The AV industry has come up with many new technologies to more adequately fight these threats such as behavior blockers and URL blocking. After a long struggle, we're in a position to deploy technologies that can significantly improve protection rates without receiving punishment from outdated tests. What this means in real life is that the big numbers can be made a lot smaller. Rather than focusing all efforts on detecting 100% of the binaries we can analyze infection chains and look at the least polymorphic part of the chain. The main protection method can then be based on that least polymorphic part. The greatest challenge that this approach brings is making sure that already infected users are still getting adequate detection rates. A number of solutions to address this problem will be shown, some of which we have successfully implemented at Kaspersky Lab. Additionally, I will show the results of five case studies based on this approach and the hurdles faced.