Usually viruses use some kind of "pattern" in their code, like opening some special registry keys or execution of rare used system functions, or self-code modifications, so analyzer can "see" these actions and mark such program as potentially virus, of course it has some percentage of false alarm
How is heuristic-based virus detection possible?
-
01-07-2022 - |
문제
The Halting Problem states that it is impossible for one program to predict the output of another, or whether it will terminate.
That got me thinking... how do heuristics based-scanners decide whether a given executable program's instructions are "virus-like", seeing as that would entirely involve predicting what the program is going to do?
해결책
제휴하지 않습니다 StackOverflow