Heuristic techniques are born from the need for a "generic detection" of computer viruses. It's called generic detection because of the possibility of detecting any virus even if it hasn’t been analyzed yet and if it’s not in the antivirus database under consideration. It seems senseless but it is as simple as searching for "common instructions" of the virus to warn of the possibility that a file or program is infected.
When we analyze the first manual of any file, we first see instructions for detecting the parameters of the command line, clear screen, a function call, execute a macro. The experience is definitely what drives a person to recognize something infected with something clean in seconds. That "experience" has attempted to introduce anti-virus programs under the name of "heuristics."
The performance of the heuristic is simple: Firstly it is analyzed any suspicious program without executing the instructions, trying to figure out what the program would have done if it have been executed. The program has instructions for doing something that is rare in a normal program, but that is common to a virus.
Without any doubt the main problem of heuristics have been the false positives. The problem is in the user’s interpretation rather than in the quality of the heuristic routine. Understanding Heuristics as an indicator of probability of infection, leads us to consider it as an improved detection system to include the antivirus that allows us to establish an early warning system and prevent the appearance of mutations of viruses or new viruses.
Viruses have code patterns that are like their "fingerprints." The antivirus software looks for these patterns, but only those that are stored on your list (that’s why the update is so important). These products can also make use of heuristics, they actually scan files to detect behaviors similar to those of the virus.
Every day the number of the new viruses increases and also the alternatives to neutralize them, without programming the antivirus to recognize them; this is the “heuristic research”. Through this technique, the antivirus program analyzes the code of the programs by looking for instructions, suspicious activity or signs that betray the presence of computer viruses, according to the usual patterns used by the malicious codes.
The heuristic method is a programming technology that includes classic chains similar or related to authentic virus, in its detection routines. If the heuristic method is not well planned, it is likely to incur false positives or negatives.
To efficiently detect and remove a virus as well as repair the damage, it is necessary for an antivirus software to have included in its own database routines for detecting and eliminating the exact viral micro code for that species. However, the heuristic search technique virus "families" is an efficient way to detect viral species belonging to the same family, although not an absolutely accurate or efficient.