In addition to comparing potential malware against known virus signatures, all ESET NOD32 products employ the use of heuristics in detecting viruses, trojans and other threats.
Heuristics is a technique which implements a set of guidelines or rules in order to problem solve efficiently. In an antivirus context, heuristics are a set of rules used to detect malicious program behavior without needing to uniquely identify the specific threat, as is required by classic signature-based detection.
The primary advantage of the heuristic-based model is not only its ability to detect variants or modified forms of existing malicious programs, but also new previously-unknown malicious programs. ESET NOD32 Antivirus and ESET Smart Security use heuristics to detect both known and unknown threats and malware. Two forms of heuristics are used, Passive and Active.
Passive Heuristics
Passive Heuristics analyze a potential threat as it is scanned, tracing through the instructions in the program before passing the code to the processor for execution. Passive Heuristics look for patterns, routines or program calls that indicate malicious behavior. Though an important tool, passive heuristics alone are only part of the solution, as there is no single action that a malicious program can perform that is not also allowed in a legitimate program. This is why the simultaneous use of Active Heuristics is important.
Passive Heuristics analyze a potential threat as it is scanned, tracing through the instructions in the program before passing the code to the processor for execution. Passive Heuristics look for patterns, routines or program calls that indicate malicious behavior. Though an important tool, passive heuristics alone are only part of the solution, as there is no single action that a malicious program can perform that is not also allowed in a legitimate program. This is why the simultaneous use of Active Heuristics is important.
Active Heuristics
ESET's active heuristic technology creates a virtual computer within the scanning engine which allows the scanner to observe what the program might do if allowed to run on a real computer. This can reveal potentially malicious activities that other detection techniques would not identify.
ESET's active heuristic technology creates a virtual computer within the scanning engine which allows the scanner to observe what the program might do if allowed to run on a real computer. This can reveal potentially malicious activities that other detection techniques would not identify.
