Who says that Heuristic.Detection is not better then adding signatures?

Discussion in 'other anti-virus software' started by Telia-Mannen, Jan 21, 2006.

Thread Status:
Not open for further replies.
  1. Telia-Mannen

    Telia-Mannen Guest

    Woow it feels so good to have NOD32 on the pc, detected without adding a signature this file, but so did bitdefender, but anway NOD32 is da best one=)
    And you are keep telling that adding signatures is more important...
    0-time protection iz da best.. //GermanyBoy.

    http://img513.imageshack.us/img513/9151/screenshot0051bn.jpg
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    heuristics can be part of signature database too ;)
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    In the old days signatures would be more important, but these days when worms and other nasties are spreading lightning fast each day, good heuristics are a must-have to protect you from yet unknown threats.

    And I agree, it's quite nice to have NOD32 - The very best heuristics money can buy :D
     
  4. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    I guess I just don't understand all the one way or the other opinions on heuristics or signatures. It all knd of reminds me of the earlier days in computer processor designs where you had one group swearing by nothing but RISC and the others saying only CISC was the way to go. My opinions in those days was that neither by itself was the answer as RSIC was great for some things and horrible compared to CISC at others, vice versa and such.

    Anyway I always felt that a combination of the two would be the future of processors and low and behold that was exactly what has happened with almost all modern cpu designs being super-scaler combinations.

    So to me this whole thing between two AV detection technologies appears to be the same exact thing and I suspect that eventually all AVs will be a blend of the two. Obviously heuristics are important for 0 day detections as are definitions for other things that I have personally seen go undetected by heuristics only.

    Now I am no expert in these two approaches but it seems to me that a blend using both would be the best approach.
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yeah a blend of both should be a true winner, but really, heuristics are the real player these days
    (supported by signatures, otherwise it would detect alot less) :)

    Of course heuristics cannot detect 100% of unknown threats, and nobody should make the assumption that it will, but it helps alot against unknown threats. Unfortunately not every AV vendor is using the same code or method to detect these nasties, so there will always be a top dog amongst the heuristics department and the signature department.

    Currently these two are NOD32 and Kaspersky (according to av-comparatives.org & other test sites).
     
  6. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Ehhh....o_O

    I still remember me day 1 of the WMF Exploit and the poor results of some AV's....:rolleyes:
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well for me, signaures still have higher priority though i also like heuristics (especially those which also rely on signatures). Mail is excluded as potential invection vector, other "threats" are pretty minor...
     
  8. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    If signatures or heuristic is more important I don't know, but:

    Kaspersky Signatures + NOD32 Heuristics = THE BEST AV

    I already said that NOD32 need to invest in signatures and will be the best soon (IF isn't the best now).
    Is more easy to NOD32 add signatures than Kaspersky add heuristics... (i think...)
     
Loading...
Thread Status:
Not open for further replies.