Is Anti-Virus Alive or Dead? That depends on who you ask. Certainly anti-virus makers continue to make plenty of money. Symantec, the largest anti-virus maker, earned $2,109 MM in consumer revenue, with nearly 50% operating margin in that segment. $1BN in profit is valuable in anyone’s book.
So why is Symantec, of everyone, trashing anti-virus? In a recent WSJ article, Symantec’s SVP for Information Security said, “anti-virus is dead… we don’t think of antivirus as a moneymaker in any way.” How is $1BN on profit not a “moneymaker” or, worse, “dead”?
The answer comes from 3 related directions:
- Growth: $1BN may be good money, but it is essentially flat – both revenue and profit – from the previous year. Like all public companies’ executive management, Symantec’s is focused on growth that will allow its value, reflected in the stock price, to rise. I would not be surprised if the CFO and CEO have set growth targets. I do not know what those are, but I am pretty sure they are at least somewhat above 0%! Companies like Symantec are looking for growth. If they see zero growth in anti-virus as reflective not of their specific product mix or sales process or marketing, but fundamental to the market as a whole, they will look elsewhere. Of course, they have a strong incentive to say so; who wants to admit that the growth is there but their strategy or execution is a failure?
- Competition: A growing number of competitors, many of them free or nearly free, have entered the space over the years. Without the growth mentioned above, Symantec no longer can afford to continue to spend untold sums to just buy them out.
- Perceptions: More and more people have been breached and educated, often the hard way. Those that haven’t felt it first-hand read the news and say, “if Target was breached, what chance does my anti-virus have?” They may not be directly related, but it feels like they are to the mass market. Symantec needs to appear to be getting ahead of it.
Combined, Symantec has a strong incentive to downplay the anti-virus market and focus on others, whether enterprise remediation, consumer recovery, or the ever-tempting compliance and consulting services.
But is anti-virus dead?
Brian Krebs, famous for having broken the Target story but an all-around excellent security researcher, argues it is not. Yes, hackers are getting ever more sophisticated, wrapping viruses and other malware in “cloaks of invisibility” to hide from anti-virus programs. Yes, they are ever more sophisticated. But that does not mean that a basic defense is unnecessary.
If crime is up in your neighbourhood, you should: buy a safe; keep copies of critical documents; hide valuables; install an alarm panic button; perhaps get a handgun permit. But all of the above hardly mean you should remove your front door lock! Your front door continues to serve as a first line of defense, keeping out the lazy, the sloppy, the inconsiderate…. the 90+% of your problems. Do you really want to deal with those in your house and the real troublemakers?
Just as your front door lock won’t keep you safe, neither will anti-virus. But that isn’t a reason to throw it away.
From my perspective, Symantec defocusing anti-virus will actually bring significant improvements to the market. Many competent innovators looking for new ways to manage threats have stayed out. They cannot compete with Symantec’s marketing dollars, cannot gain access to their distribution partnerships, do not have the name brand, cannot fight their lawyers on patents and frivolous lawsuits. And if Symantec is no longer buying, what is the long-run value of the company? Even if they are, many in security innovation want to save the world, not just get bought out.
If Symantec is signalling its exit or at least defocus from the anti-virus market, the trough of “no focus” could be followed by a wave of innovation. Heaven knows, the market is long overdue for it.