Quickheal Report Final

2010

A REPORT ON

OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

Compiled & submitted by:

DEVASISH SAIKIA MBA-IB, 2009-11 SIIB, PUNE. QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

A REPORT ON:

OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

A report submitted in partial fulfillment of the requirements of MBA Program of SIIB, Pune.

COMPILED AND SUBMITTED BY:

Devasish Saikia MBA-IB (2009-11)

SUBMITTED TO:

Mr. Pranav Pawar Assistant Manager (Marketing) QuickHeal Antivirus Technologies Pvt. Ltd.

DATE OF SUBMISSION:

12/08/2010

QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.


ACKNOWLEDGMENTI hereby admit that my summer internship project with QuickHeal Antivirus Technologies Pvt. Ltd. has been one of the most rewarding experiences that I have come across till date. I am sure that the learning that I have had from the on-site field work and interviews and interactions with the dealers and end-users of antivirus softwares during the course of my summer project would definitely add value to my future endeavors.

I would like to thank my Project guide from QuickHeal Antivirus Technologies, Mr. Pranav Pawar, Assistant Manager (Marketing) for being a constant source of guidance and support, for clearing all my doubts and showing me the direction of approach for the project. Without his support, the successful completion of this project would not have been possible.

I would also like to thank all the dealers and industry experts who have helped me with valuable information regarding the antivirus industry in India, especially the Ahmedabad region.

Working with QuickHeal Antivirus Technologies Pvt Ltd. has indeed been a memorable experience.

Thank You,

Devasish Saikia (Summer Trainee, SIIB) QuickHeal Antivirus Technologies Pvt. Ltd., Pune


CHAPTER 1INTRODUCTIONIn todays connected world, anti-virus software is more than ever a necessity to protect your computer against viruses, worms and other types of malicious code. It is by far the easiest way to give your computer a minimal level of protection. Yet, the process of choosing which anti-virus software is best suited for your protection is not so easy. That task is made challenging by numerous misconceptions that surround the anti-virus world and some of the questionable claims made by some vendors. If you surf anti-virus vendors web sites, for example, you will soon find out that many of them are the best, that many have the biggest market share or that many are the only vendors with a 365x24 support. The marketing war raging among those vendors and sometimes the lack of knowledge of their own competitors makes it rather difficult for the enduser to make a knowledgeable choice. Whether you are a home user or an IT professional in charge of security in a large corporation, it is easy to be mislead by information provided by the different vendors and sometimes, even by the press. Therefore it is important that you understand how antivirus software work and what the important criteria are, when choosing of such a solution. It is also important that you know how and where to find relevant information when making your decision. 1.1 Understanding how anti-virus software work The first step to choosing anti-virus software is to understand how they work. That will give you a better idea of the features they offer and make your way through the technical terminology used by anti-virus vendors and experts. Understanding what your anti-virus software can and cannot do will help you have the right expectations and will help you tell the difference between serious anti-virus software and the others.

1.2

How does an anti-virus detect viruses? There are several technologies used to detect viruses. Viruses and malicious code in general, are nothing more than code. So, if the antivirus companies know what the code of a virus looks like, they will be able to identify the virus when they see it. That is the first technology used by anti-virus software. It is called signature matching. The antivirus product contains a database of virus signatures and will detect a virus any time it sees code that matches an entry in the database. That is probably the most efficient way to detect viruses. The drawback to that technology is that they need to have seen


the virus before and have written a signature for it to be able to detect it. That requires the user to keep the virus signature database as up to date as possible. To work around that weakness, anti-virus software can use two other technologies: Heuristic and Integrity Checksum. The philosophy behind Heuristic technology is to be able to detect viruses or malicious code for which a signature does not exists yet. That result is achieved by using a database of virus behavior signatures. If the Heuristic technology analyzes the code for any routine or subroutine matching a virus behavior signature, we will call it static heuristic. If the heuristic technology lets the code run into a virtual machine to analyze the behavior, we will call it dynamic Heuristic. The issue with Heuristic technologies is that they can trigger false positive, where a clean file is reported as being infected. The integrity checksums are based on the assumption that a virus needs to make a modification to a system in order to infect it. The simplest example is that a virus needs to modify a file by overwriting or adding its code to the file, so that, when the file is run, so is the viral code. The integrity checksum method consists of taking a checksum of clean files or disks. Any change to the checksum indicates that the files or disks have been modified by what could be a virus. Not only can that method generate false positives, it is also inefficient against macro viruses or virus like Code Red that can insert itself into memory and run without being saved to a file. If the malicious code goes through all the scanners, there is a last line of defense offered by some anti-virus products: the activity blocker. It will block all activities that could be caused by a malicious code. The activity blocker will alert you, for example, if a process is trying to format your hard drive or write to the boot record of your hard drive. 1.3 When does the AV detect a virus? Usually, anti-virus software has two ways of operating. First, a real-time or on-access scanner, which is memory resident (or service or daemon), monitors the system activity at all times for the presence of viruses. A hook to the operating system alerts the real-time scanner when a file is accessed, allowing the scanner to check the file. It has the advantage of offering constant protection but it will only check files when they are accessed. If an infected file resides on the disk and is not accessed, the real-time scanner will not detect it. Then, an on-demand scanner can be started by the user at any given time to check a file, folder or the content of the entire hard drive for viruses. The ondemand scanner can check every single file, but it only offers a good assessment of your system at a single point in time. On demand scan can be scheduled to check all the files for viruses on a regular basis. 1.4 What anti-virus software can and cannot do?


100% protection No anti-virus software in the world will provide you 100% protection, no matter what they claim. Viruses and malicious code are often ahead of anti-virus researchers. Melissa, FunLove, CodeRed, Nimda and many other viruses have proven that fact. That is because of the way anti-virus software work. Remember they need to have the virus signature to be able to detect it. And most of the time, for new types of viruses, the heuristic technology does not quite work. That is also the reason why it is vital to be up to date on the virus definition database. However anti-virus software will provide a solid protection against all the existing viruses (about 60, 000 to date) and will provide you with a quick fix when a new one comes in.

Repair viruses If a virus is detected will my anti-virus software be able to repair it? Well, it depends. It depends on the virus that has caused the infection. Some viruses, especially macro viruses are easy to clean, because they dont damage the host file. It is easy for the anti-virus software to remove only the malicious code and repair the file. Some other viruses overwrite the content of the host file to replace it with its own code. That is the case of the Love Letter virus. In such a case, the infected files cannot be repaired. The only option is to delete the files and restore them from a backup. Last but not least, some other malicious code, like Nimda, not only infects files, they also make modification to your system. They replace system files, and/or make registry changes. To get rid of viruses of that kind, the antivirus is not sufficient. You need removal tools, available on most vendors web sites, to undo what the virus has done and clean up your system.


CHAPTER 2THE ANTIVIRUS INDUSTRY (WORLDWIDE)

2.1

Synopsis: When we look back on the years 2000-2010 from the perspective of the anti-virus industry four technology trends were responsible for substantial changes in the computing environment, which formed a backdrop for the virus problem. They are: Pervasive computing devices are now the dominant way that people interact with the digital world, far outnumbering traditional PCs, and the shift in architecture was responsible for both new problems and new protections. The decline of Moore's Law resulted in dramatically falling chip prices, resulting both in their commoditization and much more widespread use throughout the world. Broadband access to the Internet from most of the developed world put much of the Earth's population online all the time. The rise of e-commerce has affected every sector of the economy; the digital economy now rivals its material counterpart.

We review the most significant viral disasters in the past ten years, showing how they could have been predicted from these technology trends, and usually avoided. To the contrary, we show how the anti-virus industry actually responded, often after the fact. While anti-virus technology has evolved significantly since the year 2000, with several technological marvels to its credit, perhaps the most surprising change is that few end users are even aware that it exists any more. A small study about the antivirus industry in the last three decade reveals a series of related and systematic information, which has been discussed below: In 1990, virus incidents were called urban myths, like rumors of alligators in the sewers of New York. In 2000, it was so clear that viruses were real, and presented such an immediate problem, that businesses would close their network connections when they heard rumors of viruses.


In 2010, the problem may be under control, at least for the time being. In 1990, there were around 50 viruses. In 2000 there were around 50,000. In 2010 there are nearly 500,000. In 1990, virus defenses consisted of scanning tools that were often unreliable and hard to use. Anti-virus companies typically took a month or more to react to a new virus, which was fine because it took the viruses even longer to spread around the world. In 2000, virus defenses had matured to suites of products on multiple platforms that were deployed around the world. Customers had simple Internet connections to anti-virus vendors to submit suspicious objects and receive virus definition updates. Anti-virus companies typically reacted to a new virus in days sometimes less if it appeared to be a major customer problem. In 2010, virus defense consists of global distributed systems, with components in nearly every endpoint device and Internet way station in the world. Anti-virus companies typically react to a new virus in minutes, and its a good thing too, as thats how fast viruses spread around the world.

In the last decade, there have been a few dramatic virus incidents that, in some way, affected millions of people. There have been spectacular hoaxes, after which everyone blamed everyone else for not figuring them out earlier. Viruses moved to new parts of the computing ecology, almost always festering in these new niches before anti-virus technology was available to cope with them. Somehow, the world muddled through it all. In short the last decade was, for the virus problem and the anti-virus industry, much like the previous one. The anti-virus industry had a tough job in keeping up with the changing virus problem and the many new niches for viral mischief. In general, they did a great job. We can breathe the same sigh of relief that we did in 2000 when the Y2K bug did not destroy the world: through all the virus problems, the vast majority were handled quickly and efficiently and we are, after all, still here. In the process, the anti-virus industry created several technological marvels, pioneering vendor-maintained endpoint software and creating global automated defenses. Anti-virus technology has become like air: ubiquitous, vital for our survival, and almost completely invisible. Nevertheless, some people say that the anti-virus industry is still more reactive than proactive, waiting for problems to occur in a new viral niche before creating a solution for them. They say that the self-mailing viral epidemics of a decade ago went on far too long before there was an effective solution, that the Tea Party Virus could have been done years before but the


industry still wasnt ready for it, that the virus that sank Lixxuid could have been prevented. Perhaps theyre right. To be fair, it is difficult to anticipate exactly which niche will become populated with viruses, and users do not often change their behavior in the absence of a clear and present danger. Still, the stakes are increasing, and it is becoming more and more problematic to be behind in protecting new areas of the computing environment. 2.2 The Antivirus companies worldwide: The major players worldwide in the Antivirus industry in todays date have been listed below: Agnitum AhnLab Alwil Arcabit Authentium Avanquest AVG Avast Avira BitDefender Bkis Bullguard CA (ISS) & (Threat Manager) Central Command Check Point Defenx Digital Defender eEye Digital Security Emsisoft EScan ESET Filseclab Fortinet Frisk F-Secure G DATA Ikarus Iolo K7 Kaspersky Kingsoft Lavasoft McAfee Microsoft Nifty Corp. Norman PC Tools (Internet Security) PC Tools (Spyware Doctor) Preventon Proland Qihoo Quick Heal Rising SGA Corp. Sophos SPAM fighter Sunbelt Symantec Trustport VirusBuster Webroot


2.3

The last decade an insight 2000: The New Millennium In many ways, the beginning of the New Millennium was surprisingly boring. The Y2K Virus, as it was called all too often, did not cause widespread havoc. Nor did it fry all of the computers in the world, bankrupt entire countries or lead to the end of the world. As the wave of midnight spread over the South Pacific and then on to the rest of the world, the biggest surprise was that almost nothing happened. The news media, which had spent the previous year focusing on worst-case scenarios, worked hard to find anything at all, in any country whatsoever that happened as a result of the Y2K problem. Sure, there were a few minor problems, but fewer than happened on any normal day due to normal computer problems. There were, of course, computer virus problems that year, and a couple of them were quite significant at the time. They largely centered on the fact that the most popular applications the mail and document applications from Microsoft Corp. were themselves programmable, and were the medium in which viruses spread. It was the first year in which a self-mailing virus really hit big, becoming the most rapidly spreading, most widespread virus up to then. And even so, it took 24 hours to spread all around the world (since it still required people to arrive at work, open their mail and look at what was called an attachment). I doubt that more than a few techies even remember the name of that virus. What is remembered is that anti-virus companies still werent prepared to handle it. It still took them many hours to make a solution to the new virus widely available and get it right when the virus itself sprinted around the world with the speed of the rising sun. And this was after several self-mailing viruses the previous year made it more than apparent that the problem had reached a critical point. There were two other important events that year, though many people realized how important they were at a much later time. The first thing that happened was that several anti-virus companies teamed up with mail and other providers to integrate antivirus products into some of the infrastructure of the Internet. Some people at the time viewed this as a great marketing move, capitalizing as it did on the publicity that self mailing viruses had gotten, but perhaps conferring only a small increment in real virus protection. Those who have followed this technology realize how wrong they were now.


The second thing that happened is that some very basic immune system technology was deployed for the first time. A team developed it at IBM Research, in a joint effort with Symantec Corp. They were pretty proud of it at the time. It really did find new viruses, analyze them, and distribute cures for them, and it did it fairly quickly compared to what other companies could do then. Still, looking back on it, it seems rather primitive. And there were a lot of skeptics who thought it wouldnt work as well as what they were already doing, or wouldnt work at all. 2001: The Zuzu Virus The Zuzu Virus was a heinous and costly event, of course, but in retrospect it was probably inevitable. It started on March 22, 2001 with a trickle, and then a flood of panicky messages posted on various Internet newsgroups from what appeared to be hundreds of companies around the world. They said that some new, terrible virus had hit their company, that it was wreaking havoc, and that they were unable to cope with it. At the same time, anti-virus companies got copies of a very large, very complex virus that contained the string What is Zuzu? Given the obvious urgency of the situation, anti-virus gurus started analyzing it right away. It was easy to see that the virus had all sorts of code related to mail, network-based spread, password cracking, etc. But its size and complexity meant that no one would understand what it did for quite a while. The news media picked up the story. Managers of anti-virus groups were interviewed, saying that this was the most complex virus ever seen and it could be capable of just about anything. Security experts were interviewed, saying that this was just the kind of thing they had feared for years. Could this be the killer virus, the media asked, and the virus that really does bring down the Internet? Maybe, they all agreed, maybe it is. Security teams at hundreds, perhaps thousands of companies, responded quickly. Not wanting to get hit themselves, they did what they had done in previous epidemics they shut down their mail systems, since this was the primary way that epidemics spread at the time. But, because it was not understood how the virus was propagating or what affects it had, they did more they shut down their Internet connections altogether and disabled their internal networks as well. They were prepared to wait out the epidemic. Then things started getting odd. News reporters, eager to do follow-up stories on the initial warnings, sought interviews


with officials from severely affected companies. They found a lot of companies that had shut down their networks, and these made very effective stories. They found a few small companies that claimed their computers had crashed because of the virus. But, and this was the odd part, they found very few companies that would say they had been hit. And none of them could actually produce a copy of the virus. It is a measure of the naivet of the time that it was not until the next day that the underlying story emerged. It turned out that the newsgroup postings were almost all forged. There was a Zuzu Virus the one that anti-virus companies had but it was not spreading wildly around the world. In fact, it was not spreading at all. In fact, it had never spread anywhere. The whole thing was a publicity stunt gone horribly wrong. A public relations firm named MacIntyer Knox Oldsen & Urquhart had the clever idea of generating buzz for their customer Zuzu Industries, an Internet security start-up, by attaching its name to a virus scare. Unfortunately for everyone, this worked far too well. Damages to businesses from cutting off their network access were estimated at over a billion dollars. The resulting liability suits sank Zuzu Industries almost immediately. It was followed into bankruptcy soon thereafter by the ill-considered MacIntyer Knox Oldsen & Urquhart. The news media concluded that the anti-virus industry had blown the problem out of all proportion. There was a trendy term in use around that time: viral marketing. Experts dont think this is what it meant, but it certainly fell out of use very quickly after the Zuzu incident. 2002: A Little Tea Party It was the early evening of April 15, the day on which income taxes must be reported to the U.S. government. The Internal Revenue Service (the IRS), which collects federal taxes in the U.S., had made a big and rather successful push to get people to file their taxes electronically. So, millions upon millions of people were typing on their PCs, finishing their electronic tax forms, and submitting them over the Internet. At the same time, a new virus had been released and was spreading rapidly via mail. It came as an attachment to mail with the subject line IRS announces 10% tax break for electronic filing. It first appeared on the east coast of the U.S., and was subsequently thought to have


originated in Reston, Virginia. With a subject line like that, and on the very day when taxes were due, perhaps it is not surprising that it spread like wildfire across the U.S., infecting a large but still unknown number of home computers. The Tea Party Virus, as it became known, did three things. Like any self-mailing virus of the time, it sent itself to everyone in the victims address book. That was typically a few dozen to a few hundred people. Then it looked for files from a few common tax return programs and, if it found them, changed them so that more money was owed to the Government. The amount was not so large as to be obvious, but was large enough to be particularly annoying to the people said to owe it. The third thing the virus did was to delete itself, and all evidence of itself except for the changes to the tax files themselves. This turned out to be the most important characteristic of the virus. Of course, anti-virus companies got samples of this virus within minutes of its first appearance. But it was highly polymorphic, using techniques that had been widely discussed in anti-virus circles but not incorporated into automated defenses at that time. So, it sat in queues at various companies until human virus analysts got around to looking at it. By then, it was much too late. The Tea Party Virus had infected thousands, perhaps millions, of home computers, and corrupted as many tax returns returns that had already been submitted to the IRS. By the next morning, news of the virus was all over the media. It was the major story of the week. The IRS, seeking to calm worried taxpayers, announced that they had put their best people on it, that they were working closely with antivirus companies, and that the situation was well in hand. As you might recall, it wasnt. There was no way of telling which tax returns had been corrupted. Indeed, if anti-virus software hadnt caught the virus with heuristic detection in the first place and the virus had actually activated and had a chance to cover its tracks, there was no way of knowing if the virus had ever been on a users system. And that was the trick. The IRS didnt know which returns had been corrupted. The users didnt know if the virus had been on their system. There was no way to tell who owed what the government claimed, and who owed less. Not unless everyone went through their records in great detail and did their tax calculations again. After weeks of agonizing denials that they had an intractable problem, the IRS finally conceded that they could not determine which tax returns were correct and which were corrupted. Their only recourse was to ask all taxpayers who had submitted electronic forms (and there were a lot of them!) to file their tax returns again on paper. It was the right thing to do, but it caused serious delays in settling how much money taxpayers owed, and delayed many tax refunds by months. The resulting public outcry prompted the U.S. Congress to pass legislation requiring all federal agencies to install and run anti-virus software on all of their systems, and to filter incoming and outgoing traffic for viruses. They


also banned electronic filing of tax returns, which is why, to this day; we still submit them on paper every year. Now the clever among you will have noticed that none of the things the Congress did would have actually prevented the Tea Party Virus, or in fact diminished it in any way. But the Congress felt they had to do something. Later that same week in April, a man named Martin Fennig was arrested and charged with writing the Tea Party virus. He was subsequently convicted in what appeared to be a fairly straightforward case. The conviction was overturned on appeal for procedural errors by the investigators and Fennig was freed. While there are various theories about who might have written the Tea Party Virus, no one else was ever charged. 2003: Pervasive Pervasiveness In 2003, another seminal event occurred though, again, few people realized how seminal it would be for the anti-virus industry. For the first time since the early 1980s, the PC was no longer the most prevalent computing platform in the world. It had been overtaken, as widely predicted, by what were then called pervasive computing devices. These were Personal Digital Assistants, WebPhones, and most devices running the low-end operating systems from The Windows Company. These devices were aimed at people who used them as special-purpose artifacts designed to do a few tasks and nothing else. These people were not interested in general-purpose computing, and were certainly not interested in becoming system administrators for a half-dozen such devices. So the manufacturers did the obvious thing. They relieved their customers of the responsibility of system administration by doing it for them. Almost all of these devices had subscription features that allowed the manufacturer to update the device automatically with bug fixes and feature enhancements. As you know, this strategy was very successful. Anti-virus companies were working on protection for these devices, but these were not usually high-priority projects. Sure, viruses had been written for virtually all of the environments used by these devices, but no viruses were actually spreading in any significant way. Anti-virus efforts were not, therefore, fabulously aggressive. There was basic technology to scan some objects, or to prototype a simple heuristic or two but, with few exceptions, there was not a concerted effort to protect these platforms against future threats. 2004: With Sugar, Please In July of 2004, the Java 4 standard was announced. It included a new security model called Sugar. The Java Group had focused on security since Java began. In this release, they focused on enterprise-wide, and even global, administration


of security. Behavior Control Lists (BCLs), which were introduced in Java 3, were greatly extended so that developers and administrators could enforce very fine-grained restrictions on the operation of a Java applet or application. Developers could specify the behaviors that needed to be allowed for the program to run. Administrators could specify policies for what behaviors were allowed globally, for each software developer, or for each program. Having extended BCLs, the Java Group also put into place a clever hierarchical management scheme for it. An enterprise could establish and enforce a global BCL policy, and each division within the enterprise could add its own local BCLs. BCLs and their management structure were set up to be dynamic. They could be modified or updated relatively quickly. A change in the global BCL policy could be reflected across an enterprise in an hour or so. Anti-virus companies viewed this as an opportunity to expand their existing services of examining programs and declaring them to be either viruses or Trojan horses. They offered services in which they would certify that the BCLs associated with a given app were correct, that is, both needed by the program and not generally dangerous if used. Subscribers to the service could get updates to the BCL certifications and deploy them very quickly to every Java installation they had. The anti-virus companies offered to certify programs developed by others, initially for a fee and then, when that proved unpopular with the development community, for free. Curiously, this was not a commercial success. It seems that developers felt they could do this better themselves, and companies did not want to rely on anti-virus vendors to certify the software they used. Ominously, the Sugar architecture was not adopted by The Windows Company, which continued to pursue its strategy of promoting a competing active content language that did not have similar security architecture. 2005: The Digital Economy As quickly as the Web had become a major social force during the 1990s, this last decade saw the dramatic rise of the global digital economy. First seeking broader markets for their services and more competition among their suppliers, companies started finding, contracting with, and doing business with other companies over the Net. It was clear that these first few sparks would burst into a bonfire as soon as the number of these businesses reached critical mass. It was clear that it would transform the global economy. What surprised everyone, as they had been surprised by the Web a decade earlier, was how quickly it happened. By 2005, there was no longer any doubt that the world was in the midst of an economic revolution that would be bigger than the Industrial Revolution. Company after


company rushed to solidify their presence in the digital economy, eventually automating much of their routine business processes and supplier relationships. Opportunities for new companies that facilitated business in this new world were at an all-time high. This was the revolution that carried Lixxuid4 into global prominence. What started as a small Australian-based Internet bank in late 2000 grew explosively to become the twenty-fifth largest bank in the world by 2005 an event unprecedented among financial institutions by facilitating financial transactions for businesses in this digital economy. Then, on August 9, 2005, Lixxuids luck ran out. It was mid-morning in Melbourne, and usage of their primary transaction gateways went through the roof. Almost simultaneously, their phones filled with customers reporting that their transactions were not being processed. It took over an hour for worried administrators to confirm what they feared: they were under attack. At first, they thought it was hackers, since it looked initially like a common kind of denial of service attack. But, each time they thought they had a handle on the problem, it grew worse. By the end of the first day, they were under attack by more computers than they could count. The attackers turned out not to be hackers, but viruses, using a variant of the VDP (Viral Distributed Ping) attack.5 The number of attackers kept increasing because the number of infected systems kept increasing in those first few hours. You may not remember, but anti-virus companies did pretty well during this incident. They got copies of the virus right away, and had solutions for the virus available well before the sun set in Melbourne. (Some companies had a solution much faster than others, for reasons that modesty forbids me to mention.) What did not go well was actually eliminating the virus. While almost everyone had the capability of automatically updating their virus definitions and cleaning any new viruses off of their systems, very few people had this feature turned on. Indeed, most corporations still required manual approval to distribute definitions, either because they had extensive in-house testing procedures or because they didnt want to be the first ones to distribute definitions that might cause internal problems. That was probably a good and conservative choice for their own companies. But it meant that the VDP-XX virus could gain an early and firm foothold in hundreds of companies, and tens of thousands of households, worldwide. And all of them were aimed at Lixxuid. Lixxuid issued a hasty press release, suggesting that they would take legal action against companies and individuals who did not take rapid measures to prevent their systems from attacking their bank. The media picked this up and made it part of almost every story they ran. This got the attention of lots of people, especially in the more litigious countries, and lots of people and companies made sure they updated their anti-virus software to eliminate the virus. The viral population peaked early in the second day. Lixxuid system administrators worked around the clock, and had


achieved some reduction in the incoming flood of traffic, but not nearly enough to control the attack. It took another day and a half before a combination of antivirus software, media warnings, and hastily-crafted network filters brought the attacking traffic down enough that Lixxuid could once again process transactions, and even then only slowly. But the damage had been done. Lixxuids doors had been closed for just over three days, and the world does not appreciate a bank that closes its doors. On the first day that Lixxuid reopened for business, they bled to death from customers withdrawing their money and closing their accounts. It is, by now, the most analyzed bank failure in history. Police and investigatory agencies from around the world joined in the search for the perpetrator or perpetrators of this crime. The search went on for many months. Whether it was because those responsible were crafty or just very, very quiet, no one was ever arrested. To this day, theories abound. In the following year, over 50 copycat attacks were stopped before they started by antivirus protection that was already in place, and several authors of the copycat viruses were arrested and ultimately convicted. Whether any of these copycat authors was the author of the original VDP-XX virus is not known. 2006: Moores Wall 2006 brought a worrisome realization. For decades, Moores Law was the foundation on which progress in computing was built the nearly unshakable belief that advances in silicon technology would lead to chips whose performance doubled every 18 months. A prescient article by an Intel engineer in 1999 suggested that, in the following decade, the chip industry faced a series of very difficult obstacles. The oxide layer, which allows transistors to be switched on and off, would become so thin just a few atoms thick that it would no longer be an effective insulator for the switching current. Dopants, which create free electrons for the switchs current, would become so sparse that the transistors themselves would be unreliable. Solutions to these problems, the article pointed out, were not obvious. Still, people in the chip industry, and throughout the computing industry, were unfazed. Moores Law would continue its inexorable climb one way or another, they assured each other. It had always been thus, they reasoned, and thus it would always be. Unfortunately, their optimism was not borne out. New ways of building transistors on chips to avoid these problems turned out to be difficult to manufacture. New chip architectures to deal with the inherent unreliability of the transistors turned out to be more elusive than hoped. For a few years, everyone watched the performance curve deviate ever so slightly from Moores Law. That had happened before, they said, and it always gotten back on track. They were sure that someone, somewhere, would find a solution to


these problems. But by 2006 the trend was clear. Chip performance was not increasing as rapidly as predicted. Despite tremendous efforts, the problems had not been solved. We now refer to this as Moores Wall the wall into which the chip industry ran, headlong, and with dramatic consequences. The optimists are with us always. Now they tell us that new technologies are just around the corner - 3D devices, Molecular computing, Quantum computing. They assure us that we will soon return to those halcyon days, that Moores Law will rise again in a new realm as it has before, that Moores Wall will be known to our children only as Moores Lapse. And experts think theyre right. What is not clear is how long it will take to perfect these new technologies, to make them manufacturable, to make them reliable, to make them affordable. What is not clear is how long Moores Lapse will be. In 2006 Intel, then the worlds pre-eminent maker of microprocessor chips, introduced the Intel Googlium microprocessor and, at the same time, announced that Moores Law was at an end that decades of easy performance increases were over, at least for the time being. The Intel Googlium was to represent the last significant silicon-related performance enhancement of the decade. 2007: The Unwiring of India Moores Wall had an interesting effect. As it became harder to compete on raw chip performance, basic chips became cheaper. And this happened at the same time as the world piled into the digital economy. Several progressive countries made big bets on these two trends. India was probably in the forefront. The unwiring of India, started in 2003, was declared complete in 2007. High bandwidth wired access was available in all major urban areas along with moderate bandwidth wireless access. This accelerated massive buying of nowcheap network devices in India, contributing further to their dramatic worldwide price decline. In the space of a few years, this snowball effect spread devices throughout the developed world and much of the developing world. Today, the people at this conference are constantly connected to the Internet through the halfdozen devices that we carry or wear all the time. This was a big change. The ubiquity of these new devices was not missed by the virus writers. Device viruses became the dominant virus problem. Anti-virus companies scrambled to update their device technologies to handle the plethora of new viral carriers, and hook them into their automated defenses.


2008: Nothing Happens In 2008, nothing happened. Well, nothing directly relevant to the anti-virus industry, anyhow. I suppose that people in the U.S. would regard the election of President Clinton as significant.

2009: A Solution Emerges Each decade seems to have brought with it a standard architecture to address the virus problem of the time, and this decade is no different. As in previous decades, the solution addresses the new problems that have emerged: Internet-based spread. Virtually all viruses today spread primarily via the Internet. Naturally, there are viruses that spread by other means, and the anti-virus industry is always issuing breathless press releases about some tricky new way a virus spreads. But nothing even comes close to Internet spread in terms of pervasiveness and speed. So, most of the virus incidents seen by real people are spread via the Internet. Fortunately, the Internet is an important part of the solution. Ten years ago, the idea of integrating anti-virus software with commercial mail services was new. Now, no one in their right mind would subscribe to a mail service that did not filter out viruses. (There are people who do, and while they seem to have a kind of herd immunity because almost everyone else has filters, they do get more virus infections than the rest of us.) As active content became a part of standard XML business transactions between companies, and after viruses showed up there as well, nearly every business-to-business transaction facility now includes integrated virus filters. Similarly, device hubs quietly watch for viruses in transmissions to and from the many devices we now carry with us or wear. At the endpoints the devices we all carry around manufacturers nearly universally integrate anti-virus software into these devices before we purchase them. Administrative overhead. As the demands of anti-virus updates on system administrators, and particularly end users, became more severe, the industry took that burden upon itself. Just as other kinds of software are updated automatically by the company that develops them correcting bugs or adding features antivirus software is largely updated automatically. Anti-virus software was one of the first kinds of software to need continuous updates, and anti-virus companies were among the first to pioneer the subscription models that have become common throughout the software industry. Coupled with network-based virus filtering and nearly universal integration of anti-virus software into devices before they are purchased, automated updates mean that most users are blissfully unaware that they even have anti-virus software. It has become part of the firmament of nature in cyberspace - Rapid epidemics. Back in the late 1980s,


when personal computer viruses were just beginning, those viruses spread on floppy diskettes, that is, on physical media that one person would hand to another person. This was really slow! It took a typical virus months or even years to become prevalent around the world, if it ever did. These days, viruses sweep around the word in hours or minutes. The anti-virus industry has responded with technology for rapid, network-based response to epidemics. The goal of this technology is the same as for the early immune system in 2000 find new viruses, craft cures for them, distribute and install the cure everywhere, and do this faster than the viruses themselves can spread. But we must admit that the solution that has evolved is quite a bit faster and more comprehensive than what we put together in 2000. It would have been hard to imagine back then. Complex viruses: The virus writers didnt go to sleep during the last decade unfortunately. They have continued to develop techniques that tax even our current, very impressive, anti-virus technology. A decade ago, industry pundits predicted that scanning looking for strings within a file that would indicate a virus would fall by the wayside, to be replaced by . That didnt happen, but viral defense did evolve to blunt the tactics of the virus writers. One virus writing tactic that emerged at first by accident and later, I think, on purpose was Lurking, making it hard to find a virus via simple scanning technology that performed only a very simple examination of certain parts of certain objects in the system. The antivirus industry was forced to move to more comprehensive scanning scanning all parts of all objects, and doing some fairly sophisticated analysis during the scan. This all took time, and a naive implementation would have been very, very slow. The anti-virus industry came up with a clever solution use various heuristics, long relegated to second-class status as virus detectors as filters in front of scanners. That is, heuristics are now used as a first check for whether an object might be infected. The front-line heuristics are very fast, and eliminate most objects as not being infected. Any remaining objects are passed to second-line heuristics that are a bit slower and a bit more precise. And down the line until the object is passed to scanners, and then verifiers, to determine with great precision and certainty that it is infected, and with which virus it is infected.6 Among these front-line heuristics are the nearly abandoned change detectors of twenty years ago, which can tell quickly if an object has changed since it was last checked for viruses; if it has not, if it was not previously infected, and if the virus detector has not been updated, its not necessary to check it again. Small devices: Earlier in the decade, it was widely believed that devices the computing devices we carry and wear would require radically different anti-


virus technology, at least to protect their internal environment. They were, it was argued, so small with hardly any memory at all - so small that it would not be possible to fit the ever-growing PC-based anti-virus products into them. Interestingly, this turned out to be right and wrong. It was right in that the monolithic, stand-alone applications that were typical of anti-virus protection then would not fit. Nor would the ever-growing scanner-based virus definition files certainly not with as many viruses as we have cataloged today. But it was also wrong; it was not necessary to stuff old programs into new devices. In retrospect, the solution was obvious. The heuristic hierarchy that solved the speed problem for complex viruses is the first half of the solution. Most of the time, its not necessary to have anything running in the devices except the first-level, or maybe the second-level, heuristics. And those are typically small and fast. The second half of the solution is the Internet. If its ever necessary to actually scan an object inside a device, its not necessary to scan it for all 500,000 known viruses. Intermediate heuristics can easily cut the search down to a few hundred viruses at most. These devices can easily cache virus definitions for the viruses youre actually likely to see. For all the rest, the definitions can simply be paged in from the next level up in the network. In fact, the networks of anti-virus vendors are now all hierarchical, caching the least information possible in the customer devices and systems, staging the less-used information in intermediate servers and gateways, and connecting them to the automated analysis facilities and human analysts that are at the pinnacle of the pyramid. The Internet makes it all one global system. 2010: Hello? Hello? Here it is, 2010. The anti-virus industry has been working on the virus problem for over twenty years. All in all, things seem to be going pretty well this year. There have been no major virus incidents, no overblown virus hoaxes. The nearly seven billion residents of the planet have gone about their daily routines shopping, gossiping, composing symphonies, and waging war all without thinking very much about computer viruses. And thats how it should be. There is one thing thats just a little bit odd recently. In the past few days, the phones have been acting up. It seemed to happen at the same time as an automated update of the operating system from The Windows Company for the phone component of devices. At first, everything other than the audio channel was fine. Then the ear-ring too, and then the sketchpad. Many people might have had the same experience. There was a news alert a few minutes later. This has never happened before, at least not this widespread. Its still not clear whats going on. The media


are saying its a virus, however nothing is sure yet. Hopefully we will know more during VB 2010 itself and be able to tell a more complete story.


CHAPTER 3THE ANTIVIRUS INDUSTRY (INDIA)India is a fast growing country in all segments especially the IT sector. Starting from internet savvy youth, to necessities in education, social networking generation to IT career seeking chunk of the Indians and from outsourcing businesses to data security conscious Corporates, everyone is in search for the best and suitable antivirus for the protection of their data and machines. And this has created a luring market for antivirus companies all over the world to venture into the Indian market to reap benefits for both themselves as well the over a 120 crore population. In recent times, the anti-virus market in India has opened up and global players are now eying the Indian market, especially the retail, SOHO and SMB segments as they offer huge opportunities for penetration. While the vendors such as ACI Infocom, Unistal, ESET and AVG have already entered the Indian market with a host of new products, others are preparing to enter the rat race. Sources within the industry say that Kingsoft (China) is another vendor that is watching the Indian anti-virus industry closely and evaluating its options here, while Panda from Spain has plans to re-enter the country. While vendor competition becomes tougher, customers are rejoicing as this has given rise to genuine anti-virus products becoming increasingly affordable. Channel partners are watching this space closely as it is proving to be a lucrative business area. According to a Gartner prediction dated Saturday, 29th August 2009, the Asia-Pacific security market was expected to be growing at an average of 28 percent, even as the worldwide market for anti-virus solutions at large is growing at 12 percent. The advent of a host of anti-virus and Internet security vendors has opened up the market for customers in the retail, SOHO and SMB domain. Many of these vendors have introduced antivirus at a price range of Rs 300-400, thereby giving customers the option of buying genuine software at an affordable price. 3.1 Experts voice: MH Noble, MD, Zoom Technologies, distributors of Kaspersky range of solutions in India said, Anti- virus only sells when the product cures and removes virus and does not slow down the computer/system. No small, local or foreign player can threaten the business of an established player, as it requires a big team carrying out research in several different regions and analyzing the samples in all regions of the world for the product to be effective. However, the product has to be affordable. Peter Baxter, VP-Business Development, AVG Technologies explained, No company is secure and competition-proof in today's age especially with so many anti-virus


software solution providers (SPs) entering the Indian market. However, regardless of the technological superiority of any company, without adequate support one can quickly lose customers. Pricing, coupled with consistency and value for money, plays an important role when it comes to grabbing the market share. While many brands decide on a lowentry point and increase price over time, we believe that the Indian consumer is now savvy to this and looks for consistency and support as opposed to short-term pricing reductions. The established players and the ones who have been around in the market for decades, however are of the opinion those competitions only toughen them up. These vendors are of the view that having several options will give customers an ability to get more discerning and enable differentiation between anti-viruses that can give them just protection and the ones that can provide them greater protection. Sharing his views on rising competition, Jaganath Patnaik, former VP-Sales and Marketing, QuickHeal who is now with Kaspersky AV pointed out, Pricing has never played that important a role as far as anti-virus solutions are concerned as one needs to offer value for money to the customers. Pointing out that anti-virus as a product is very similar to an operating system software, and like a user, who needs only one operating system to run the machine, he only needs one anti-virus solutions to fight viruses, Karthik Shahney, Regional Director, McAfee stated, When it comes to buying an anti-virus, price does play a deciding role for the customer but he also seeks quality. Anti-virus, as software, is getting commoditized and the new entrants are lowering prices to penetrate the market further. However, security market is not only about anti-virus. The customer needs to bear in mind whether he needs simple protection or great protection for their machines and in case of latter, only that vendor who can provide 24x7 support and has an effective R&D in place can meet their requirements. Echoing similar sentiments, Amit Nath, Country Manager India & SAARC, Trend Micro shared, Vendors who understand the anti-virus market are going to remain unaffected by the fact that competition is on the rise. Throwing rock bottom prices at the market will not really help the new entrants grow as vendors. One needs to have a road map of three/four years, visualize the growth of the industry and have a strong R&D setup in place. Nath further mentioned that 'price vs value' phenomenon will not work for too long. Hence, buying an anti-virus is more or less like purchasing a mobile phone. There are numerous options available and one needs to keep the desired features and price of the product in mind, before they select the best possible option. With the influx of a host of antivirus vendors, the customers will be in a better position to discern the quality of the product which will happen only when they have experienced the product. Hence the vendor who develops closeness with the channel partner community and offers good quality product backed by effective R&D set-up will continue to survive and grow in the market.


The antivirus industry in India started quite late compared to its foreign counterparts, but has been doing serious business thereafter. One of the major and pioneer players in the market was Symantecs Norton antivirus. However, the main problem that these companies faced that time were the lack of awareness among the people, and the very high price at which these softwares were pitched in the market. Along with these, the low usage of internet and poor marketing and advertisement campaigns also contributed towards the late spreading of the antivirus network in India. Now, the market has changed a lot with highly efficient yet affordable antivirus products flooding the market. Perhaps this has come across probably due to the do-or-die competition that the antivirus companies have entered into in this sub-continent. And with the customers growing smarter by the day, these companies have to put their think tanks to the best use to capture new segments of the untapped market and even to retain their existing clients. 3.2 Antivirus products operating in India: An attempt to list the antivirus companies products operating in India has been given below: Avira Antivirus Avast Antivirus AVG Antivirus BitDefender Antivirus EScan Antivirus ESET NOD32 Antivirus F-Secure Antivirus G-Data Antivirus K7 Antivirus Kaspersky Antivirus Kingsoft Antivirus McAfee Antivirus Microsoft Security Essentials Norman Antivirus and Anti-Spyware Net Protector Antivirus Panda Antivirus PC Tools Spyware Doctor with Antivirus QuickHeal Antivirus Sophos Antivirus Symantec Norton Antivirus Trend Micro Antivirus and Anti-Spyware Trustport Antivirus


CHAPTER 4THE ANTIVIRUS INDUSTRY (AHMEDABAD REGION)Ahmedabad, the economic capital of the prosperous state of Gujarat has been a battlefield for the antivirus companies lately. With QuickHeal Antivirus products leading the way in the region at present, the competitors such as Kaspersky, Symantec, EScan, K7, etc are trying hard to reduce the gap and grow in publicity and sales. The study and survey conducted over a period of six weeks in Ahmedabad region has helped conclude that QuickHeal Antivirus Technologies Pvt. Ltds product Total Security 2010 has been the antivirus software with the highest demand followed closely by Kasperskys 2010 edition of the antivirus. Though the residents of this city have not been counted among the tech-savvy population of the country for long, yet the present scenario reveals a latent market for the antivirus companies to venture into. The Governments initiatives to uplift the technological side of the individuals of the state has led to the extensive usage of computers and other electronic media of education and this in turn has increased the chances of the growth of internet-bourne viruses. Just 3-4 years back the state didnt find a good reason to go after antivirus security as there was a pretty less habit of referring the internet among the laymen for knowledge and information. Now, with the increasing introduction of Wi-Fi networks all across the city (in malls, colleges, schools, Offices, etc), along with the inseparable usage of the carrier of malware USB devices, the proximity of the laptops and computers being infected with viruses has become a major threat. Moreover, the awareness about data theft and its security among the common men has led to everyone going for an antivirus right at the time of purchasing the machines. Earlier antivirus software was more of a product which used to give mental peace to the techsavvy person that his machine and data are safe. But now, the technical know-how has expanded so like a forest fire that people are not just contended with the mental security that they have an antivirus installed on the laptops or desktops. They have started demanding extended features which give them not only maximum possible protection from malware and data theft but those which also helps them work efficiently on the systems, without slowing down or interfering in the work that they are doing. The major factors influencing the antivirus softwares which are playing each other in the Ahmedabad market are: Quality Price


However there exists one superior factor which influences both of the above mentioned aspects and that is Brand image. For example: Symantec Norton antivirus has been an old and quality player in Ahmedabad, and people still remember this brand whenever antivirus is talked about. With the advent of other softwares entering the Ahmedabad market Norton has no doubt lost some ground but it still is a brand to compete with. Norton antivirus is expensive as well, but it has built its image in such a way over a period of time that people who prefer quality will go for Norton AV. A comparatively newer brand Kaspersky AV has gained ground and recognition within a very short span of time. A factor which has boosted the sales of Kaspersky is its low cost. Basically speaking, the business-minded mentality of the Ahmedabad crowd brings in a tendency in them to go for products which give them quality and which comes cheap as well. At present, QuickHeal Antivirus Technologies Pvt. Ltd.s products are in demand despite a higher price range. Discussions with some of the end-users have revealed that the advertisements that QuickHeal has aired on the radio and television have helped in increasing its brand value among the people who already were using some brand of antivirus as well as spreading news about its presence in Ahmedabad among the first timers. Another key factor which encourages an end-user to go for a particular brand is the realization of value. In the case of an antivirus software, local on-site technical support along with 24x7 operating toll-free number are best suited for delivering the basic value that a customer may expect. QuickHeal Antivirus Technologies is the only company which offers technical support home-to-home for the customers in Ahmedabad at present. So it shows in the sales of its products. Net Protector Antivirus, which is an upcoming brand in the city, is following in QuickHeals footsteps and is trying to give technical support through the dealers to all the customers. Further details about the Ahmedabad antivirus market have been given in the Key Findings section in the later part of this report. The major Antivirus companies operating in Ahmedabad are: QuickHeal AV Kaspersky AV K7 AV Symantec Norton AV Net Protector AV EScan Internet Security and AV McAfee AV Trend Micro AV G-Data AV AVG Antivirus


Some other brands which exist in the end-users catalogue apart from the above mentioned antiviruses are: Avast AV/ Avira AV Panda AV and some others.

These other brands have probably been introduced through the internet downloads as free versions or pirated softwares. Piracy had been actively involved in the Ahmedabad antivirus market about 2-3 years back. And it used to pull away an alarming chunk of the customers. But frequent crackdowns by legal authorities have shrunk the piracy market considerably. Genuine softwares which have a market price of around Rs. 1000-1300 were sold for just Rs. 100-150 in the pirated version. It is this reason because of which the dealers as well as the end-users frequently took refuge in this market so religiously. However, the low cost genuine antivirus softwares which have been introduced lately have added to the decline of the piracy market. Moreover regular and automatic update facilities in most of the new antivirus softwares over the internet have helped promote the cause of genuine softwares greatly. Added to these, recently Microsoft had initiated raids with the help of police authorities at major centers which used to deal in pirated software business and taken necessary legal action which has dampened the piracy market to a large extent. Such measures on a repetitive basis can expectedly increase the sale of genuine software, be it antivirus or operating system or other software products.


CHAPTER 5QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

5.1

An insight: Incepted in 1993 by the Katkar Brothers it started with a product idea in the security and Anti- Virus domain. It successfully developed an Anti-Virus product and christened it Quick Heal. In 1995 was incorporated to form CAT LABS PVT LTD to make Brand Quick Heal a strong brand in the IT security field. In an industry, which has seen very few success stories and overwhelmed by the technical challenges posed by new viruses every day Quick Heal has grown exponentially in the past 13 years. This is evident by its presence in more than 50 countries worldwide and its listing on more than 400 shareware sites and with a growth rate of nearly 100% year on year. Over the years they have moved from a simple Antivirus Company, to a comprehensive Security Products Company. Certification, Independent Software vendor certification from Microsoft Corporation, Major shareware sites top accreditation, MOU with CERT_IN a Government of India venture into cyber security and top reviews in major industry magazines. We are also among the top 100 emerging companies as rated by Red Herring. Quick Heal strength lies in its exceptional team of software and management professionals. Having a strong software engineering discipline derived out of Quick Heal product culture and having worked with emerging technologies for the past twelve years. Quick Heal has developed an excellent learning and adaptation capability. This unique capability has been instrumental in Quick Heal success in taking on development of the product to its present stage. Quick Heal on numerous occasions has been the first to come out with the fastest virus solutions in a record time ahead of any of its foreign counterparts.


5.2

Awards and recognitions:

Virus Bulletin award:

Quick Heal till date is the only Indian Antivirus using indigenous Antivirus engine to achieve this award. They have in all 22 Vb-100% awards as on date. The company has received the prestigious VB 100% award, on all platforms (Windows, Novell, Linux, XP, 2000, 2003, Vista etc.) the most prestigious of awards in the Anti-Virus Industry. It is the only Anti-Virus software from Asia to get VB 100% certification for its Linux based Anti- Virus. Checkmark Level 2 certification:

Quick Heal has become one of the first Anti-Virus softwares from Asian Subcontinent to bag the prestigious Checkmark Certification Level 2 by West Coast Labs U.K. Microsoft ISV Certification:

Quick Heal has been recognized by Microsoft as a Security / Anti-Virus partner. Microsoft certified Quick Heal Technologies Pvt Ltd as its Independent Software Vendor (ISV) for providing antivirus solution for Microsoft operating systems and generic mail protection service. Quick Heal has been already associated with Microsoft by offering Antivirus Quick Heal to the Genuine Microsoft Windows users at a discounted price under Microsoft Windows Genuine Advantage. With


this ISV certification Quick Heal will be able to get to work with Microsoft on Security issues for Microsoft operating systems. This certification will benefit customers through Microsoft OS compatible security solutions. MoU with CERT In:

Quick Heal has signed a Memorandum of Understanding with Indian Computer Emergency Response Team (CERT-In) for security co-operation. Under this terms of the agreement Quick Heal and CERT-In will initiate co-operative activities in the areas like Mal ware analysis and incidents on Internet Security. Red Herring Finalist:

Red Herring Magazine had short listed CAT LABS PVT LTD for Red Herring 100 Asia 2007 awards.

Compass 2007 Exhibition Award: Recently Computer association of Eastern India has awarded Quick Heal as the best product in the Antivirus segment in the Compass 2007 Exhibition.

5.3

Advantages of Quick Heal Antivirus: Quick Heal offers lethal combines of Reactive and Proactive technologies to keep viruses band other malware out from the systems. It provides e-mail, Network, Intranet and other online protection services. Needless to say, its Virus Bulletin (VB100) award winning and Check Mark


certified virus scan engine eliminates 100% In - the - Wild viruses in all types of files, compressed archives, and mailboxes both Online and Off-line. What distinguishes Quick Heal from its peers is its design philosophy, which is user friendly, futuristic in nature to counter the most dangerous malwares. This ensures that the users get a stable, reliable and consistent protection of the highest standard while exploring every corner of the cyber world not only from the known virus but also against unknown threats. Quick Heal Antivirus Technologies Pvt. Ltd. is the leader in providing prompt and easily accessible technical support through email, telephonic and chat. Regarding technical intricacy they are rated as best for unknown malwares (DNA, sensor, heuristic), real time protection for unknown viruses, low on system resource, optimum balance between performance and security. Moreover they have small and incremental updates (2-6 times per day), free upgrade policy, and flexible licensing policy. Their user friendly interface makes easy for customers to operate.

5.4

Features of Quick Heal Antivirus: DNA Scan Technology QuickHeal Active Sensor QuickHeal Messenger Smart E-mail protection Smart Memory Scanning Emergency Bootable CD Native Boot Scan QuickHeal Firewall Protection Content Filter MS-Office protection Complete and small upgrades Anti Root-kit PC to Mobile scan Antimalware support Advanced System Explorer Window Spy Data Theft Protection System Hijack Restore Privacy Track Cleaner Drag N Drop Scanning Multiple Scanning


Control Scanning Automatic Hourly Update System Multiple Scheduling of Scanning Powerful Quarantine Tool

These features are the combined overall features available in the entire range of QuickHeal antivirus softwares.


CHAPTER 6COMAPARATIVE STUDY QUICKHEAL V/S OTHERSA detailed comparative study conducted by VIRUS BULLETIN in April 2010 revealed the performance and feature results of the above mentioned antivirus companies products. The results have been categorized and shown below: On demand tests:Polymorphic viruses

On-demand tests Agnitum AhnLab Alwil Arcabit Authentium Avanquest AVG Avira (Personal) Avira (Professional) BitDefender Bkis (Gateway Scan) Bkis (Home edition) Bullguard CA (ISS) CA (Threat Manager) Central Command Check Point Defenx Digital Defender eEye Digital Security Emsisoft EScan ESET Filseclab Fortinet

WildList

Worms & bots

Trojans

Clean sets

Missed0 0 0 0 0 0 0 0

%100 100 100 100 100 100 100 100

Missed105 424 28 747 140 46 17 11

%97.96 91.75 99.46 85.47 97.28 99.11 99.67 99.79

Missed191 8 507 1319 3 1989 26 0

%89.11 99.59 93.28 79.03 99.85 65.32 98.79 100

Missed1255 5703 197 5781 1759 446 284 148

%89.39 51.78 98.33 51.12 85.13 96.23 97.60 98.75

FP

Susp.1 2

6 4 1

0 0

100 100

11 24

99.79 99.53

0 0

100 100

148 618

98.75 94.78

3

99.58

807

84.31

2773

51.85

6551

44.61

18

97.50

847

83.53

2776

51.20 100 92.06 92.06

6551

44.61

0 0 0

100 100 100

18 432 430

99.65 91.60 91.64

0 958 958

316 5184 5063

97.33 56.17 57.19

0 1 0 0

100 99.99 100 100

109 56 109 135

97.88 98.91 97.88 97.37

191 9 191 191

89.11 99.91 89.11 89.11

1229 379 1251 1338

89.61 96.80 89.42 88.69

1 5 1 1

104 974 0 0 1548 0

99.99 99.95 100 100 97.97 100

282 10 18 23 310 330

94.52 99.81 99.65 99.55 93.97 93.58

288 1285 0 0 9913 30

83.47 78.59 100 100 41.20 99.09

2764 202 320 172 1881 3099

76.63 98.29 97.29 98.55 84.10 73.80 5 1 1

3 1 3

1


Frisk F-Secure (Client Security) F-Secure (PSB Workstation) G-Data Ikarus iolo K7 Kaspersky (Antivirus 2010) Kaspersky (Antivirus 6) Kingsoft (Advanced) Kingsoft (Standard) Kingsoft (Swinstar) Lavasoft McAfee Total Protection McAfee Total Protection Microsoft Nifty Corp. Norman PC Tools (Internet Security) PC Tools (Spyware Doctor) Preventon Proland Qihoo Quick Heal Rising SGA Corp. Sophos SPAMfighter (VIRUS fighter Plus) SPAMfighter (VIRUS fighter Pro) Sunbelt Symantec (Endpoint Protection) Symantec (Norton Antivirus)

0

100

185

99.40

0

100

1997

83.12

1

0

100

18

99.65

0

100

532

95.50

0 0 973 0 0

100 100 99.95 100 100

18 4 3 186 56

99.65 99.92 99.94 96.38 98.91

0 0 1285 3 0

100 100 78.59 99.85 100

532 11 142 1984 463

95.50 99.91 98.80 83.23 96.09 1 1 1

0

100

45

99.12

0

100

255

97.84

1

99.99

74

98.56

1

99.99

545

95.39

0

100

1008

80.40

2382

56.61

10525

11.02

0

100

934

81.84

2382

56.61

9352

20.93

6 0 0

99.17 100 100

659 15 31

87.18 99.71 99.40

3350 1994 4

47.72 65.16 99.99

6625 107 484

43.99 99.10 95.91

1 2

0 1 1 104

100 99.99 99.99 99.99

46 30 71 284

99.11 99.42 98.62 94.48

1 0 1 293

99.99 100 99.99 82.92

786 543 673 2789

93.35 95.41 94.31 76.42 3 5

0

100

25

99.51

0

100

243

97.95

0

100

25

99.51

0

100

245

97.93

0 0 0 0 0 0 0

100 100 100 100 100 100 100

135 111 23 188 620 26 44

97.37 97.84 99.55 96.34 87.94 99.49 99.14

191 191 11 5 1130 0 0

89.11 89.11 99.98 99.51 70.02 100 100

1338 1308 354 1955 5435 364 554

88.69 88.94 97.01 83.47 54.05 96.92 95.32

1 1

3

0

100

136

97.36

191

89.11

1360

88.50

0

100

135

97.37

191

89.11

1338

88.69

0

100

15

99.71

1994

65.19

121

98.98

2

0

100

38

99.26

0

100

324

97.26

0

100

21

99.59

0

100

392

96.69


Trustport VirusBuster Webroot

0 0 0

100 100 100

3 109 36

99.94 97.87 99.30

0 191 0

100 89.11 100

23 1229 483

99.81 89.61 95.92

On-access tests:On-access tests Agnitum AhnLab Alwil Arcabit Authentium Avanquest AVG Avira (Personal) Avira (Professional) BitDefender Bkis (Gateway Scan) Bkis (Home Edition) Bullguard CA (ISS) CA (Threat Manager) Central Command Check Point Defenx Digital Defender eEye Digital Security Emsisoft EScan ESET Filseclab Fortinet Frisk F-Secure (Client Security) F-Secure (PSB Workstation) G DATA Ikarus iolo WildList Worms & bots Polymorphic viruses Trojans

Missed0 0 0 1 0 0 0

%100.00% 100.00% 100.00% 99.86% 100.00% 100.00% 100.00%

Missed115 424 20 751 193 30 15

%97.76% 91.75% 99.61% 85.39% 96.25% 99.42% 99.71%

Missed191 8 507 1319 3 26 41

%89.11% 99.59% 93.28% 79.03% 99.85% 98.79% 100.00%

Missed1373 5713 172 5811 2061 421 169

%88.39% 51.70% 98.55% 50.87% 82.58% 96.44% 98.57%

0 0

100.00% 100.00%

12 30

99.77% 99.42%

0 0

100.00% 100.00%

165 651

98.61% 94.50%

3

99.58%

807

84.31%

2773

51.85%

6551

44.61%

18 0 0 0

97.50% 100.00% 100.00% 100.00%

847 18 432 430

83.53% 99.65% 91.60% 91.64%

2776 0 958 958

51.20% 100.00% 92.06% 92.06%

6551 316 5184 5063

44.61% 97.33% 56.17% 57.19%

0 1 0 0

100.00% 99.9999% 100.00% 100.00%

113 99 115 140

97.80% 98.07% 97.76% 97.28%

191 9 191 191

89.11% 99.91% 89.11% 89.11%

1319 858 1373 1421

88.85% 92.75% 88.39% 87.99%

123 0 0 2595 0 0

99.99% 100.00% 100.00% 97.91% 100.00% 100.00%

284 24 71 295 330 192

94.48% 99.53% 98.62% 94.26% 93.58% 96.27%

338 0 0 11413 30 0

81.83% 100.00% 100.00% 37.25% 99.09% 100.00%

2960 346 392 1718 3171 2070

74.97% 97.07% 96.69% 85.48% 73.19% 82.50%

0

100.00%

22

99.57%

0

100.00%

541

95.43%

0 0 973 0

100.00% 100.00% 99.95% 100.00%

22 6 3 186

99.57% 99.88% 99.94% 96.38%

0 0 1285 3

100.00% 100.00% 78.59% 99.85%

541 26 142 1984

95.43% 99.78% 98.80% 83.23%


K7 Kaspersky (Anti-Virus 2010) Kaspersky (Anti-Virus 6) Kingsoft (Advanced) Kingsoft (Standard) Kingsoft (Swinstar) Lavasoft McAfee Total Protection McAfee Virus Scan Microsoft Nifty Corp. Norman PC Tools (Internet Security) PC Tools (Spyware Doctor) Preventon Proland Qihoo Quick Heal Rising SGA Corp. Sophos SPAM fighter (VIRUS fighter Plus) SPAM fighter (VIRUS fighter Pro) Sunbelt Symantec (Endpoint Protection) Symantec (Norton Antivirus) Trustport VirusBuster Webroot

0

100.00%

61

98.81%

0

100.00%

730

93.83%

0

100.00%

79

98.46%

0

100.00%

376

96.82%

1

99.9999%

94

98.17%

1

99.999%

590

95.01%

0

100.00%

1011

80.34%

2382

56.61%

10549

10.81%

0

100.00%

937

81.78%

2382

56.61%

9375

20.74%

2 0

99.72% 100.00%

25 36

99.51% 99.30%

2004 0

65.03% 100.00%

257 601

97.83% 94.92%

0 1 1 110

100.00% 99.99% 99.9999% 99.99%

49 64 56 285

99.05% 98.76% 98.91% 94.46%

1 0 1 338

99.999% 100.00% 99.999% 81.83%

788 764 348 2944

93.34% 93.54% 97.06% 75.11%

0

100.00%

27

99.47%

0

100.00%

271

97.71%

0

100.00%

27

99.47%

0

100.00%

260

97.80%

0 0 0 0 0 0 0

100.00% 100.00% 100.00% 100.00% 100.00% 100.00% 100.00%

140 112 23 351 620 31 23

97.28% 97.82% 99.55% 93.17% 87.94% 99.40% 99.55%

191 191 42 42 1130 0 0

89.11% 89.11% 99.79% 96.49% 70.02% 100.00% 100.00%

1421 1310 409 5274 8376 397 392

87.99% 88.92% 96.54% 55.41% 29.18% 96.64% 96.69%

0

100.00%

427

91.70%

191

89.11%

1384

88.30%

0

100.00%

140

97.28%

191

89.11%

1421

87.99%

-

-

-

-

-

-

-

-

0

100.00%

26

99.49%

0

100.00%

309

97.39%

0

100.00%

17

99.67%

0

100.00%

209

98.23%

0 0 0

100.00% 100.00% 100.00%

6 113 58

99.88% 97.80% 98.87%

16 191 0

100.00% 89.11% 100.00%

34 1319 539

99.71% 88.85% 95.44%


System resource usage statistics:

Reactive and Proactive (RAP) detection scores:Reactive Proactive Overall average

RAP detection scores Agnitum Outpost Security Suite Pro AhnLab V3 Internet Security Alwil Avast! free antivirus

Week 3

Week 2

Week 1

Reactive average

Week +1

Missed

87.61%

75.41%

70.84%

77.95%

47.75%

70.40%

68.25%

50.57%

36.40%

51.74%

21.65%

44.22%

96.55%

94.69%

89.78%

93.67%

52.72%

83.44%


Arcabit ArcaVir 2010 Authentium Command Anti-Malware Avanquest Double AntiSpy Professional AVG Internet Security Network Edition Avira AntiVir Personal Avira AntiVir Professional BitDefender Antivirus 2010 Bkis Bkav Gateway Scan Bkis Bkav Home Edition Bullguard Antivirus CA Internet Security Suite Plus CA Threat Manager Central Command Vexira Antivirus Professional Check Point Zone Alarm Suite Defenx Security Suite 2010 Digital Defender Antivirus eEye Digital Security Blink Professional Emsisoft asquared AntiMalware EScan Internet Security for Windows

67.58%

57.78%

57.51%

60.96%

23.43%

51.58%

81.41%

75.54%

57.85%

71.60%

51.55%

66.59%

93.63%

91.68%

78.21%

87.84%

42.19%

76.43%

93.55%

91.35%

81.26%

88.72%

49.28%

78.86%

92.28% 92.28%

96.19% 96.19%

90.32% 90.32%

92.93% 92.93%

61.59% 61.59%

85.10% 85.10%

89.03%

70.53%

63.31%

74.29%

51.85%

68.68%

47.93%

43.70%

32.05%

41.23%

21.96%

36.41%

47.93% 94.55%

43.70% 86.08%

32.05% 82.11%

41.23% 87.58%

21.96% 63.16%

36.41% 81.47%

67.23%

59.42%

64.28%

63.65%

53.20%

61.04%

68.69%

60.56%

65.78%

65.01%

55.35%

62.59%

88.47%

77.32%

71.10%

78.96%

48.28%

71.29%

94.45%

95.52%

92.35%

94.11%

78.15%

90.12%

88.26%

77.26%

71.14%

78.89%

48.34%

71.25%

87.42%

76.03%

69.06%

77.50%

47.64%

70.04%

66.47%

57.84%

50.75%

58.35%

45.70%

55.19%

99.13%

99.42%

97.62%

98.72%

71.30%

91.87%

94.42%

85.75%

80.46%

86.88%

62.60%

80.81%


ESET NOD32 Antivirus Filseclab Twister AntiTrojan Virus Fortinet FortiClient Frisk F-PROT F-Secure Client Security F-Secure PSB Workstation Security G DATA Antivirus 2010 Ikarus virus. Utilities iolo System Mechanic Professional K7 Total Security Kaspersky Anti-Virus 2010 Kaspersky Anti-Virus 6 for Windows Workstations Kingsoft Internet Security 2010 Advanced Edition Kingsoft Internet Security 2010 Standard Edition Kingsoft Internet Security 2010 Swinstar Edition Lavasoft AdAware Professional Internet Security McAfee Total Protection McAfee Virus Scan Enterprise

94.08%

94.11%

89.18%

92.46%

78.04%

88.85%

82.74%

76.74%

67.69%

75.72%

67.66%

73.71%

72.87% 79.34%

69.75% 72.52%

64.54% 56.15%

69.05% 69.34%

23.15% 49.92%

57.58% 64.48%

91.22%

83.97%

66.53%

80.57%

55.26%

74.24%

91.22%

83.97%

66.53%

80.57%

55.26%

74.24%

99.09%

98.86%

91.14%

96.37%

65.25%

88.59%

98.93%

99.29%

94.64%

97.62%

68.42%

90.32%

79.28%

72.47%

56.15%

69.30%

49.95%

64.46%

90.85%

85.44%

58.94%

78.41%

50.14%

71.34%

93.55%

96.03%

93.23%

94.27%

77.36%

90.04%

93.24%

95.79%

92.38%

93.80%

76.47%

89.47%

32.16%

24.31%

21.93%

26.13%

17.61%

24.00%

37.64%

36.53%

26.45%

33.54%

21.88%

30.63%

42.62%

38.34%

28.81%

36.59%

22.34%

33.03%

96.96%

96.35%

82.57%

91.96%

62.12%

84.50%

94.64%

92.87%

84.84%

90.78%

66.01%

84.59%

90.83%

89.17%

82.72%

87.57%

63.61%

81.58%


Microsoft Security Essentials Nifty Corp. Security 24 Norman Security Suite PC Tools Internet Security 2010 PC Tools Spyware Doctor Preventon Antivirus Proland Protector Plus Professional Qihoo 360 Security Quick Heal Antivirus 2010 Rising Internet Security 2010 SGA Corp. SGA-VC Sophos Endpoint Security and Control SPAM fighter VIRUS fighter Plus SPAM fighter VIRUS fighter Pro Sunbelt VIPRE Antivirus Premium Symantec Endpoint Protection Symantec Norton Antivirus Trustport Antivirus 2010 VirusBuster Professional Webroot Antivirus with

91.14%

93.06%

74.15%

86.12%

55.52%

78.47%

93.45% 66.36%

94.31% 57.81%

85.59% 50.30%

91.12% 58.16%

62.36% 45.75%

83.93% 55.06%

93.21%

92.55%

76.19%

87.32%

34.49%

74.11%

93.22%

92.58%

76.20%

87.34%

34.53%

74.13%

87.42%

76.03%

69.06%

77.50%

47.64%

70.04%

87.71%

76.26%

70.82%

78.26%

48.13%

70.73%

93.88%

84.32%

73.68%

83.96%

56.51%

77.10%

78.68%

69.61%

63.17%

70.49%

44.58%

64.01%

59.40%

42.67%

34.77%

45.62%

25.07%

40.48%

94.36%

85.88%

79.65%

86.63%

62.08%

80.49%

95.90%

93.43%

90.74%

93.36%

75.43%

88.88%

87.43%

76.03%

69.06%

77.51%

47.59%

70.03%

87.25%

75.84%

68.98%

77.36%

47.61%

69.92%

96.97%

96.45%

83.53%

92.31%

66.10%

85.76%

91.37%

90.35%

65.00%

82.24%

31.15%

69.47%

91.77%

90.76%

66.49%

83.00%

33.24%

70.56%

98.67%

96.09%

96.74%

97.17%

79.66%

92.79%

88.47% 96.48%

77.32% 94.12%

71.10% 89.90%

78.96% 93.50%

48.28% 74.40%

71.29% 88.72%


Spy Sweeper

On-demand throughput (MB/s):Binaries and system filesDefault (cold)8.81 25.39 40.49 14.86 12.33 4.12 11.74 33.55

On demand throughput (MB/s) Agnitum AhnLab Alwil Arcabit Authentium Avanquest AVG Avira (Personal) Avira Professional BitDefender Bkis (Gateway Scan) Bkis (Home Edition) Bullguard CA (ISS) CA (Threat Manager) Central Command Check Point Defenx Digital Defender eEye Digital Security Emsisoft EScan ESET Filseclab Fortinet Frisk F-Secure (Client Security) F-Secure (PSB Workstation) G DATA Ikarus

Archive filesDefault (cold)2.29 11.13 213.25 7.02 5.56 0.61 0.68 4.34

Media and documentsDefault (cold)12.81 10.38 29.03 24.14 18.80 1.09 6.82 19.43

Other file typesAll files12.81 10.38 29.78 24.14 18.80 1.09 6.71 19.43

Default (warm)18.00 11.18 277.23 6.98 5.61 0.61 0.68 4.27

All files2.29 11.13 7.57 7.02 5.56 0.61 0.47 4.34

Default (warm)391.41 25.95 49.44 14.68 12.26 4.60 11.71 33.55

All files8.81 25.39 37.58 14.86 12.33 4.12 2.32 33.55

Default (warm)76.44 10.47 30.99 26.36 19.60 1.53 6.61 18.20

Default (cold)128.99 9.64 43.00 14.95 11.73 2.15 4.98 9.64

Default (warm)343.96 9.38 43.00 15.40 12.14 1.56 4.61 15.40

All files128.99 9.64 24.00 14.95 11.73 2.15 4.65 9.64

4.09

4.20

4.09

39.80

38.50

39.80

20.66

18.80

20.66

19.84

15.88

19.84

24.98

26.66

24.98

16.37

17.14

16.37

5.45

5.59

5.45

3.45

3.79

3.45

99.01

77.01

N/A

3.34

3.34

3.34

4.99

4.90

4.99

4.30

4.06

4.30

99.01 4.10 2.80 1.27 1

99.01 4.09 2.81 386.14

1.05 4.10 2.80 1.27

3.17 26.39 31.31 23.60

3.17 28.90 29.54 117.42

3.03 26.39 31.31 23.60

4.99 11.08 25.48 10.97

4.93 10.42 25.20 55.93

4.25 11.08 25.48 55.93

4.30 8.82 21.50 9.21

4.11 9.38 20.64 33.29

2.90 8.82 21.50 9.21

7.81 1.94 1.12 3.24

7.90 1.95 14.99 3.24

2.39 1.94 1.12 0.66

20.69 16.37 15.01 10.48

20.78 16.25 391.41 10.63

20.51 16.25 15.01 2.50

17.50 6.10 6.23 13.03

16.50 6.27 22.48 12.26

12.40 6.10 6.23 2.91

13.76 6.18 4.76 12.43

12.90 6.45 51.59 10.32

10.53 6.18 4.76 2.81

1.49 5.48 126.01 3.62 1.24 3.90 7.30

1.50 5.58 126.01 3.62 1.23 4.52 7.33

1.49 N/A N/A 3.62 1.22 3.90 7.30

1.80 6.33 3.46 12.90 19.99 7.26 11.10

1.77 6.62 3.46 12.83 19.25 8.37 11.32

1.80 6.33 N/A 12.90 19.17 7.26 11.10

0.80 7.85 0.84 13.33 5.73 19.94 26.66

0.80 8.75 0.84 13.98 5.54 21.63 31.41

0.80 7.85 N/A 13.33 5.49 19.94 26.66

0.59 6.66 0.62 12.58 5.32 9.38 18.76

0.58 7.82 0.62 12.74 4.80 10.02 19.47

0.58 6.66 N/A 12.58 5.32 9.38 18.76

6.68

2772.27

6.68

16.77

1565.63

60.22

10.28

114.66

29.40

49.14

343.96

27.15

6.66

2772.27

6.66

361.30

2348.44

64.34

13.49

327.59

36.40

93.81

343.96

28.66

2.52 23.69

2772.27 23.69

2.52 N/A

18.06 11.32

1174.22 11.32

18.06 11.32

10.42 13.18

229.31 12.13

10.42 13.18

8.97 14.95

343.96 10.86

8.97 14.95


iolo K7 Kaspersky (Anti-Virus 2010) Kaspersky (Anti-Virus 6) Kingsoft (Advanced) Kingsoft (Standard) Kingsoft (Swinstar) Lavasoft McAfee Total Protection McAfee Virus Scan Microsoft Nifty Corp. Norman PC Tools (Internet Security) PC Tools (Spyware Doctor) Preventon Proland Qihoo Quick Heal Rising SGA Corp. Sophos SPAM fighter (VIRUS fighter Plus) SPAM fighter (VIRUS fighter Pro) Sunbelt Symantec (Endpoint Protection) Symantec (Norton Antivirus) Trustport VirusBuster Webroot

6.58 7.24

6.60 7.30

N/A 7.24

11.32 9.66

11.24 9.74

N/A 9.66

14.89 29.

Documents

Quickheal Report Final