Describe and analyze Heuristic Scanning Explain your answer

Describe and analyze Heuristic Scanning. Explain your answer and site an example.

Solution

Please follow the data and description :

Heuristic analysis :

This is a method that is employed by many of the computer antivirus programs designed to detect the previously unknown computer viruses, as well as new variants of viruses already. This is an expert based analysis that determines the susceptibility of a system towards a particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis abbreviated as MCA is one of the means of weighing. This method differs from statistical analysis, which bases itself on the available data/statistics.

Process :

Antivirus programs that utilise the heuristic analysis perform the respective function by executing the programming commands of a questionable program or an interactive script within a specialized virtual machine used, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed on the other hand keeping the suspicious code isolated from the real-world machine. It then analyzes the commands as they are performed, monitoring for common viral activities such as replication, file overwrites, and attempts to hide the existence of the suspicious file. If one or more virus-like actions are detected, the suspicious file is flagged as a potential virus, and the user is alerted of the suspicious activity immediately.

The other common method of the heuristic analysis is for the anti-virus program to decompile the suspicious program, then analyze the respective source code contained within the method. The source code of the suspicious file is compared to the source code of known viruses and their virus-like activities. If a certain percentage of the source code matches with the code of known viruses or virus-like activities, the file is blocked, and the user alerted.

Hope this is helpful.