-
May 15th, 2004, 04:28 PM
#1
How do Heuritic Scanners Work?
Any idea how heuristic scanners work? I read a lot about how how the infected file is put in a "sandbox" and is checked for any activity...Wat exactly takes place??And secondly...is this really effective in detecting viruses?
-
May 15th, 2004, 04:39 PM
#2
Neorage,
A heuristic scanner searches elementary assembly language, in the hopes of detecting little known infections. They’re many false positives with this type of scanner because it tries to learn and make assumptions based on the behavior of the virus.
cheerios
edit: here's some links of interest for you:
http://www.itsecurity.com/asktecs/oct2802.htm
http://vx.netlux.org/lib/static/vdat/epheurs2.htm
http://www.choice.com.au/goArticle.aspx?id=103097&p=1
-
May 15th, 2004, 07:32 PM
#3
Well Neorage,
Your heuristic scanner works on "algorithms" or rules............like if something tries to amend the registry, prepend or append to an executable, and so on............it will give you a warning.
Now, your "sandbox" is a different concept.............here, an incoming executable is put in an area where it's activity is monitored...........if it tries to access areas outside the sandbox.............it is a cheater.
A bit like home and away games...........heuristics are at home...........the sandbox is away?
I hope that explains
-
May 15th, 2004, 08:40 PM
#4
Nihil,
Thanks for cleaning it up and finishing his questions.
-
May 16th, 2004, 10:27 AM
#5
good post nihil
-
October 13th, 2004, 05:12 PM
#6
think i got a solution for that! and not only that if u want to know about working of anything you can just visit the website:
www.howstuffworks.com
happy surfing
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|