Will consumers scrimp on paid security software?

Symantec and McAfee could face headwinds in 2008 amid weak consumer spending, according to Cowen & Co. Meanwhile, the two are duking it out over a Acer-Gateway OEM deal.

Cowen analyst Walter Pritchard downgraded Symantec from "outperform" to "neutral" on the theory that the company will face weakening security demand. Pritchard maintained his "outperform" rating on McAfee. But the stock mumbo jumbo isn't what's notable about Pritchard's research notes. The big takeaway: Consumers may see security software as discretionary to some degree.

On the surface, Pritchard's argument sounds counterintuitive. You'd think security software would be the last to go. The argument raises interesting questions: How discretionary is security software? If your budget was tight would you boot Norton for a free alternative? Are Microsoft's offerings more attractive?

Pritchard writes:

"Our survey indicates that significantly more consumers are obtaining their security for free. Some of these consumers are getting security through their ISPs and many of the ISPs have relationships with McAfee, which is positive as these consumers may be monetized through an up-sell. The emergence of smaller vendors, with a different one in each country suggests a new source of competition. With this, free product continues to take share from paid product."

Also see: 10 free security utilities you should already be using. 

Pritchard's argument for Symantec is relatively simple. For the last two years Symantec's consumer business has picked up the slack as the company struggled with execution issues on the enterprise side. Now Symantec's enterprise business is picking up--behind products like Endpoint Security 11.0--the consumer business could wane. Meanwhile, gains in the enterprise business won't offset a consumer slowdown.

The message: All software companies are affected by a weak economy, including security vendors. "Uncertain economic times will hit all software companies," writes Pritchard, who also notes that McAfee is more insulated than most companies. 

Pritchard is more upbeat on McAfee and notes "the company has plenty of offsets to consumer headwinds such as Web security and the merchant-based business (ScanAlert acquisition)." ScanAlert brings a new business model to McAfee. With ScanAlert, site operators pay for an audit and due diligence so they can post a "Hacker safe" mark on their properties.

Meanwhile, competition is heating up between Symantec and McAfee. For instance, McAfee inked a two year deal with Gateway in 2005 to distribute McAfee's services on its PCs. The issue: Gateway was acquired by Acer, which has a similar distribution pact with Symantec. "We believe the two vendors are competing aggressively to win the business. We do not know what shape the new deal will  take or who the winner will be, although we'd bet on Symantec given its existing deal with Acer and more aggressive recent push around subscriber acquisition," writes Pritchard.