Malware boom puts pressure on anti-virus race

Businesses, consumers at risk as exploit numbers leap 185 per cent in first six months

Anti-virus application vendor Symantec found a total 212,101 new malware variants over the first months of 2007, an astonishing 185 per cent increase over the second half of 2006, totalling an average of well over 1100 unique samples arriving per day.

With the volume of malware attacks growing so rapidly, the pressure on anti-virus research labs to find and defend against new threats to keep their products up to date and customers ahead of the curve has never been greater.

Based on the sheer number of threats and the sprawl of massive research operations such as Symantec's 40,000 sensor-strong Global Intelligence Network, some experts maintain that only a few of the largest labs will be able to compete in the long run.

Beyond Symantec and its biggest rivals -- including McAfee, Microsoft, and Trend Micro -- it will be unlikely that additional researchers and technology vendors will be able to remain relevant, said Neil MacDonald, a long-time security industry analyst with Gartner.

"As the number of exploits takes off exponentially, there won't be many that can keep up," McDonald said. "Only a few like Symantec, Microsoft, McAfee, and Trend will be able to handle the research load, or it will require a significant amount of additional investment for any others to compete."

Even with security applications getting increasingly proactive -- using behaviour monitoring and heuristics tools to ward off threats and eliminating the need for humans to create an electronic serum for every new variant -- the analyst contends that smaller labs won't be able to offer the same level of intelligence as their larger brethren, which he said will lead to future consolidation among those being left behind.

"It's a condition that will benefit larger vendors, but that's not necessarily a bad thing and in that sense the security industry is maturing like the rest of the IT industry as customers don't need point solutions that drive up complexity and costs," MacDonald said.

"There will always be a need for smaller vendors and startups to solve new problems, but there's no reason for that approach to anti-virus or anti-spyware anymore, and customers are going to draw the line at what level of AV is good enough."

The analyst's argument echoes the sentiments expressed by many industry pundits over the last several years who have said anti-virus technologies are rapidly becoming commoditised.

However, second-tier threat research labs counter that traditional signature-based techniques for protecting customers only represent a last line of defence in their companies' cutting-edge anti-malware applications.

Researchers claim that the innovative detection and prevention technologies they've built to help keep up with the flow of new attacks represent yet another equaliser -- and a unique differentiator that they will use to go to market against larger rivals.

"What is being described is history, when one researcher wrote one signature for every virus. Of course the volume has increased, but we're using automated systems to do a lot of the analysis and write the detection routines," said Graham Cluley, senior technology consultant at Sophos, a security vendor with about 1,000 employees.

"Even if you look at our website, a lot of the virus descriptions there were actually written by computers and we've also made huge leaps, as have others, in terms of producing proactive detection," he said.

Cluley argues that well-established second-tier shops including Sophos, Kaspersky Lab, Panda Software, and F-Secure -- that have been in the endpoint protection business for years -- will still be able to carve out profitable portions of the overall security market.

Cluley said that over 70 per cent of the new attack variants discovered by Sophos in the last year were found using automated tools such as the company's behavioral genotype technology -- which claims the ability to predict which programs are malicious before the applications themselves are ever run.

"There's absolutely no evidence that we can't compete with the 500-kg gorillas," said Cluley. "People have been saying that anti-virus is a commodity for years, and its true that many customers want integrated security tools, but the people who are saying that only the largest can survive are looking at modern anti-virus in a very old-school way."

Some industry analysts agree that at least part of the commoditisation debate is based in market nomenclature, since signature-based tools represent only one flavour of the integrated security applications delivered by almost all "anti-virus" vendors.

Larger vendors may have the broadest array of security technologies, but the different varieties and combinations of tools offered by many providers will still appeal to individual companies and customers of various sizes, said Chris Christiansen, an analyst with IDC.

"Anti-virus is actually becoming endpoint security but for the sake of marketing some of the same wording is being used, even though all these companies' products contain a far wider range of capabilities than signature-based anti-virus," he said. "Focusing on the sheer number of bodies that any one company has in the lab is missing the point; it's more of an effort to develop automated capabilities to recognise variants."

Confronted with the argument that the comparatively modest size of the company will serve as a handicap when lined up against its largest competitors, Kaspersky Lab leaders said that the notion overlooks the realities of the market.

"It's not about headcount: it's about the quality of the people, it's about designing the systems to test the malware samples, and it's about the systems of delivery for getting the signatures to the end-users," said Steve Orenberg, president of Kaspersky Lab USA operations. "There are such a wide range of factors that figure into the process."

Orenberg said that Kaspersky wins new customers using its unique malware-hunting technologies, speedy virus update services, and its products' low impact on the system resources of the devices they run on -- all of which he lists as advantages over larger providers.

Eugene Kaspersky pointed out that market watchers have been making the same commoditisation arguments for a long time -- even while his company has continued to grow.

"People have been saying that the only difference between the different systems is marketing and that the quality is similar, but I don't think that's ever been true," said Kaspersky. "The large anti-virus companies out there are like Toyota, Ford and GM, and the smaller companies like us are more like Lamborghini. The only difference is that we develop Lamborghini technology but sell it for the same price as a Ford."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?