A computing device communicates a request to a risk determination system to determine whether particular content is malware. The content is oftentimes a file containing a program to be run, but can alternatively take other forms, and an indication of the content is provided to the risk determination system. Additional information describing attributes of the computing device is also provided to the risk determination system. These attributes can include for the computing device hardware specifications, operating system specifications, anonymized information, information describing anti-virus or other anti-malware program settings, information describing programs running on the computing device, and so forth. The risk determination system analyzes the information describing attributes and/or activity of the computing device to determine a risk factor of the content, and from the risk factor determines whether the content is malware for the computing device.