What is heuristic scanning?
A recent addition to scanners is intelligent analysis of unknown code, currently referred to as heuristic scanning. More closely akin to activity- monitoring functions than traditional signature scanning, this looks for “suspicious” sections of code that are generally found in viral or malicious programs. While it is possible for normal programs to want to “go resident,” look for other program files, or even modify their own code, such activities are telltale signs that can help an informed user come to some decision about the advisability of running or installing a given new and unknown program. Heuristics, however, may generate a lot of false alarms, and may either scare novice users, or give them a false sense of security after “wolf” has been cried too often. This field is really the application of “expert systems” to antiviral software: an “expert” antiviral disassembler is checking the code for you. Along with hoped-for advances in change detection, this bodes well for the future
