Understanding and Teaching Heuristics
This paper is designed to provide a basic understanding of what heuristics are and how they are used in the anti-malware industry. Topics covered include signature based detection, generic signatures, passive heuristics, and active heuristics or emulation. A very basic compression algorithm is developed and taught so as to enhance understanding of how compression works and why it poses problems for signature based detection. Encryption and polymorphism are also explained in easy to understand terms and examples. It also says that when a virus scanner detects a file that is clean - should not have been detected - this is called a false positive. People have criticized heuristics in antivirus as being prone to false positives.