This resource is no longer available
Heuristic Analysis- Detecting Unknown Viruses
Some of the most persistent myths in computing relate to virus and anti-virus (AV) technology. The widely-held belief that AV software can only detect specific, known viruses has been around since the early days of AV research. It wasn’t altogether true then; some of the first AV programs weren’t intended to detect specific viruses, but rather to detect or block virus-like behavior, or suspicious changes in files. And, it’s definitely not true now.
Commercial AV systems supplement signature scanning with a variety of more generic approaches, which are often grouped together under the banner of heuristic analysis. Furthermore, most modern AV products are capable of detecting a wide range of malicious software (malware is a contraction of the words “malicious” and “software”), not just viruses. These may be combined with other security technologies such as the detection of spam and phishing messages.