To understand that approach, it helps to understand the problem that other malware products have not solved.
Today, malware is being written faster than non-malware software. See here for details.
This plague of malware is only possible because our computers have no immune system. And so nearly every new malware has time — plenty of time — to spread unhindered, before your AV product knows enough to detect it. Even if you update your scan strings several times a day, and scan several times a day, you won't catch new malware until your vendor gets a copy of it, gets around to analyzing it, and adds its detection to its scan strings. That is long enough for big trouble. Thirty years ago, one of us was consulting to Norton. In the senior developer's office was a big stack of floppies, sitting in his in-basket, with this note: “ New, from Asia” . When I asked him about it, he said he hadn't gotten to them yet. Today, “ new from Asia” takes just seconds to get to your machine, and still can take weeks to get into your AV detection strings.
The solution that most products have taken is a “ heuristics” mode, in which they guess that a file might be bad. Guessing isn't bad if you are playing Jeopardy, but if we're guessing about malware, then you and your computer are in jeopardy.
Wuzzup's approach is different. We don't guess. We know. We know about “ good” healthy safe files. We know about millions of malware files. And so we know the third category, too: we know what we don't know. If Wuzzup doesn't know that a program in your machine is safe or malware, then it knows that it doesn't know what it is, and ships a copy to our lab for immediate analysis