Malware detection based on machine learning typically involves training and testing models for each malware family under consideration. While such an approach can generally achieve good accuracy, it requires many classification steps, resulting in a slow, inefficient, and potentially impractical process. In contrast, classifying samples as malware or benign based on more generic "families" would be far more efficient. However, extracting common features from extremely general malware families will likely result in a model that is too generic to be useful. In this research, we perform controlled experiments to determine the tradeoff between generality and accuracy-over a variety of machine learning techniques-based on n-gram features. 2.1 Related Work Wong and Stamp (Wong and Stamp, 2006) show that hidden Markov model (HMM) analysis applied to op-442