I always use mutexes based on machine unique characteristics. Obviously one can still reverse engineer the algorithm and ship AV updates to keep those mutexes. But that's more work than shipping in.txt and out.txt full of strings to your anti virus clients. In the end I think that this ultimately does not mitigate the discrepancy between attacker and defender costs.
