In a system that uses purely reputation (let's negate all heuristic functions of such systems for now) I assume that it takes a tally of how many people have downloaded/ run a particular file. The more people the higher reputation. How do systems like this protect themselves from someone simply moving that file through multiple machines or virtual machines? If a reputation system factors into or overrides heuristics and spoofing were possible it could be a big issue. I know SmartScreen uses reputation. I think Norton does as well and multiple other systems. I'm looking for insight as to how they manage to deal with this issue.