Faced with questions over potential privacy issues driven by Symantec's ability to watch just who is using what applications and how, the researcher reiterated that users must be made aware of the data collection, allowed to opt-out, and guaranteed that all the information aggregation is done in an anonymous fashion.

By offering users the ability to decide whether or not to use an application based on demographics, versus simply blocking programs based on its own observations, the company will also give people more freedom to determine what tools they feel are appropriate to use, he said.

"If we know that only five people are using a program, given the tens of millions of users we ultimately hope to have in the system, we can be totally objective and recommend that people wait until it is scrutinized further before using it," the researcher said. "We will need to have some manual process for white-listing programs as well, but we think that using this approach we can deliver a reasonable amount of quality with a low false positive rate."

If the volume of new malware strains arriving on the Web continues to outpace the proliferation of legitimate programs, Nachenberg said that AV vendors including Symantec may need to move to a white-listing approach in general, and focus more attention on identifying good applications instead of trying to chase down all the bad.

"If there is less software to analyze that is good, it makes more sense to spend our time scanning for good programs and simply telling our users to avoid everything else," he said. "We're considering models where we can produce the world's largest up-to-date white list of software, but it's not something we can put together in a year; maybe in two-to-three years time."