This paper is designed to provide a basic understanding of what heuristics are and how they are used in the anti-malware industry. Topics covered include signature based detection, generic signatures, passive heuristics, and active heuristics or emulation. A very basic compression algorithm is developed and taught so as to enhance understanding of how compression works and why it poses problems for signature based detection. Encryption and polymorphism are also explained in easy to understand terms and examples. A variety of false positives from a variety of unspecified products are used to reveal some of the types of thinking that go into creating heuristic approaches. For those who already understand the subject, the approach used should provide insight into effective methods of teaching complex technical subjects to less technical students, or even to technical people who are simply unfamiliar with the subject.