This looks promising. Symantec is using brains instead of a database to figure out if software is malicious or not. Something like this is definitely needed - over and above a database approach. It is too easy to change a file name - let's say if you know xyz.exe is a known hack - the hacker can simply post that file all over the place for the unwary user to download with countless other names. Zero day attacks need more than a known list of hacks because their goal is to get out and do damage in one day - before they get into that database. Also with an FBI representative claiming that 15% of the world's computers are hacked and/or controlled by command and control servers doing dirty work - and new hacked servers coming online every day, it is impossible to block out hackers based on IP address or other identifying information alone.