Herd intelligence is not without its downsides
However, despite the advantages of moving to a herd mentality model, the expert recognizes that there might be significant obstacles for vendors to overcome in making such a transition -- including the cost of shifting away form their existing malware signature creation and distribution methodology.
Among the biggest issues for anti-malware vendors to consider is the issue of false positives as many legitimate or nefarious programs may be misclassified by one vendor or the other, and behavior detection-based tools will still be needed to keep an eye out for sites and applications that have been compromised.
Customers may represent another hurdle, Jaquith said, as not all companies will initially be comfortable with sharing the necessary level of access with vendors, and some may fear that such a system could offer new opportunities for data loss. Prevx, for one, is already dealing with the issue of privacy by guaranteeing that the only information being sent over its pipelines from customer PCs is related to executable files.
An even larger problem could be the "data glut" generated by the herd anti-malware networks.
"Telemetric data provided by herd endpoints will be substantial," said Jaquith. "Anti-malware vendors will need to spend significant millions of dollars of capital to create scalable infrastructures to collect, process, and store data furnished by endpoints."
The white lists of legitimate applications maintained by anti-virus vendors will also need to be updated frequently to address the release of approved programs and patches, a process that will require even additional levels of cooperation between many different types of software makers, he said.
Along similar lines, Symantec researchers recently detailed a new program through which they are gathering detailed information about software applications installed onto the computers of customers using its desktop anti-malware suite.
Using an opt-out participation model, the experiment studies the behavior and distribution details of individual programs to help make recommendations to users about which programs they decide to install or avoid.
"Right now, this is just a long-term research project, but we hope that as we get more users involved in the system, we can truly get a better idea of what is on people's computers so that we can identify malicious software based on the demographics of who is using it versus what it does," said Carey Nachenberg, a senior member of Symantec's Security Research team.
"We're hoping to get more clarity through the large base of users we have," he said. "By collecting this data, we should be able to get the most comprehensive view of the usage patterns to derive reputation information for everything they use."