If only a few people among the millions of Symantec customers who could contribute usage data to such a program were utilizing some application in question, it would be prudent to recommend that people avoid the program until its nature has been better determined, he said.

Using opt-out tools that provide anonymous feedback on applications that were built into Symantec's existing Norton AntiVirus and Internet Security 2008 products, the company is already gathering the type of data necessary to create such a system of recommendation.

"Right now this is just a long-term research project, but we hope that as we get more users involved in the system, we can truly get a better idea of what is on people's computers so that we can identify malicious software based on the demographics of who is using it, versus what it does," Nachenberg said. "We're hoping to get more clarity through the large base of users we have; by collecting this data we should be able to get the most comprehensive view of the usage patterns to derive reputation information for everything they use."

Faced with questions over potential privacy issues driven by Symantec's ability to watch just who is using what applications and how, the researcher reiterated that users must be made aware of the data collection, allowed to opt-out, and guaranteed that all the information aggregation is done in an anonymous fashion.

By offering users the ability to decide whether or not to use an application based on demographics, versus simply blocking programs based on its own observations, the company will also give people more freedom to determine what tools they feel are appropriate to use, he said.

"If we know that only five people are using a program, given the tens of millions of users we ultimately hope to have in the system, we can be totally objective and recommend that people wait until it is scrutinized further before using it," the researcher said. "We will need to have some manual process for white-listing programs as well, but we think that using this approach we can deliver a reasonable amount of quality with a low false positive rate."

If the volume of new malware strains arriving on the Web continues to outpace the proliferation of legitimate programs, Nachenberg said that AV vendors including Symantec may need to move to a white-listing approach in general, and focus more attention on identifying good applications instead of trying to chase down all the bad.

"If there is less software to analyze that is good, it makes more sense to spend our time scanning for good programs and simply telling our users to avoid everything else," he said. "We're considering models where we can produce the world's largest up-to-date white list of software, but it's not something we can put together in a year; maybe in two-to-three years time."