Will consumers scrimp on paid security software?

Will consumers scrimp on paid security software?

Summary: Symantec and McAfee could face headwinds in 2008 amid weak consumer spending, according to Cowen & Co. Meanwhile, the two are duking it out over a Acer-Gateway OEM deal.

TOPICS: Software, Security

Symantec and McAfee could face headwinds in 2008 amid weak consumer spending, according to Cowen & Co. Meanwhile, the two are duking it out over a Acer-Gateway OEM deal.

Cowen analyst Walter Pritchard downgraded Symantec from "outperform" to "neutral" on the theory that the company will face weakening security demand. Pritchard maintained his "outperform" rating on McAfee. But the stock mumbo jumbo isn't what's notable about Pritchard's research notes. The big takeaway: Consumers may see security software as discretionary to some degree.

On the surface, Pritchard's argument sounds counterintuitive. You'd think security software would be the last to go. The argument raises interesting questions: How discretionary is security software? If your budget was tight would you boot Norton for a free alternative? Are Microsoft's offerings more attractive?

Pritchard writes:

"Our survey indicates that significantly more consumers are obtaining their security for free. Some of these consumers are getting security through their ISPs and many of the ISPs have relationships with McAfee, which is positive as these consumers may be monetized through an up-sell. The emergence of smaller vendors, with a different one in each country suggests a new source of competition. With this, free product continues to take share from paid product."

Also see: 10 free security utilities you should already be using. 

Pritchard's argument for Symantec is relatively simple. For the last two years Symantec's consumer business has picked up the slack as the company struggled with execution issues on the enterprise side. Now Symantec's enterprise business is picking up--behind products like Endpoint Security 11.0--the consumer business could wane. Meanwhile, gains in the enterprise business won't offset a consumer slowdown.

The message: All software companies are affected by a weak economy, including security vendors. "Uncertain economic times will hit all software companies," writes Pritchard, who also notes that McAfee is more insulated than most companies. 

Pritchard is more upbeat on McAfee and notes "the company has plenty of offsets to consumer headwinds such as Web security and the merchant-based business (ScanAlert acquisition)." ScanAlert brings a new business model to McAfee. With ScanAlert, site operators pay for an audit and due diligence so they can post a "Hacker safe" mark on their properties.

Meanwhile, competition is heating up between Symantec and McAfee. For instance, McAfee inked a two year deal with Gateway in 2005 to distribute McAfee's services on its PCs. The issue: Gateway was acquired by Acer, which has a similar distribution pact with Symantec. "We believe the two vendors are competing aggressively to win the business. We do not know what shape the new deal will  take or who the winner will be, although we'd bet on Symantec given its existing deal with Acer and more aggressive recent push around subscriber acquisition," writes Pritchard.

Topics: Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • McAfee has more issues than consumer spending!!

    I recently was alerted that my subscription had run out. So I went to my online McAfee account and purchased my renewal. I then had to download the installer for the newest version. It gave me what was supposedly an installer for XP...but when I tried to run it, it said something along the lines of "invalid for this version of Windows". What a joke. I started fresh, redownloading, thinking maybe I had grabbed the wrong version. Nope. The installer they have apparently does not like my install of XP.

    So...it may well not be that consumers are balking at spending, but that we are finding glitches in the product, getting our refund, and taking our money elsewhere. That's what I did.
    • Note to McAfee, in case you read this....

      I hope someone at McAfee reads this and gets their bloody issues fixed! Over the past several years, I have considered their product more trustworthy than certain competitors such as Norton. A faulty installer not only loses you a customer...it diminishes trust in your product. I hope you take quick action to regain my trust.
    • I agree

      I usually tell people to just go to the store and buy a new CD rather than renew online. That way, if something goes wrong, you have a CD to reinstall from. Isn't the price the same either way?

      By the way, I have had even more issues with Symantec than McAfee, so I don't see either being a viable alternative anymore. You might want to check out AVG or Avast as an alternative, or CA or Trendmicro for subscription services.
  • Considering...

    ...that there are several decent free AV options out there, I find it hard to recommend either Symantec or McAfee to consumers. Any program that expires and stops working after a set time period is not on my list, and the performance hit from their Internet Security Suites is not acceptable. I see AV protection moving from the PC to the router or the ISP (or both) in the future, anyway.
  • The consumer is tired of spending...

    for security software only to have her machine trashed anyway.
  • Who needs AV software anyway?

    Windows Firewall plus good computing habits is what one really needs. I've been running XPSP2's firewall for 2 years with no AV and have had nothing but better performance on my machine!

    • Of course...

      ...without security software, how do you know that your system isn't infected? I do agree with you to some extent, keeping your system up to date (which you didn't mention) and having some common sense certainly helps, but I am not ready to go online without some protection. I don't like the all-in-one Security Suites, but do like the small, simple AV programs like Avast. Even McAfee and Symantec still offer just basic AV software, though most go with the performance killing Suites.
      • Simple fix..

        You go to any one of the plethora of online scanners and get your system scanned - more often than not - it's FREE...!
        • Sometimes you get what you pay for

          Not all, but some of those online scan sites actually infect your system, then offer to remove the malware for a fee. I have had to clean a number of systems infected in just this way. I have used some of the free AV programs out there, like Avast, and found them to be effective and to have a small footprint on my system. Even McAfee and Norton, if you get just their AV package without the firewall, system security, etc, are much better products.
      • AS, FW?

        Do you have antispyware and firewall? It's been a long time since antivirus by itself was enough. Be aware that all-in-one suites are there for a more significant reason than more money and more drain on your system's resources.

        Norton has always been ridiculously heavy (while their site continues to say it's lighter than the "industry standard") because of all the process hooks (which also affects their uninstall problems), but McAfee isn't doing so bad these days. Their 3-in-1 "antivirus" is light (still called "antivirus" for the novices who still don't know better), and its script blocking and IDS are highly proactive.
    • I do occasional scans to ensure nothing got through.

      I have an antivirus, but I mostly do occasional scans to make sure nothing got through.

      Firewalls won't stop everything. They stop a lot of stuff, yes, but they're not guaranteed.
    • Don't forget the morphing viruses

      AV software can't detect them as they change signatures every time they replicate. On the positive side some times when they change to avoid detection they end up breaking themselves so this type of virus doesn't spread as quickly as the easy to detect ones.

      One thing I find kind of useless with AV software is you get a virus that the AV software doesn't know about that disables the AV software but leaves it looking like it is working then the detectable viruses are downloaded via a FTP type service the payload is dumped on your PC all while you are unaware.

      So why clutter you use up with AV software. Better to do an online scan or use a boot disc to scan. Also using something like deep freeze works great where you reboot to known good image. If you are savy enough you can configure a secure firewall that logs all outgoing connections and you can know what are normal connections being made. When something suspicious appears you know your have virus. Same thing with services and newly created files and directories.
      • re: Don't forget the morphing viruses

        "AV software can't detect them as they change signatures every time they replicate."

        Correction: They can't just plop in a simple signature. Most modern AV software do not use a simple implementation of signatures, and have several methods of detecting viruses that morph.

        "One thing I find kind of useless with AV software is you get a virus that the AV software doesn't know about that disables the AV software but leaves it looking like it is working then the detectable viruses are downloaded via a FTP type service the payload is dumped on your PC all while you are unaware."

        This is one area where UAC and DEP can really work for the antivirus vendors and against the viruses: The antivirus generally has admin privileges and can protect itself against being disabled by a virus that is likely to only have user privileges.
        • Too bad they don't work though

          I've seen a morphing trojan in actions. Pretty slick and 3 different types of AV scanning missed it. Missed at the gateway solution, missed at the email server solution and at the desktop solution.

          AV software is just one layer that on it's own doesn't do enough to protect you. Adding it to multilayer approach though it greatly improves security.
    • Lemmings: follow the leader off a cliff

      First, I suggest you run some online scanners, and a rootkit scanner or two, to see just how safe your system really is. Second, I suggest you read the news. Good surfing habits don't cut it anymore; compromised legitimate sites are taking the place of homemade ones. SiteAdvisor's success is one reason, and another is that it's less work to hijack an existing Web site than to build your own.

      Windows Firewall is just a plain, SPI firewall. All it does is shield you from port probes by an IP you're not connected to on the state table; it will not block drive-by downloads if your Web mail provider loads an iFrame from a cross-site scripting attack.

      I'm not saying you need antivirus and antispyware specifically, but you need something to protect XP or earlier, be it IPS, sandboxing, or locking the core: http://invincible-windows.blogspot.com/ If nothing else, try version 3 of Comodo; they're switching to the positive security model (deny by default), and continuously building their database to reduce popup fatigue to an absolute minimum. It's in beta right now, not a stable release.

      Most importantly, the last thing any Internet user needs is more "blind leading the blind." It's almost entirely because of ignorance on the part of the user that botnets keep growing like they are. What are you doing, telling people to drop their defenses? Are you a hacker, or are you one of those people who thinks they can teach the class on the first day of the semester?
  • why pay for bloat?

    I used to love McAfee and recommend them to everyone. Then the software started to hog the CPU and crash the system. That's like slicing your car tires so it doesn't get stolen. Then you can't use it. I never really liked the way Norton tried to take over everything - so I never used them. But I've heard they got into the same trouble over the last few years. Meanwhile, the free alternatives are fast and light and just as effective. So I donate to them. If you want customers, make a good product. The best customers for big name software are businesses. The only real reason is that if something goes wrong, there is an entity they can point to and sue for damages. I've brought up free alternatives to many bosses when there is a manual task that could be automated, but not enough money to buy a "real" program. The knee-jerk reaction is that there isn't enough support for open source or non-big name software. And as many of you know, 90% of the time, it's the opposite. But it all comes down to having someone to blame.

    Anyway. McAfee, Norton, others, make an effective small light program and people will buy it. Make something that hurts the computer experience and people will not buy it.
  • Isn't Vista supposed to protect users?

    I mean, what's the point in all security features in Vista if we're still going to need anti-virus software?

    Maybe it's really time to switch to Linux?

    Or maybe it's what really makes the AV software vendors unhappy?

    Milan B
    • And Linux is really better?

      When end users migrate to it, the hackers will too. Most hackers won't care for fringe outlets because [b]there's no profit to be had[/b]. Linux adoption is lower than the number of people who voted for Nader in 2004! Apple's Macs (effectively a PC with a fancier TPM, big name, and environmentally forgetful people running the place) aren't much better off either. Never mind more expensive; I'd rather put Linux back on my PC rather than to buy a new one with the shape of a fruit on it.

      Human nature is inevitable.

      Now MS has made some strides in protecting people from themselves, but hackers will always exist. And MS's variable code quality makes life easier for hackers too. (Mind you, I doubt everyone who updates Linux is being neat and tidy either...)

      Again, it boils down to net usage. That's why Mac and Linux are avoided.
      • Yes it is


        The records bear this out.
        Linux User 147560
        • What records?

          These? http://www.theregister.co.uk/2007/10/03/ebay_paypal_online_banking/ Do a Google search for "Linux more secure than Vista," and tell me what you find. With the exception of one numbskull who says Microsoft fails to patch vulnerabilities as quickly--completely overlooking the plain fact that MS has to worry about multiple operating systems and versions of these operating systems, as well as potential conflicts with third-party applications which vastly outnumber those for all 350+ distros and OS-X apps combined--you won't find it.

          Vista uses reduced creator/owner privileges by default, just like Linux, blocks programs outside their database from starting with Windows, works with third-party software vendors to reduce attack vectors, and pre-defines every single driver association. People are actually starting to say you don't need to install antivirus on Vista, despite the fact that Vista is a bigger target than Linux or OS-X.

          You're confusing obscurity with security, which never ceases to amaze me. Anyone with enough awareness to research distros and find the one they want ought to be aware of statistics as well. Why do they make antivirus for Linux, just for fun? Why does Trend Micro's system cleaner have signature databases for both Windows and UNIX, just for fun? How does your foot taste?