what is the use of good heuristics engine?

I am slowly started to hate this so called better heuristics engine of avs.
last week i got 2 malware(both r zero day threats according to AVs) which were not detected by avira which i have installed on pc. that was not enough, when i submitted them to virus total nod32 also detected nothing.
I think every AV vendors have to make quick updates of their AVs. cause only bitdefender detected both when scanned thru virusTotal.and when i submitted them to AV vendors kaspersky was the first to respond both times.
avira took 1 day to respond and eset didnt responded.so that means after 2 hours of my submission to kaspersky, it is capable to detect those malware. but avira took one and half days to add them to database.anything can happen in those one and half days if the new malware is powerfull.
So im much dissappointed with so called good heuristics engine or somthing like that.
I think its better for Every AVs to head to the kaspersky or bitdefender's way(i mean quick updates).

 

Some malware authors obviously "optimize" their "products" before they release them - they try around until no av program detects the malware anymore. There is nothing you can do against it, you can bypass every detection method. Luckily, it's not so easy to bypass all the av programs, so most of the new malware is still caught by heuristics or generic detection.

Even with all those av companies adding HIPS protection, I think it won't be long until the malware authors start to adjust to those aswell. It takes even more work for them - but they get paid for it so we will have to expect it.

It pretty much boils down to the simple fact: who got more manpower to react faster?

 

Greets.

They already DO! A very recent HIPS tests by a memebr of this forum exposes a weakness/loophole in some HIPS that fail to hold their seats in the SSDT Table (hooks), and that malware easily Unhooks those HIPS behavior detection drivers and some can simply replace those hooks with their own in order to safely seat themselves while that particular intruder then takes over as the system's enforcer for whatever operation they intend to carry out, (keylog)(destruction) etc. Effectively wresting control of the user's system for it's own designed purpose.

Interesting & Timely Topic.

 

Hmm, but SSDT restoring is known for so long - which products are affected by this?

 

Maybe this test? Found it on the Online Armor site.

http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

 

As just noted above........................


http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

Originating from this rather lengthy topic which also might be of some use in this particular discussion courtesy nicM.

https://www.wilderssecurity.com/showthread.php?t=180969