Not saying you're wrong about antivirus scanners, but I have seen Kaspersky work very well on systems with viruses on them. I found Kaspersky after using Norton, ending up with a virus, installing Kaspersky, finding and eliminating the virus. And since installing and renewing my subscription haven't had any problems on the computers it is installed on. I like it!

Thats only because in that instance the Kapersky definitions were more up to date than Nortons which on a fresh install would make sense or if you had not run a Norton definition update before the scan.

All virus scanners have the same limitation, they can only find what they already know to look for.

Basically that means that until a new virus in the wild is found and identified none of the commercial products out there will do squat.

Heuristics can and will detect a new virus that hasn't been included in the definitions.
It can also produce a lot of false positives, but for the most part they do detect some new virusses.. either because they do something they shouldn't or because they reuse part of another virus.

Heuristic still relies on known threats. It’s basic machine learning. Making a determination based on knowns.

You're both talking WAY above my head. I just know I like how Kaspersky works.

On my credit card, for anything that is not in my regular sphere of buying, I get a text message from the credit card company asking me to OK the purchase.

This was basically how she found out about the fraudulent use.

I'm grateful to you all for the suggestions. The leading candidate looks to be the computer.

It's basically like this.

Any app (consider a virus an app) is just code.

There is good code and there is bad code.

In this example Code ='s Dog.

All Poodles are dogs but not all dogs are Poodles.

That Poodles are bad is known.

That Labradors are good is known.

So your virus scanner checks against a list of known dogs and when it finds a Poodle it deals with it accordingly.

What Heuristic scanning attempts to do is make a determination on an unknown based on other knowns.

Enter the Labradoodle, an unknown.

Virus scanner looks at it and says "well it LOOKS like a Poodle so I'ma gonna flag it as bad"

It will also try to figure it out by how it acts, "hmmm, it likes water, fetching things, full of energy, and is in a perpetually happy state. I think it's a Lab so I think it's safe"

This is were the false positives and negatives with Heuristic come into play. It can see the same dog as both good and bad.

Sure, but that does catch virus's that are not known to the AV lab and have not beenidentified, classified and added to the defs.

They can act on just payload rather then method of spread
or just on method of spread and not the payload.

just AV devs would be like looking for the a known virus or strain of that virus
Matching the thing under your scope against known samples like flu, ebola,etc etc

Heuristics will also see a completely new virus in the blood sample because it's obviously infecting a red blood cell. The fact that they see something invading the blood cell, evne if it doesn't match anything, will set of the alarm.

pc heuristics does the same.
That's why quite often it will trigger on things like password hacking tools, or software protection cracks. Even when quite often there is no virus.
the cracks often contain assembly code that does fancy trickery and heuristics flip out on it.

And yes , sometimes it is an actual virus from downloading crap.
But I can give you examples that are completely virus free, yet many heuristic scanners will go ape**** on them.

Yes, see my Dog analogy.

Well sure, but Heuristics can also trigger off something that isn't a poodle descendant.
Poodle = known
labradoodle = some traits match
Chihuaha = unknown, and for all intent and purpose it's a F'ing rat ...
Heuristics would say 'Shows it's teeth and barks like a bellend.." Kick it.

Yes, a Poodle is not the only Dog whose traits we've flagged as bad.

Was providing a basic example.

Figured Cab could extrapolate from there.

it would also go off aon a racooon even if there are only dog definitions in the AV DB

That's the point, it doesn't have to be in the definitions at all for heuristics.. you said it had to be a known
a racoon would be a complete unknown for a set of dog definitions

I did not say it had to be in the definitions.

Knowns don't have to be.

But there does have to be a known to trigger a raccoon.

Something that when it looks at a raccoon, or chimp, or a fricken shark with laser beams extrapolates good or bad based on characteristics or behavior.

Like, showing its teeth.

Thats why its not as reliable as signature based and often is more of a pain in the ass than it's worth.

But it's still working off knowns.