hourly! updates). Powered with very strong unpacking and generic engine makes KAV the ultimate detection beast. I'm not saying NOD32 doesn't have a good engine (they certanly sport the best heuristics and emulation engine to date),but what they lack are hourly active updates and more and more unpacking capabilities backed up with even more signatures. And this is the reason we see that gap between KAV and NOD32.
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I do check Jotti from time to time and note KAV misses some, even with their very fast update, that other AVs are already detecting.

    I think AVs should strive to have both good reactive detection, using
    signatures and good zero hour proactive detection with Heuristics.

    It seems to me that KAV needs better heuristics and NOD could improve on the signatures.

    That is the reason I have NOD on one machine and a KAV AV on another machine.:)
     
  12. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    I guess you could say i'm biased, but only because it works for me and because i have been a costumer of most of the more welknown AV incl Nod32, although i'm pretty much settled with what suits my needs and have reduced my testing of different AV's i still enjoy trying new security products out, i'm a sort of BigC-light in this respect, i don't have 2-4 different configurations on a day anymore though. ;)

    About the heuristics/behavior blocker in Kav 6.0, it 's still very early in development and also i would to make a correction, many believe that the proactive defense module & the heuristics is the same, it's actually heuristics and the proactive defense which btw contains a registryguard and a processguard, the officeguard is included in the suite:
    http://img168.imageshack.us/img168/1267/ProactiveDefensesettings.gif
    I don't really have an firm opinion yet, exept that it can only make Kaspersky even better, it will now have what most Nod users usually say is a weakness in Kaspersky, a behavior based detection. In it's present state still needs lots of tweaking until it's released in the coming months of course and will of course, but already quite good.

    To me heuristics and behavior based products are much the same, although made from two different angles, they are in essence human guesswork and can not replace, but will complement a strong signature detection. :)
     

  13. 99.65 - 95.50 = 4.15 %

    4.15% = almost 15000 virus !!!!!!!!
    15000 very big number
    use the virus (nubmer) not the (prcentage)
     
Loading...
Thread Status:
Not open for further replies.