Thursday, December 18, 2008

what are static heuristics?

static heuristics are a branch of heuristic techniques that try to determine if a suspect program is malicious by examining the structure and contents of the program in an inactive (static) state and trying to find (for example) code fragments that have been commonly used for malicious ends in the past...

this type of technique is especially dependent on having detailed knowledge not only of the contents past malware but also of the contents of legitimate programs so as to avoid alerting on the presence of code that, though heavily used by malware, is also common in legitimate software...

one of the strengths of static heuristics is that, unlike dynamic heuristics, it is able to examine multiple possible program execution paths due to the fact that it's looking at all the contents of the program instead of just the code that would get executed during one particular invocation of the program... unfortunately, malware writers have developed a number of techniques to obfuscate their code in such a way as to prevent a heuristic engine from being able to see the actual code and thus preventing it from performing static analysis on that code...

back to index

0 comments: