It was the year 1993 when I first started using Anti-Virus products and actually came to know what this class of software do. At that time, only a handful of products were available to deal with a known handful of malwares. A normal user would just go to a computer hardware shop and demand for a virus removal tool to meet his requirements. Often, users would just name the viruses and asked the vendor to provide an Anti-Virus product. Almost all the Anti-Viruses were capable to deal with the limited viruses in the wild.
From the year 1998, the cyber crime story started changing. Virus authors became more equipped and wrote more polymorphic variants. To deal with these types of malwares, Anti-Virus companies modified their product and we started to hear the term "heuristics". After some years, the term "heuristics" became even more prevalent and became a marketing weapon for the vendors.
Anti-Virus companies started using terms:
"Advanced Heuristics", "Advanced Genology Detection", "Advanced Behavior Analysis", "DNA analysis" etc. to name their technology to deal with unknown malwares. Novice users often get bluffed with these catchy terms and think that the product is offering something highly sophisticated and patent holding technology that is unique in the world. Consumers who bought these products equipped with highly sophisticated technology, started considering themselves above the average user base. But this pride didn't last longer. After a couple of months these above average users complained why their highly sophisticated products didn't rescue them from unknown file modifications and unusual system behavior.
Heuristics is there and it works sometimes. But it has it's own limitations and is not 100% fool-proof. In the past few years I have seen malwares that easily bypassed the so called "Sophisticated Patent-Pending Heuristics". Often I experience how heuristics bite dust with the variety of variants of malwares in the wild.
I am not against the technology of any company nor I am naming any company in particular. I just want to present my view that catchy name alone is not sufficient, sooner or later the user will come to know how effective a product is. The technology must also work and prove whether it is worth any Patents or not.
Comments