Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

What is the best way for heuristic malware scan, what to check?

rijeka2008
rijeka2008
in Malware Reverse Engineering

Featured Replies

Posted

What is the best way for heuristic malware scan, what good AV should check?



 


The best av for all purposes = ESET NOD32


 


2º  Best AV = Avira


 


The king of false positives  =1º AVAST  & 2º BitDefender Engine


 


The worst/simple malware signature = Kaspersky


  • Author

You did not understand question, I am not looking for AV, I need information what good heuristic scan should look into file, what functions writeprocessmemory or similar?


Does not exist unique way to detect malware using heuristic detection.


 


heuristic = generic


Does not exist unique way to detect malware using heuristic detection.

I don't agree with you here. There are heuristics like when software is reading/writing from/to the registry on places it shouldn't and doing stuff like CreateRemoteThread. Obviously this is not a definitive way to detect malware, but that's why it's called heuristics (also known as 'educated guess' by many people).

To answer the actual question asked: you could start with processing accessing other processes for no good reason. Creating files in the windows directory, registry reading/writing to system-critical parts, creating services. You might annoy people with false positives though :)

  • 1 month later...

heuristic = generic

 

No, those are not the same.

 

Generic detections detect all or several variants of a malware family.

Heuristic methods find a solution for a problem using incomplete knowledge. Heuristic detection describes all malware detection methods that use "a rule-based

approach to diagnosing a potentially-offending file" (see http://www.eset.com/us/resources/whitepapers/Heuristic_Analysis.pdf)

 

That means generic detection can be non-heuristic. E.g. you can create a detection pattern that is generic; but it is not heuristic, because there are no rules involved.

You can also have an heuristic approach that detects more than just one malware family, thus is not generic.

 

@rijeka2008

Read the book by Peter Szor: The Art of Computer Virus Research and Defense. You will find your answers there. The answer to your question is too much to compile in one post, because the ways of detecting malware heuristically are endless. But Szor will give you a good start and understanding. The rest comes with experience.

Edited by Struppigel

 

The best av for all purposes = ESET NOD32

 

2º  Best AV = Avira

 

The king of false positives  =1º AVAST  & 2º BitDefender Engine

 

The worst/simple malware signature = Kaspersky

That's sooooo much bs.

 

All of those AVs suck.

Actually, all of the AVs suck, but that's another topic.

    •
    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.