How Consumer Security Vendors Can Fight Freeware (part 1)

Lately, I’ve been delving quite a bit into the consumer
security market. This is perhaps the biggest change in my security coverage as
I moved to focus on vendor-oriented research. Forrester doesn’t have consumer
clients, so our coverage of consumer security in the past has been less then rigorous,
except in cases where our IT clients raise issues in areas like B2C/G2C online
security (phishing, risk based authentication, fraud and identity theft, etc.)

A major source of anxiety for the consumer
security vendors is freeware. Companies like AVG, ALWIL (Avast!), Avira, and
others offer antivirus for free, with Microsoft hitting the market soon with
its new service code-named Morro. But it’s more than just AV: with free antispyware,
free  personal firewall, free HIDS and so
on, the big consumer security vendors have a right to be concerned. Take Symantec,
where 30% of its revenues and 45% of its income comes from its consumer
security division. Symantec and others – such as McAfee, Trend, and even Tier 2 players like Kaspersky – have revenue streams to protect in their consumer security products.

And our market research indicates that these freeware
products are taking a pretty big – and growing – bite out of the market. But
here’s the other thing we’re seeing: consumers aren’t choosing the freeware
products primarily because of price. In fact, they are more likely to select
products based on their own research or the recommendation of people they
trust then basing their selections to a large degree on price.

This should certainly cause some head-scratching from the consumer security vendors. What does this mean for them that freeware is growing, but price isn't the main reason consumers are selecting it?

I have
several thoughts on that I will go into the next post. In the meantime, I’d be
interested to hear back from you about this. What are your thoughts about the consumer freeware “menace”?

Comments

re: How Consumer Security Vendors Can Fight Freeware (part 1)

When free products are recommended to novice computer users then it's because:1- it works (or all AV products no matter which, to some degree don't work anyway ;-)2- it is free!So the price issue is already covered in the recommendation. IT guys would very rarely recommend a paid AV product to family members thus price is inherently a built in concern.If I were to recommend Symantec and AV to my mother, which one do you think she's going to get?

re: How Consumer Security Vendors Can Fight Freeware (part 1)

Pricing is not the issue. Except may be the change made from a perpetual licences with free update to a yearly pay per use.Most of the serious security tool are free and were built by the best hackers we know about (nessus, OWASP tools, etc.).What is going on is that people saw in their company that open source are often better than non open source product. So then at home they try to use them.It is also an area where you want to pick best of breed product, and not a full suite from one vendor.Then finally, the non open source product are often very resource consuming (CPU, memeory) and targetted to the latest PC and OS, letting all the others alone.

re: How Consumer Security Vendors Can Fight Freeware (part 1)

To Mr. William's point: I had thought about the open source analogy, and I'm hesitant make it here. Open source is truly a movement guided by principles: that software developed transparently by a community has value and even some potential advantages (security review, speed of development, etc). Free AV is simply about price: no one is making source code available, or somehow opening up their security research labs or alerting services.But I do agree with Mr Salah's point that it is more difficult to discern the quality/performance difference between free antimalware and commercial product. But to the question about recommendations: if I recommended a free and a commercial product to my mother, she'd ask me to narrow it down to one! I see lots of people recommending commercial products instead of free. And there are many free products that don't do terribly well in the consumer marketplace (OpenOffice comes to mind).So I think this is about the particulars: I would think few if any of you simply recommend "Just download one of the free products". Instead, you might recommend a *particular* free product. Am I right? In which case, it's not about the price, but about the product itself.

re: How Consumer Security Vendors Can Fight Freeware (part 1)

I've always considered freeware a supplement rather than an alternative--Spybot, Lavasoft's free version and most recently the free version of Malware Bytes Anti-Malware, which is the best I've found for cleaning up after you've already been infected.The other trend, which works in the vendors' favor, is bundling desktop protection with your Interent service. So, for example, Comcast offers McAfee "free" as part of its package. FIOS charges an extra $6.95 a month for desktop protection (Trend, I think). Increasingly, I think most people will just go this way, rather than pick a box off the shelf at Best Buy

re: How Consumer Security Vendors Can Fight Freeware (part 1)

I strongly believe that cost is an issue. Most people would be willing to pay for AV software ONCE. What they aren't willing to pay for is a SUBSCRIPTION to ongoing updates. The people I try to send over to a commercial product are happy the first year. But when they start getting nags from the software OR bombarded with e-mail from the vendor warning of impending doom if they don't resubscribe, then they complain, or simply ignore the warnings, and are thus vulnerable. Some of the free packages require annual re-registration to keep receiving updates.

re: How Consumer Security Vendors Can Fight Freeware (part 1)

Mr. Roiter (a journalist at TechTarget covering the security market) brings up antispyware vendors like Lavasoft and Spybot. These were the first free products to really prove their mettle: in fact, they were among the first products on the market in the antispyware category. I think that was truly a watershed event that free consumer security products could compete head-to-head with the big players.Mr. Bassett also makes the distinction that price is an issue, but not perhaps (or solely) cost itself. Rather, the subscription pricing model is what confounds or irks consumers, spurring them to seek alternatives. Indeed, K7 out of India had been selling AV with a license that was for the lifetime of your PC and they lit up the market with that. They seem to have backed away from that now: perhaps it wasn't sustainable at the price point they sold it for, but I know many people who would pay more for a product on those terms than keep renewing every year. As a vendor, the recurring revenue of a subscription model has it's appeal, but worrying and having to constantly remind customers about renewals has its drawbacks for them too, in addition to displeasing customers.

re: How Consumer Security Vendors Can Fight Freeware (part 1)

I recommend freeware only to friends who know their way around a computer and like to tinker with technology. For most others, I tell them to go with a consumer Off-The-Shelf solution. Now, they should use the vendor software their ISP provides for free or a nominal fee if available. In my area, Time Warner / Road Runner provides CA for free. It works and support is readily available.Price is definitely one of the driving factors but more importantly is a recommendation from somebody who knows computers or security (ideally both).