How is heuristic-based virus detection possible?

Question

The Halting Problem states that it is impossible for one program to predict the output of another, or whether it will terminate.

That got me thinking... how do heuristics based-scanners decide whether a given executable program's instructions are "virus-like", seeing as that would entirely involve predicting what the program is going to do?

Answer 1

Usually viruses use some kind of "pattern" in their code, like opening some special registry keys or execution of rare used system functions, or self-code modifications, so analyzer can "see" these actions and mark such program as potentially virus, of course it has some percentage of false alarm