Software management toolkit maker OPSWAT recently released a market share report that showed the top three installed antivirus products worldwide are free to download. Not surprisingly, these free versions are mainly used by consumers and small businesses.
Most of the market-leading antivirus (or, more commonly in the security world, antimalware) vendors offer both free and paid versions of their products, which raises the question of whether users receive enough benefits from premium versions to warrant their price tags. With the potential cost of cleaning up after a virus or malware attack weighed against license fees, do free antivirus products provide false savings? Or are enterprises needlessly spending money on premium antivirus software when a switch to free software wouldn’t result in a significant drop in overall security? In this tip, we’ll discuss why free antivirus software remains popular and whether free or paid antivirus affects overall security when selecting enterprise antivirus software.
Most users and network administrators agree that installing some form of antivirus software on Internet-connect machines is essential. However, antivirus certainly should not be viewed as a one-stop security solution. It should serve as one layer of a defense-in-depth approach to IT security, but not many home users or small businesses are aware of the need for a defense-in-depth strategy to protect their data. They are only aware of the current view that antivirus software must be installed; oh, and some sort of firewall. But is that a firewall in addition to the one mentioned on the box that the router came in? This lack of understanding is one major reason why the use of free antivirus software will always outstrip that of the premium versions: Consumers aren’t going to pay for something they don’t understand.
Although the price of computers has fallen considerably during the last decade, a user still isn’t going to splash money on a premium version of software that a friend says can be had for free. A quick Web search also provides thousands of pages and comments written by users of free antivirus software that have never encountered any issues. Yet millions of PCs are infected with viruses and malware -- Kaspersky Lab found a total of 670,000 infected computers worldwide just from the recent Flashback attacks. This isn’t to say free antivirus doesn’t work, but running any form of antivirus can give a false sense of security. Most premium packages come with additional security controls, like a software firewall, antispyware, secure password management and rootkit protection, which are becoming essential in the modern, malicious Internet environment where threats to data and digital information have risen to unprecedented levels. Also, users tend to monitor products more carefully when they’ve paid for them, which in this case, means ensuring virus updates are installed.
Antivirus helps keep systems secure by neutralizing known threats such as Conficker and identifying a significant proportion of new ones. Even users that are aware of security threats can accidentally click a malicious link or be fooled by a cleverly named file attachment. But antivirus only defends against a subset of threats, albeit a large one, and it doesn’t identify every one: new, sophisticated viruses are designed to avoid early detection by popular antivirus software. Some security managers and CISOs argue that the cost of antivirus is too high given the lack of complete, stand-alone protection and that free alternatives such as Microsoft's Security Essentials and AVG make more sense, particularly as free or paid versions from the same vendor use the same core engine.
But the free version of AVG, for example, only offers antivirus and antispyware protection. Those who pay for the premium version of AVG benefit from features such as Web Shield (to screen downloads), rootkit protection and free support. Other free antivirus products variously omit certain features and functionality, such as spyware protection, real-time scanning and regular updates. They basically function as an extended, light-evaluation marketing tool. To cover the gaps caused by these omissions, many users recommend installing several different free versions together, but this is the equivalent of adding several Band-Aids to a cut that needs stitches. Multiple antivirus programs can also interfere with each other, causing system slowdowns and lockups.
Users can’t rely on a single technology to counter the full range of modern security threats. This is one reason why today's major vendors typically offer antivirus technology as just one part of a broader antimalware security suite. It must also be noted that many free antivirus programs are for private use only, which excludes running them on enterprise networks. Enterprises might also require a quick fix via support that is only available with premium versions of a product. Plus, central management tools make deploying and maintaining antivirus protection across thousands of machines much easier and more effective.
Finally, malware authors continue to forge new attack methods to exploit systems. New detection techniques from dynamic analysis (heuristics and active behavior analysis) to whitelisting and various cloud-based approaches are always going to appear in premium versions of antivirus first. Premium products software also provides more comprehensive logs, which are essential for pre- and post-attack analysis.
Although the antivirus function is being submerged within multifunctional security suites, premium antivirus products are still an essential component of a multilayered security defense strategy for enterprises. If the average home user or small business doesn’t want to spend money on antivirus, they should at least spend time learning how to use the Internet safely, keep their browser and OS software updated, and invest in a good backup system.
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 15 years of experience in the IT industry and another 16 years of experience in finance. He is the founder and managing director of Cobweb Applications Ltd., a consultancy that helps companies to secure their networks and websites, and also helps them achieve ISO 27001 certification. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Michael is also a Microsoft Certified Database Administrator and a Microsoft Certified Professional