14 Jun 2011

Heuristic Antivirus Scanners: Worth the Risk?

There is a distinct advantage to the Heuristic antivirus scanner. Because Heuristics examines behavior, a virus is more likely to be caught before it has done any damage. Heuristics uses a sandbox method, which effectively isolates a program in order to test it before a system is exposed to it. If the behavior of the program is unusual, the system will not allow it to load and warn the user that it is possibly contaminated. A signature-based scanner will only check the code for matches. With code mutations and quickly developing viruses, your computer would be at risk without any other way to check the systems.

Heuristic scanners do have the occasional tendency to identify an infected program incorrectly. The problems that ensue can be drastic. If a program is flagged as infected and you take the action to shut it down, it can disable the whole operation of the system. Heuristic antivirus scanners can also slow your system down a bit, though most security software slows it to some extent. Checking programs and system behavioral checks take a bit of time.

Most antivirus scanners actually use some type of Heuristic programming. Despite the slight risk of a false positive, having the extra precaution by testing system behaviors is better than just relying on signature-based detection.