Author Topic: Advanced Heuristics for Resident Protection?  (Read 3623 times)

0 Members and 1 Guest are viewing this topic.

softwareguy

  • Guest
Advanced Heuristics for Resident Protection?
« on: June 14, 2004, 10:30:38 PM »
I heard this in the wishlist.
But it seems everyone is having different meanings of "Advanced Heuristics".

My Definition for it is - Code Emulation + Smart File Type Detection for Scan on Open / Created / Modified files.

What's your definition?  ::)

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re:Advanced Heuristics for Resident Protection?
« Reply #1 on: June 15, 2004, 12:55:14 AM »
The feature sounds well but what would be meaning of your 'advanced heuristics' - sth like detection of modified-eicar sample ? It's a bit late to detect 'unknown/new/modified variant of XXX virus' because of scanning method. I heard, e.g. fprot uses crc virus body comparing and it can find out slight changes in the virus body.

Code Emulation has sense in trojan detection and it will be improved in next avast versions.

softwareguy

  • Guest
Re:Advanced Heuristics for Resident Protection?
« Reply #2 on: June 15, 2004, 02:15:58 AM »
Did you say improved?
So it means that it exists on the latest build right now?  :-\

Also, what will Alwil do in order to increase detection rates of modified variants of "x" virus? If a virus were to get changed only a byte, would Avast be able to detect it currently?

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re:Advanced Heuristics for Resident Protection?
« Reply #3 on: June 15, 2004, 03:08:30 AM »
Did you say improved?
So it means that it exists on the latest build right now?  :-\
There will be a small code emulator in v4.5 I intend to use only for some win32-packers using of polymorphic engines.

Quote
Also, what will Alwil do in order to increase detection rates of modified variants of "x" virus? If a virus were to get changed only a byte, would Avast be able to detect it currently?
In fact, it would not increase detection rates.
« Last Edit: June 15, 2004, 03:09:10 AM by pk »

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Advanced Heuristics for Resident Protection?
« Reply #4 on: June 15, 2004, 04:39:34 AM »
SoftwareGuy, code emulators are not all their cracked up to be. I get the Norman update newsletter and it seems every engine update fixed some bug in the sandbox engine.  Those update occur about twice a month!
« Last Edit: June 15, 2004, 04:40:12 AM by MacLover2000 »
"People who are really serious about software should make their own hardware." - Alan Kay