Antivirus Software: Market Review
Written By: Brien M. Posey
Published On: June 24 2005
Computer viruses are spreading through the Internet at an unprecedented rate and the antivirus market is now a $3 billion (USD) a year industry. This report measures the financial health and product quality of four key industry players: Symantec, McAfee, Computer Associates, and Trend Micro.
Market Overview and Background
In the global antivirus market, the four market leaders currently seem to be Symantec, McAfee, Computer Associates, and Trend Micro. In 2003, the global antivirus market was about $2.6 billion (USD). We estimate the current size of the antivirus market to be about $3 billion (USD), but expect that number to swell to $5.1 billion (USD) by 2008.
||$3,000,000,000 world wide|
||Symantec, McAfee, Trend Micro, Computer Associates |
Vendor Background Information
Symantec (NASDAQ: SYMC) was founded in 1982 by artificial intelligence expert, Gary Hendrix. It went public in 1989 and merged with Peter Norton Computing in 1990. Headquartered in Cupertino, California (US), Symantec has offices in thirty-five countries and its current CEO is John. W. Thompson. In the fiscal year 2004, the company did $1,870,100,000 (USD) in sales (up 65 percent from the previous year) and produced a net income of $370,600,000 (USD). In 2004, Symantec employed 4,678 people world wide, which represents a 23 percent growth over the 2003 fiscal year.
Figure 1: Symantec's stock 2004-2005 Source: Hoovers
McAfee Inc. (NYSE: MFE) was founded as Network Associates by John McAfee in 1989 and went public in 1992. The company's original CEO was William Larson, formerly of Apple Computer and Sun Microsystems. Larson left Network Associates in late 2000 along with several other top executives after suffering losses in 1999 related to shareholder lawsuits over the restatement on 1998 earnings. In 2001, Network Associates named George Samenuk, formerly of Tradeout, to the CEO position and soon restated earnings for 1998-2000 under SEC scrutiny. They also began selling off various business units that were not related to security. In 2004, Network Associates changed its name to McAfee, Inc. in an effort to reinvent itself as a security company.
McAfee, Inc. is headquartered in Santa Clara, California (US). At the time that this review was written, McAfee's 2004 earnings were not yet available because the 2004 fiscal year just ended. However, during the 2003 fiscal year, McAfee had sales totaling $963,300,000 (USD), which represented a 10.2 percent growth over 2002 sales and had a net income in 2003 of $70,200,000 (USD). During the 2003 fiscal year, McAfee employed 3,700 people, a modest 2.6 percent increase over the number of people employed during 2002. Although McAfee's revenues grew as a whole during the 2003 fiscal year, IDC, a global market intelligence research body, cites that McAfee's antivirus revenues declined by 7.1 percent from 2002 to 2003.
Figure 2: McAfee's Stock 2004-2005 Source: Hoovers
Trend Micro (NASDAQ: TMIC) was founded in 1988 by Steve Ming-Jang Chang, Jenny Chang, and Eva Chen. At present, Steve Chang continues to serve as the company's chairman and Trend Micro's current CEO is Eva Chen, who was promoted from CTO in late 2004. The company is headquartered in Tokyo, Japan and has twenty-five business units worldwide, in fifteen different countries. Since the company's fiscal year has just ended, 2004 earning information is not yet available. In 2003 however, Trend Micro produced $454,000,000 (USD) in net sales, a 12 percent increase over the previous year. In the 2003 fiscal year, Trend Micro had a net income of $87,300,000 (USD) and employed 1,900 people. According to the Trend Micro Web site, the company presently employs approximately 2,500 people. All of Trend Micro's regions experienced growth in 2003.
Figure 3: Trend Micro's Stock 2004-2005 Source: Hoovers
Computer Associates (NYSE: CA) was founded in 1976 as a joint venture by Charles Wang, of China, and a small Swiss startup called Computer Associates. Wang bought out his Swiss partners in 1980 and took Computer Associates public in 1981. He gave up the CEO position in 2000 and handed the company over to Sanjay Kumar, the company's president. Wang stayed on as chairman until retiring in 2002. Shortly thereafter, Kumar was elected as the company's new chairman, but resigned in 2004 under the pressure of the US Security and Exchange Commission's (SEC) investigations into the company's questionable accounting practices. The company's current chairman is Lewis S. Ranieri and the interim CEO is Kenneth Cron.
Computer Associates is headquartered in Islandia, New York (US). In 2004, the company produced $3,276,000,000 (USD) in sales (up 5.1 percent from 2003 fiscal), and had a net income of $25,000,000 (USD). In 2004, Computer Associates had approximately 15,300 employees, which represented a 4.4 percent growth over the previous year.
Figure 4: Computer Associates' Stock 2004-2005 Source: Hoovers
Leading Products and Market Differentiation
In any market, it is essential that companies try to differentiate their products from the competition. In the antivirus market, each of the market leaders uses a different marketing tactic. For example, Symantec's marketing strategy seems to focus on the fact that it is the most widely used antivirus product. The Symantec Web site refers to Norton AntiVirus as "The world's most trusted antivirus solution". McAfee on the other hand, brands VirusScan as "award winning" and as "trusted by millions worldwide", but aside from marketing slogans, they seem to do little else to try to differentiate themselves from the competition.
Computer Associates differentiates its eTrust EZ AntiVirus through pricing. A single license of eTrust EZ AntiVirus retails for $29.95 (USD). McAfee VirusScan is the next least expensive at $39.99 (USD). Norton AntiVirus 2005 and Trend Micro's PC-cillin both retail for $49.95 (USD). Trend Micro differentiates itself from the competition by including lots of features that the other antivirus companies either charge extra for, or don't offer at all. PC-cillin includes virus defense, a personal firewall, Spam filtering, spyware removal, anti-phishing , a Wi-Fi intrusion detector, and a home network configuration console.
How the Products Stack Up
In an effort to determine which of the leading antivirus companies produces a superior product, we decided to compare the various products in a series of head-to-head tests. Before we present the test results, it is important to point out that each of these companies offers a variety of antivirus products, designed for various purposes. For our tests, we chose to compare the consumer version of each company's antivirus product. We feel that our test results are relevant to enterprises as well, because a company's antivirus products traditionally use a similar scanning engine.
For our first test, we wanted to find out how much each product depletes the system of CPU resources during a full system virus scan. We chose to perform this test because in the past we have heard users complain that various antivirus products are so CPU intensive during a full system scan that they are unable to use their PCs until the scan is complete.
For this test, we installed each product (one at a time) onto a 1 GHz Pentium III with 256 MB of RAM. The machine ran on Windows XP with Service Pack 1, and used a rather generic configuration. We performed the tests by initiating a full system scan and then watched CPU usage meter on the Performance tab of the Windows Task Manager. We based our test results on the approximate average CPU usage during the scan and refrain from using the peak usage value, because it is normal for the processor to peak to 100 percent periodically. Prior to initiating the tests, the machine's average CPU usage was 0 percent.
Table 2: Average CPU utilization during a full system scan.
||Approx. Average CPU Usage|
|Norton AntiVirus 2005
|Trend Micro PC-cillin
|eTrust EZ Antivirus
Detection and Cleansing
For our second test, we decided to determine how well the products detect and clean viral infections. To perform this test, we disabled automatic scanning and then copied a series of infected files to an empty folder on our test system. Common viruses that were captured in the wild included Nimda, Sircam, Funlove, and others. We chose these particular viruses because they have been in circulation for at least two years and are extremely common and seemed fairer to test each product against these types of viruses rather than ones that are obscure or brand new. We then initiated a manual scan of that folder. The results are listed in table 3.
Table 3: Ability to scan and remove common viruses
||McAfee VirusScan detected all seven of our infected files, but deleted them rather than repaired them.|
|Norton AntiVirus 2005
||Norton AntiVirus detected all seven infected files. It was able to repair four of the infections, but the repair process failed for three of the files, which had to be manually quarantined.|
|eTrust EZ Antivirus
||eTrust EZ Antivirus detected all seven of our infected files, but deleted them rather than repaired them. |
|Trend Micro PC-cillin
||Trend Micro PC-cillin detected all seven of our infected files, but deleted them rather than repaired them.|
Integrity of Repaired Files
For our third test, we used each antivirus product to repair two infected system files. We infected a system DLL file and a system level executable with Nimda, and Fun Love respectively. Here, we were testing each product's ability to disinfect the file, while preserving the file's date and time stamp. Preserving the date and time stamp is particularly important as some applications use this information for version control and to verify the file's authenticity.
Table 4: Ability to disinfect files while preserving the file's icon and date / time stamp
||Maintained Date and Time Stamp
||Only on the DLL file |
|Norton AntiVirus 2005
Disinfected only the DLL File. Recommended quarantining the EXE file.
|eTrust EZ Antivirus
|Trend Micro PC-cillin
||Quarantined both infected files rather than repairing
Although the most important function for an antivirus program is its ability to detect and remove viruses, it is also important to have a clear understanding of the product's features and capabilities. We tested for a number of features, too many to list in this article; however, we do discuss some of the key attributes.
Since the majority of viruses are delivered through e-mail, one of the main criteria that you should evaluate is whether the antivirus software fully integrates with your e-mail application. We found that all of the applications that we tested, except for McAfee Virus Scan, integrate with Outlook, Outlook Express, and Eudora. McAfee lacks Eudora support, but works with Outlook and Outlook Express.
It is also important that your antivirus software can automatically scan message attachments for viral infections. All of the products tested are able to do and can check an incoming message for malicious HTML code. Also, an antivirus application is essentially useless unless it is kept up to date. We found that all of the tested products except for Trend Micro's PC-cillin were designed to automatically attempt to download updates from an alternate source should the initial download attempt fail.
Current Market Trends
The antivirus market as a whole is notorious for lacking innovation. The simple fact that antivirus companies force consumers to renew subscriptions on an annual basis means that antivirus companies can continue to generate revenues without significantly improving their products. While it's true that most antivirus companies do release a new version of their software each year, each annual release typically differs only slightly from the previous version.
The fact that most computers are connected to the Internet, and given that the Internet can have a hostile nature, antivirus companies are being forced to become more innovative. Antivirus protection alone is no longer enough. The only way to maintain a system's integrity is to protect it against other threats, such as spyware and adware. Current estimates indicate that approximately 91 percent of PCs are infected with spyware. Because of this, all of the antivirus products that we reviewed have at least some level of spyware protection, with the exception of eTrust EZ AntiVirus. However, Symantec, McAfee, and Computer Associates all offer supplementary anti-spyware products for an additional fee, so we have to wonder how comprehensive the built in spyware protection really is.
Another trend that seems to be taking hold of the market is bundling antivirus software with other protective software. Symantec and McAfee both offer a standard antivirus product, but also offer a bundled version which includes other protective software for an additional $20 (USD). The additional software includes a personal firewall, anti-spam, and a privacy guard. Symantec also offers a parental control module, while McAfee's bundle includes a separate anti-spyware module.
So where do Computer Associates and Trend Micro fit into this? Computer Associates does not currently offer a software bundle, but it does sell various protective applications individually. Trend Micro bundles protective software with its antivirus software for no additional fee. Furthermore, in addition to the personal firewall, spyware removal, and anti-SPAM capabilities that you can find in Symantec's and McAfee's bundles, Trend Micro also gives you Wi-Fi intrusion detection, an anti-phishing program, a browser and operating system vulnerability check, and a home network management interface (which includes parental controls).
In the past couple of years, scandals from Enron, WorldCom, and other high profile corporations have really shaken up the stock market. As such, it is impossible to gauge a company's health without checking to see if the company is being sued or investigated for alleged wrongdoings.
Although McAfee is not currently under SEC investigation, they have been examined by the SEC in recent years. In 1998, the SEC began examining Network Associates for acquisition related write-offs. In 1999, Network Associates restated its earnings from 1998, which resulted in a number of lawsuits from shareholders. The company reported a loss for 1999 and released an unfavorable earnings report in 2000, and a number of top executives left the company, including the CEO. In 2003, the company was forced to restate their earnings for fiscal years 1998, 1999, and 2000 after being investigated the SEC and the US Department of Justice.
We believe that after undergoing so much SEC scrutiny that future earnings statements from McAfee will be accurate. We also do not currently foresee any litigation from customers or shareholders. Computer Associates has also been under SEC investigation recently. A 2003 SEC investigation into the company's accounting practices lead to the company's CFO's resignation. The company's chairman, president, and CEO (Kumar) also resigned in April of 2004 under the pressure of continuing SEC investigations. We expect Computer Associates to survive the ongoing investigations, and to eventually grow. Computer Associates has already demonstrated their intention to expand the company with their 2004 purchase of Miramar Systems.
Market Predictions and Forecast
Some analytical firms estimate that the antivirus market will grow anywhere from $2 to $6 billion (USD) over the next few years. Relevant Technologies believes that the antivirus market will continue to grow; however we believe that the growth will be modest. We predict a $1.5 to $2 billion (USD) growth over the next five years. Our reasoning is that the antivirus market is currently almost saturated. Almost every computer has an antivirus product installed on it. Thus, the main contributor to market growth will be the creation of new computers. However, not all new computers will fuel market growth, because many new systems replace old systems.
The market is large enough to accommodate multiple vendors, and therefore we anticipate that all four of today's antivirus market leaders will still be in business in the next five years. However, they will have to contend with market challengers, which are smaller companies trying to gain market share. Some of these include Panda Software, Kaspersky, and Frisk Software, all which have feature-rich products and loyal customer followings. However, it is possible that any of these market challengers could become acquisition targets. Smaller companies typically have to embed more features than market leaders have in their products, or they have to do a better job disinfecting systems in order to be competitive. It is conceivable that any of the market leaders may attempt to acquire some of the market challengers in order to increase their market share and as a way of integrating better technology into existing products.
Market Upshot and Recommendations
We created a scoring scale to determine how each product measures in our head-to-head tests (Click to view scale). Based on our tests and criteria, Norton AntiVirus 2005 and eTrust EZ Antivirus received the most points, and McAfee received the fewest. Norton AntiVirus and eTrust EZ AntiVirus did a slightly better job than the other products in repairing the damage from the infection, and thus received additional points. Given its performance, if you were making a purchasing decision based solely on which product did the best job of repairing viral damage, then Norton AntiVirus 2005 would be the ideal choice, with eTrust EZ AntiVirus in close second.
To determine which product is the best overall, we used a weighted scale, in which the more important criteria have a bigger impact on the final outcome than less important criteria do. It is also important to note, that if the weightings were changed, the results would likely be different. When all of the testing criteria were tallied, Norton AntiVirus came in first place by a significant margin, eTrust EZ Antivirus placed second, followed by PC-cillin, and McAfee, as shown in the following chart.
However, you must keep in mind that although Norton AntiVirus and eTrust EZ Antivirus outperformed McAfee and Trend, our tests were all performed in a lab environment. For most people, it is more important to know how the products will perform in the real world. Since there is no way for us to quantify each product's performance during day to day use, the best way to judge real world performance is to combine our test results with the functionality of each company.
Table 6: Results with a Higher Priority Assigned to Supplemental Security Features
|Feature and Possible Points
||Norton AntiVirus 2005
||eTrust EZ Antivirus
|Detect and repair infected files
|Maintain an infected file's icon and date / time stamp after a repair
Before you make a final purchasing decision though, keep in mind that viruses are only one of the major threats to the integrity of a PC. Trend Micro's PC-cillin is the only product in the bunch that addresses all of the major threats to a PC. We feel that although Norton AntiVirus does the best job of detecting and removing viruses, Trend Micro's PC-cillin provides the best protection all around. It is also worth noting that Microsoft uses Trend Micro to scan Hotmail and MSN mailboxes. It is true that for an extra $20 (USD), you can buy a copy of Norton Internet Security, which contains many of the same features as PC-cillin. However, Norton Internet Security lacks some of the features included in PC-cillin, such as the vulnerability check feature.
In the end, our recommendation is that if you already have other Internet security products in place (anti-spyware, firewall, etc.) then we recommend Norton AntiVirus. However, if you do not and don't plan on buying any, then Trend Micro's PC-cillin is our antivirus software package of choice. Although we would like to see Trend Micro improve its software's ability to repair infected files, PC-cillin easily pulls ahead of Norton Antivirus when a higher priority is placed on supplemental security features.
About the Author
Brien Posey is the vice president of research and development for Relevant Technologies (http://www.relevanttechnologies.com), a leading provider of original information security content, research advisory services, and best practice IT management consulting services. In addition, Posey is also a Microsoft Certified Systems Engineer and a Microsoft MVP.
5 Points: Less than or equal to 50%
4 Points: Less than or equal to 60%
3 Points: Less than or equal to 70%
2 Points: Less than or equal to 80%
1 Point: Less than or equal to 100%
Detected and Repaired Infected Files
5 Points: Completely reversed the damage caused by all infections
4 Points: Removed all infections, but was only able to clean some files
3 Points: Removed infections, but deleted all infected files
2 Points: Failed to detect some infections
1 Point: Failed to detect any infections
Integrity of Repaired Files
5 Points: Perfectly preserved all date and time stamps and the file's icons
4 Points: Disinfected file and preserved either the icon or the date / time stamp
3 Points: Only preserved the date or time stamp on a single file
2 Points: N/A
1 Point: Failed to maintain date / time stamp or icon for both files
5 Points: Contains features for protecting a system against a wide variety of threats
4 Points: Offers basic antivirus / anti-spyware Protection, plus offers a few other noteworthy features
3 Points: Product contains average feature set for protecting PC against viruses and spyware
2 Points: Product offers basic virus protection, but no spyware protection
1 Point: Product has a sub par user interface and a very minimal feature set
WARNING AND DISCLAIMER OF LIABILITY
The information included on this web site, whether provided by personnel employed by Technology Evaluation (TEC), Relevant Technologies, or by third parties, is provided for research and teaching purposes only. Neither TEC, Relevant Technologies, nor any of their employees, consultants, contractors, or affiliates warrant the accuracy or completeness of the information or analyses displayed herein, and we caution all readers that inclusion of any information on this site does not constitute an endorsement of the truthfulness or accuracy of that information. In particular, this web site contains references to complaints and other documents filed in federal and state courts, which make allegations that may or may not be accurate. No reader should, on the basis of information contained herein or referenced by this web site, assume that any of these allegations are truthful.