Usually viruses use some kind of "pattern" in their code, like opening some special registry keys or execution of rare used system functions, or self-code modifications, so analyzer can "see" these actions and mark such program as potentially virus, of course it has some percentage of false alarm
How is heuristic-based virus detection possible?
-
01-07-2022 - |
質問
The Halting Problem states that it is impossible for one program to predict the output of another, or whether it will terminate.
That got me thinking... how do heuristics based-scanners decide whether a given executable program's instructions are "virus-like", seeing as that would entirely involve predicting what the program is going to do?
解決
所属していません StackOverflow