The Age of Antivirus Nears End

Antivirus, once the mainstay of security infrastructure alongside firewalls, is commoditizing rapidly, even though the volume and potency of new malware continues to increase at a rapid pace. This is causing some analysts and solution providers to question whether it’s worth selling and supporting antivirus. And, they’re questioning whether market leaders Symantec and McAfee should even stay in the antivirus business.

The death of antivirus is a topic that resurfaces every few years. Antivirus is a product that everyone uses, but is never really satisfied with. The core signature-based method for detecting and eradicating viruses, worms and Trojans was never foolproof; and even the addition of heuristics, black listing and sandboxing have only incrementally improved performance.

Worse for antivirus vendors, each additional process added to the antivirus engine impedes performance. Symantec, for instances, is still trying to shake off the reputation hit it took with the release of Symantec Endpoint Protection 11, which was widely known as a resource hog that bogged down PCs. No matter how efficient an antivirus engine is, it comes with processing overhead and performance hits.

Despite antivirus technology limitations, products often sell well because they do a good job of eliminating most of the malware threat and reducing the clutter computer users and servers collect by being connected to the Internet. Antivirus is readily available and, thus, becoming more of a commodity bought on price. Although performance is often noted as a differentiator, the difference between products is often unnoticeable to the average user.

An inability to distinguish quality, over-distribution and the increasing availability of free product is driving the monetary value out of antivirus products, which is causing some analysts to advocate for Symantec and McAfee to move on from this technology and focus on higher value products and systems.

Sure enough, Symantec and McAfee are increasingly less about antivirus and more about advanced security technologies.

Symantec, which is currently undergoing its “Symantec 4.0” restructuring, is setting up to focus on systems management, stored data protection, identity management and infrastructure security. Symantec paid more than $1.2 billion for VeriSign’s digital certificate and identity management business, and has yet to do much with it.

McAfee, owned by Intel for the last two years, is more focused on mobility, security information management and data loss prevention. It’s more of an enterprise security player, with much of its channel wrapped around enterprise and midmarket security engagements.

Trend Micro, third among the top security software vendors, is a substantial player in antivirus, but is increasingly focused on virtualization and cloud security, as well as protecting Internet users from malware and hacking threats through reputational analysis.

Increasingly, the battle for the antivirus future is between Sophos and Kaspersky Lab.

Kaspersky, the Russian security software company that has built a formidable channel network, is building upon its consumer and small business antivirus roots with the release of Kaspersky Internet Security, a full function suite with a management console suitable for midmarket and small enterprise customers.

Sophos, on the other hand, has traditionally been an enterprise security company that addresses threats on the network layer. Lately Sophos has been pushing down into the midmarket, as it consolidates products and capabilities around antivirus, data loss prevention and unified threat management.

On the periphery, Avast and Microsoft are stealing market share in consumers and small business with their freeware. AVG Technologies is recasting itself from a consumer company to a small business security services leader with its CloudCare platform. And FireEye, now headed by former McAfee CEO Dave DeWalt, is getting exceedingly aggressive against antivirus market leaders with its new malware detection technology.

Chances are Symantec and McAfee will not give up their antivirus business, as it represents hundreds of millions of dollars of their annual revenue. Solution providers, though they see less return on their antivirus sales, will likely stay in the game, as antivirus still completes the total security package. And antivirus will remain a necessity, as no other technology has emerged to replace it.

Yet, the pressure on antivirus is similar to the pressure placed on conventional firewalls. The average firewall actually does very little to secure a network; it’s mostly there to squelch the background noise of the Internet. But, vendors and solution providers continue to sell firewall and customers continue to buy them because they are a foundational level of security. It’s just their value – technologically and monetarily – have long since passed.

Related Articles:

4 Responses to “The Age of Antivirus Nears End”

  • Desktop/Endpoint anti-virus won’t go away anytime soon, but it is merely one piece of the security stack. Obviously, an organization needs to determine their exposure to known and unknown risks and implement an appropriate security architecture. AV isn’t much help against insider threats, many APT vectors, IP Theft, fraud and data loss. It’s important to look at infosec holistically and not as a set of discrete tools that operate without integration or intelligence.

  • If Anti-virus vendors disappeared then the hackers would go back to the spray and pray method of Virus distribution, and the Anti-Virus vendors would need to come back.

    The fact that the bad guys have to adapt is not a bad thing, however if we get rid of the antivirus guys the bad guys will go back to their old habits, which would be bad for everyone.

    We implemented Trend, with their sandboxing technology and have not had a major out break in the 18-19 months we have had them implemented. In fact the only place we saw a virus get through was when we deliberately set some free in a POC of Fire-eye, it didn’t stop many, about 4 out of 10.

    • Mike Cyr:

      The author is not saying that antivirus will go away.. only that antivirus companies should focus on other business. The differentiators between antivirus products, including free ones, are no longer significant. Yes, you’ve had good luck this year with Trend and their sand-boxing. But some other threat will come along and another AV product will do better with that. The point is that fretting over, studying, paying huge costs to implement, etc., different AV products is not worth the minimally improved return. Pick a product and stick with it for a while.. preferably a free one or like Microsoft’s, licensed along with other enterprise license packages.

  • craig kensek:

    Antivirus/antimalware technology, providing protection for the desktop won’t go away for awhile, whether it’s delivered via software on the desktop or via the cloud. In a multi-layered defense, it’s the last later of protection. Over the next few years, all the methods of detection will probably be incorporated in vendors’ desktop antivirus/internet security offerings. Signature files won’t be going away any time soon. Security vendors need all the information about bad stuff that they obtain from consumer desktops (look at the opt-in fine print, people).

    How much of a commodity is desktop AV? – At a big box retailer (beginning with F), there were about 10 AV/Internet Security products free(as of 3/12) after rebates if purchased with tax software as a competitive upgrade.

    All vendors like to talk about speed and time to perform a scan of the hard drive. They don’t mention that percentages are irrelevant when talking about milliseconds for some operations. For scanning the hard drive, they never suggest “schedule to run at night, while at lunch, or in the shower”.

    Firewalls – people will move on to Next Generation Firewalls.

    FireEye – Unless I’m mistaken, their multiple appliance solutions don’t replace anything. They’re in addition to what a company already has. FireEye is not a consumer solution. One of their appliances requires licensing AV software from a vendor.

    It’ll be interesting to see how CloudCare does. It sounds similar to what Novell was trying with ManageWise years ago before it became Zendesk.

Leave a Reply