Vulnerabilities / Threats
6/22/2011
12:31 PM
50%
50%

The End Is Near For Paid Antivirus On PCs

The rise of free but "good enough" software spells an end to the days of having to pay for PC antivirus software.

Is the era of not-free antivirus software drawing to a close?

Since before the days of the "I Love You" virus, a best practice for both consumers and businesses has been to buy and run antivirus software on their PCs. But all that's changing--at least, the paid part.

According to data collected by software management vendor OPSWAT, from March to May 2011, the top five most-used antivirus products in use in North America were Microsoft Security Essentials (16%), AVG Anti-Virus Free (11%), Avast Free Antivirus (7%), Norton AntiVirus (6%), and Mcafee VirusScan (4%). Interestingly, three of those are free.

As statistics go, OPSWAT's numbers may not be definitive. Rather, they represent a sample of 43,000 PCs that are running the company's software framework, which can detect antivirus software installed on their PCs. Accordingly, that equals data points drawn from business users, meaning the incursion of free antivirus into enterprise markets may be sharper than you'd expect.

That shouldn't be surprising, however, since free antivirus regularly finds a place in "top 10" third-party antivirus software rankings. "The good antivirus is a free antivirus, we all know this. Avast is good, AVG is good. So many people are 'good enough' that where is the market, if antivirus is free?" Eric Domage, manager of western European security research and consulting for IDC, tells me. "This is a highly commoditized sector. It used to be a market, but now it's a commodity--look at what Microsoft is now doing for free."

When Microsoft unleashed its free Microsoft Security Essentials antivirus scanning engine in 2009, antivirus vendors cried foul and their stock prices took a hit. Cue protests again in 2010 when Microsoft began automatically installing it on PCs that weren't running any antivirus. But in the scheme of things, if Microsoft built Windows, shouldn't Microsoft keep it clean from viruses? At least, that's one line of thinking--and soon the point may be moot.

Indeed, an interesting change happened on the way to commoditized antivirus: Incumbents began making other plans. "McAfee and Symantec have decided to escape this market," says Domage. Symantec, for example, bought storage vendor Veritas and desktop management vendor Altiris, enabling it to move further into those markets. Likewise, McAfee has moved into compliance--not to mention having been acquired by Intel, which may build its software into its devices--while Trend Micro has gone 100% cloud-based. CA also exited the antivirus game, selling its endpoint security group last month to a venture capital firm, which renamed the business as Total Defense.

Meanwhile, last year Apax Partners purchased a majority stake in Sophos for $830 million, and more recently added firewall and unified threat management vendor Astaro to the mix. "This, with some other acquisitions, make the Sophos company very interesting now," he says. "It's a global player in security." But it's no longer just an antivirus vendor.

Today, when it comes to straight-up, PC-based antivirus, "everyone is struggling, even Kaspersky is struggling," says Domage, despite its posting 2010 year-on-year revenue gains of 38%. In January, however, Kaspersky announced that venture-capital firm General Atlantic had paid $200 million for a 20% share in the company. Recently, it also announced a deep management review, transferring more responsibility to executives based in the United States. And the company is now evaluating possible moves into mobile security, compliance, and encryption or other types of data security.

"They've had the VC come in because they didn't know how to do the diversification--they're very good Russian engineers, but they're not experts at global diversification," says Domage. "They've been the world leaders at antivirus, but what if you're the last one?"

Diversification, however, isn't the only option. For example, in China, the makers of the free 360.cn antivirus software make their money in part by selling their software to manufacturers, who include it for free with their products. "If you buy a fridge, you get antivirus. If you buy a microwave, you get antivirus. It's a goodie," says Domage.

When it comes to enterprise IT, one selling point for paid antivirus running on PCs has been ease of management. But why manage antivirus at all? Indeed, it's a short step from paying an annual per-user subscription fee for antivirus signatures to power your endpoint security scanning engines, to paying a per-user annual subscription fee for a vendor to manage antivirus via the cloud.

In other words, expect paid antivirus running on PCs not to end with a bang, but with a "why bother?"

Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity, and corporate accounts cleaned out by sophisticated banking Trojans. In this report, we explain what makes these threats so menacing, and share best practices to defend against them. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5084
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5352
Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

CVE-2015-5537
Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVE-2015-5600
Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!