Heuristic Antivirus

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Heuristic Antivirus

(1/3) > >>

manimatters:
Hey people, I'm posting after a long time here at DC.

Is there any anti-virus out there which i can use to test heuristic analysis only? I mean, only use the heuristic engine only to scan for viruses?

Well, I'm doing term paper on Heuristic Anti-virus Technology and want some pointers to where I can get more information etc on the topic. This is the best forum I'm aware of, so thought I would ask here.

mouser:
Don't have an answer for your question but I'd be interested in any technical writeups you find on heuristic antivirus scanning.. Personally I am really mad at the way antivirus companies handle heuristic reporting..

That is, what they SHOULD do when they find a file that triggers some heuristic flag is perhaps make a report saying that a file was found that is probably ok but triggered a heuristic alert and explain exactly what in the file triggered the alert.

Instead what they do is report it to the user as if a known virus was found with high confidence.

This results in tons of false positives, scaring users and causing harm to company reputations.

Crush:
I´ve seen only antivirus progs with a switch for additional heuristics, but you could try to disable the bloomfilter in the ClamAV-sourcecode to switch off the >64Bytes-signature-search.

manimatters:
Don't have an answer for your question but I'd be interested in any technical writeups you find on heuristic antivirus scanning.. Personally I am really mad at the way antivirus companies handle heuristic reporting..

That is, what they SHOULD do when they find a file that triggers some heuristic flag is perhaps make a report saying that a file was found that is probably ok but triggered a heuristic alert and explain exactly what in the file triggered the alert.

Instead what they do is report it to the user as if a known virus was found with high confidence.

This results in tons of false positives, scaring users and causing harm to company reputations.
-mouser (March 15, 2009, 09:01 AM)
--- End quote ---

I totally agree on this, false positives cause more damage than viruses, even putting company reputations at stake. From what i've learnt so far, it should be that the user decides what a virus is and what not.

TucknDar:
I imagine the AV companies consider which company is more important: Theirs or some other company. If they let the user decide whether something is a false positive or actual virus there's bound to be some users who'd let a virus through and then probably blame the AV software. So it's safer for them to trigger on the false positives.

Navigation

[0] Message Index

[#] Next page

Go to full version