Scanners of The Year 2000: Heuristics

Dmitry Gryaznov
Proceedings of the Fifth International Virus Bulletin Conference, pp.225-234

Working at the Virus lab, S&S International PLC, the author is also carrying out a research project on heuristic analysis. The article explains what heuristics are. Positive and negative heuristics are introduced. Some practical heuristics are represented. Different approaches to a heuristic program analysis are discussed. False alarms problem pointed and discussed. Several well-known scanners employing heuristics are compared (without naming the scanners) in both the virus detection rate and false alarms rate.

