This is more of a theoretical inquiry and possibly a longer-term suggestion, which is why I am creating a separate thread... ...please be aware that this is being created here mostly because of a new trend that is being discussed here on Wilders, in which people are concerned about the attack surface added by their actual security software; more specifically, the cloud or definition database... It would be comforting, definitely a plus, (and some would go as far to say necessary) to add some sort of integrity protection to the client to be able to detect if the cloud has been compromised. Again, hear me out on this. I'm sure this sounds radical/out-of-place but this is a growing concern and it has gotten me a bit shaky and definitely thinking... Cloud-Client Integrity Protection is a module/sub-shield that runs with the real-time protection of Webroot SecureAnywhere and is turned on by default. It regularly and efficiently checks to ensure that the data coming to and from the Webroot Threat Intelligence Network cloud is authentic and follows Webroot security conventions. If data deviates from the norm, the client will automatically... Notify Webroot security professionals with the details of the suspected compromise Terminate communication to and from the cloud after event details are sent Turn all the heuristics up to maximum Launch a protective scan that checks all areas that the cloud interfaced with last when the breach was detected, in addition to the standard deep scan Prompt the user with a RED message notifying that cloud protection has been temporarily suspended and heuristics are on maximum temporarily while Webroot addresses a potential issue with their cloud When the issue is resolved, notify the user with a GREEN message telling them heuristics have been restored to their previous settings and the cloud protection has been reactivated A lot of people are concerned about antiviruses and other security software creating attack surface themselves, after the recent issues with Norton (and their dishonesty) and Panda being hacked and the hackers claiming they "did more" than Panda admits. Even with a cloud product like Panda or WSA where there is very little of anything stored on the local machine/client, the cloud is a massive amount of attack surface, technically speaking, if it were to be compromised. I am almost certain many of you will come back and suggest I ask the sky to hit me with lightning while making cupcakes appear in front of me; but still, this is a theoretical possibility that some people are becoming increasingly concerned about, and while very skeptical I remain, I cannot blame them. I do however, approach this from a slightly different standpoint. Why not view this issue as an extension on self-protection modules, which protect the actual application from harm, and have been included for years now? Why not protect the cloud/database from talking to the client if a compromise is suspected. The same heuristics the program uses could be employed to do such a task. And lastly, I of course am aware that Prevx's awesomeness combined with Webroot's large servers probably have so much security already to protect from intrusion, but this would be an additional layer that would give people peace of mind that even if the cloud was compromised and mal-definitions were served up, the clientside of Webroot would stop talking to the cloud and resort to heuristics. Thanks for reading.