I just got off the phone with one of the major AV companies as to why a lesser known AV caught a virus that theirs didn't. The details of that delima are not important.
What caught my attention about the conversation was when the technician made mention "we do traditional scanning while others do heuristic scanning". He went on and on about how proven the traditional method was and such. But I couldn't get any detail out of him as to what the difference was?
Is there really a difference in effectiveness, or is this just merely a difference in technique each having their pros and cons? What are the differences?
Best Answer
Traditionally, antivirus software heavily relied upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created. Because of this, signature-based approaches are not effective against new, unknown viruses.
Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs with statistical analysis, which bases itself on the available data/statistics
In a nutshell Signature based is great for existing threats but heuristic will use algorithms to 'best guess' if a program is a virus therefore allowing it to potentially catch new viruses which are not recognised by their signatures. You also can get a lot of false positives from heuristic AV.
I lifted a fair chunk of this from here and here