The End Is Near For Paid Antivirus On PCs

Is the era of not-free antivirus software drawing to a close?

Since before the days of the "I Love You" virus, a best practice for both consumers and businesses has been to buy and run antivirus software on their PCs. But all that's changing--at least, the paid part.

According to data collected by software management vendor OPSWAT, from March to May 2011, the top five most-used antivirus products in use in North America were Microsoft Security Essentials (16%), AVG Anti-Virus Free (11%), Avast Free Antivirus (7%), Norton AntiVirus (6%), and Mcafee VirusScan (4%). Interestingly, three of those are free.

As statistics go, OPSWAT's numbers may not be definitive. Rather, they represent a sample of 43,000 PCs that are running the company's software framework, which can detect antivirus software installed on their PCs. Accordingly, that equals data points drawn from business users, meaning the incursion of free antivirus into enterprise markets may be sharper than you'd expect.

That shouldn't be surprising, however, since free antivirus regularly finds a place in "top 10" third-party antivirus software rankings. "The good antivirus is a free antivirus, we all know this. Avast is good, AVG is good. So many people are 'good enough' that where is the market, if antivirus is free?" Eric Domage, manager of western European security research and consulting for IDC, tells me. "This is a highly commoditized sector. It used to be a market, but now it's a commodity--look at what Microsoft is now doing for free."

When Microsoft unleashed its free Microsoft Security Essentials antivirus scanning engine in 2009, antivirus vendors cried foul and their stock prices took a hit. Cue protests again in 2010 when Microsoft began automatically installing it on PCs that weren't running any antivirus. But in the scheme of things, if Microsoft built Windows, shouldn't Microsoft keep it clean from viruses? At least, that's one line of thinking--and soon the point may be moot.

Indeed, an interesting change happened on the way to commoditized antivirus: Incumbents began making other plans. "McAfee and Symantec have decided to escape this market," says Domage. Symantec, for example, bought storage vendor Veritas and desktop management vendor Altiris, enabling it to move further into those markets. Likewise, McAfee has moved into compliance--not to mention having been acquired by Intel, which may build its software into its devices--while Trend Micro has gone 100% cloud-based. CA also exited the antivirus game, selling its endpoint security group last month to a venture capital firm, which renamed the business as Total Defense.

Meanwhile, last year Apax Partners purchased a majority stake in Sophos for $830 million, and more recently added firewall and unified threat management vendor Astaro to the mix. "This, with some other acquisitions, make the Sophos company very interesting now," he says. "It's a global player in security." But it's no longer just an antivirus vendor.

Today, when it comes to straight-up, PC-based antivirus, "everyone is struggling, even Kaspersky is struggling," says Domage, despite its posting 2010 year-on-year revenue gains of 38%. In January, however, Kaspersky announced that venture-capital firm General Atlantic had paid $200 million for a 20% share in the company. Recently, it also announced a deep management review, transferring more responsibility to executives based in the United States. And the company is now evaluating possible moves into mobile security, compliance, and encryption or other types of data security.

"They've had the VC come in because they didn't know how to do the diversification--they're very good Russian engineers, but they're not experts at global diversification," says Domage. "They've been the world leaders at antivirus, but what if you're the last one?"

Diversification, however, isn't the only option. For example, in China, the makers of the free 360.cn antivirus software make their money in part by selling their software to manufacturers, who include it for free with their products. "If you buy a fridge, you get antivirus. If you buy a microwave, you get antivirus. It's a goodie," says Domage.

When it comes to enterprise IT, one selling point for paid antivirus running on PCs has been ease of management. But why manage antivirus at all? Indeed, it's a short step from paying an annual per-user subscription fee for antivirus signatures to power your endpoint security scanning engines, to paying a per-user annual subscription fee for a vendor to manage antivirus via the cloud.

In other words, expect paid antivirus running on PCs not to end with a bang, but with a "why bother?"

Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity, and corporate accounts cleaned out by sophisticated banking Trojans. In this report, we explain what makes these threats so menacing, and share best practices to defend against them. Download it now. (Free registration required.)