The biggest concern of anyone introducing Heuristics is false positives and inexperienced users who will delete the file that the virus was detected in. This can have huge potential implications on the users system.
Yeah... But, sometimes, the signatures bring false positives as much as heuristics would
Heuristics have a big potential,especially for AV that is not so well known (so virii writers don't fool its heuristics). Just look at NOD32. I had doubts about heuristics until i tried it. Same with ArcaVir 2005. Detected brand new worm before they had defs for it. And even if heuristics detect only few samples it's still better than nothing.
In fact. But, I have some experiences on it... Promisses more than could realise. Better detection are just side by side of false positives. I do believe in fast updating and avast! can't be better on it. Well, it could be better on adding signatures that, nowadays, were not that fast anymore :'(
Perhaps a means of getting round this is to have two Alarms and actions, Heuristic and Signature detected. Then to correctly identify the warning as a Heuristic detection and perhaps move it to the chest rather than allow for auto/user deletion.
This could be similar to the email heuristic warning, but that warning is very ineffective as many who post here don't realise the difference and delete emails regardless of the fact that it is pointed out it is just Suspicious and not positively identified as infected. There have been similar requests on the forums to have a different Warning Alarm for Web Shield detection, because that says there is a virus on your computer (and it won't be if you abort the connection) and many people have spent a lot of time trying to find it on their computer.
Good suggestions... I hope it won't be lost into the jungle of the forum threads
:'(