http://www.pcmag.com/article2/0,1895,2073044,00.asp
Will 1.5 have heuristics?
Heuristic spyware detection--see PC World
http://www.pcmag.com/article2/0,1895,2073044,00.asp
Will 1.5 have heuristics?
Last edited by tashi; 2007-02-02 at 07:12. Reason: Replaced tiny url with full url so our members know what they are clicking on.
I don't see anything about heuristics behind that link, only a description of one product.
Actually, we had heuristics for a long time... 1.4 has them, and 1.3 can use the same advanced detection library update thats available for 1.4...
From Wikipedia
And here you can see the bad side of heuristics as well: false positives! Pretty much all false positives are the results of trying to update detection criteria to cover future versions as well, on the cost that since future versions are not fixed yet, one has to broaden the algorithms, and things could go bad.Two fundamental goals in computer science are finding algorithms with provably good run times and with provably good or optimal solution quality. A heuristic is an algorithm that gives up one or both of these goals; for example, it usually finds pretty good solutions, but there is no proof the solutions could not get arbitrarily bad; or it usually runs reasonably quickly, but there is no argument that this will always be the case.
So actually, please see our false positives as a proof that we use heuristics :D Or to say it in another way: heuristics are quite useful, but they're always a trade-off of reduced accuracy.
Also:
That's something we've been using nearly since the beginning. A simple example: when we're looking for a static file (lets say some minor thread that never gets updated), we know its properties: size, name, static checksum... now when we're looking for it, and we found a file with the proper name, we check the size first, since if the size does not match, we don't even have to look at the checksum, since that can't be a match any more then.In any searching problem where there are b choices at each node and a depth of d at the goal node, a naive searching algorithm would have to potentially search around bd nodes before finding a solution. Heuristics improve the efficiency of search algorithms by reducing the branching factor from b to a lower constant b', using a cutoff mechanism.
Of course, static files & checksums are outdated and we use them very rarely only, but it was the easiest example I could find
edit: ok, now I saw the "behaviour analysis" on that link. And also "And it makes few false accusations." that's about what I wrote about the first Wiki quoteThough "non-signature anti-malware program[s]" simply do not exist, even if you look only at the behaviour, you need signatures for behaviour
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
New Heuristic program
see their description: http://www.sanasecurity.com/products/pr/index.php
Yup, false positives are always a problem with heuristics (or behavioral analysis, whatever you want to call it).
They recommended ADDING this to a signature based antispyware.
Is there a sticky on Spybot heuristics?
Sana Security failing me
The program I mentioned screwed up my OS (kept rebooting). I unclicked various startups one by one until I found it was Primary Response that was doing it.
However, I was running teatimer at the same time, so I don't know if this would happen without it.
Another heuristic program, Spycatcher, is horrible -- so many false positives and links to useless or nonexistent information about the tagged files! Not worth the headache.
Posting Permissions
Reply With Quote