Quickheal Report Final

A REPORT

ON

OVERVIEW OF THE

ANTIVIRUS INDUSTRY IN INDIA

QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

2010

Compiled & submitted by:

DEVASISH SAIKIA

MBA-IB, 2009-11

SIIB, PUNE.

� � � � � �: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

A REPORT ON:

OVERVIEW

OF

THE ANTIVIRUS INDUSTRY IN INDIA

A report submitted in partial fulfillment of the requirements of

MBA Program of SIIB, Pune.

COMPILED AND SUBMITTED BY:

Devasish Saikia

MBA-IB (2009-11)

SUBMITTED TO:

Mr. Pranav Pawar

Assistant Manager (Marketing)

QuickHeal Antivirus Technologies Pvt. Ltd.

DATE OF SUBMISSION:

12/08/2010



ACKNOWLEDGMENT

I hereby admit that my summer internship project with QuickHeal Antivirus Technologies Pvt.

Ltd. has been one of the most rewarding experiences that I have come across till date. I am sure

that the learning that I have had from the on-site field work and interviews and interactions with

the dealers and end-users of antivirus softwares during the course of my summer project would

definitely add value to my future endeavors.

I would like to thank my Project guide from QuickHeal Antivirus Technologies, Mr. Pranav

Pawar, Assistant Manager (Marketing) for being a constant source of guidance and support, for

clearing all my doubts and showing me the direction of approach for the project. Without his

support, the successful completion of this project would not have been possible.

I would also like to thank all the dealers and industry experts who have helped me with valuable

information regarding the antivirus industry in India, especially the Ahmedabad region.

Working with QuickHeal Antivirus Technologies Pvt Ltd. has indeed been a memorable

experience.

Thank You,

Devasish Saikia

(Summer Trainee, SIIB)

QuickHeal Antivirus Technologies Pvt. Ltd., Pune


CHAPTER 1

INTRODUCTION

In today’s connected world, anti-virus software is more than ever a necessity to protect your

computer against viruses, worms and other types of malicious code. It is by far the easiest way to

give your computer a minimal level of protection. Yet, the process of choosing which anti-virus

software is best suited for your protection is not so easy. That task is made challenging by

numerous misconceptions that surround the anti-virus world and some of the questionable claims

made by some vendors. If you surf anti-virus vendors’ web sites, for example, you will soon find

out that many of them are the best, that many have the biggest market share or that many are the

only vendors with a 365x24 support. The marketing war raging among those vendors and

sometimes the lack of knowledge of their own competitors makes it rather difficult for the end-

user to make a knowledgeable choice.

Whether you are a home user or an IT professional in charge of security in a large corporation, it

is easy to be mislead by information provided by the different vendors and sometimes, even by

the press. Therefore it is important that you understand how antivirus software work and what

the important criteria are, when choosing of such a solution. It is also important that you know

how and where to find relevant information when making your decision.

1.1 Understanding how anti-virus software work

The first step to choosing anti-virus software is to understand how they work. That will

give you a better idea of the features they offer and make your way through the technical

terminology used by anti-virus vendors and experts.

Understanding what your anti-virus software can and cannot do will help you have the

right expectations and will help you tell the difference between serious anti-virus

software and the others.

1.2 How does an anti-virus detect viruses?

There are several technologies used to detect viruses. Viruses and malicious code in

general, are nothing more than code. So, if the antivirus companies know what the code

of a virus looks like, they will be able to identify the virus when they see it. That is the

first technology used by anti-virus software. It is called signature matching. The anti-

virus product contains a database of virus signatures and will detect a virus any time

it sees code that matches an entry in the database. That is probably the most efficient

way to detect viruses. The drawback to that technology is that they need to have seen


the virus before and have written a signature for it to be able to detect it. That

requires the user to keep the virus signature database as up to date as possible.

To work around that weakness, anti-virus software can use two other technologies:

Heuristic and Integrity Checksum. The philosophy behind Heuristic technology is to be

able to detect viruses or malicious code for which a signature does not exists yet. That

result is achieved by using a database of virus behavior signatures. If the Heuristic

technology analyzes the code for any routine or subroutine matching a virus behavior

signature, we will call it static heuristic. If the heuristic technology lets the code run into

a virtual machine to analyze the behavior, we will call it dynamic Heuristic. The issue

with Heuristic technologies is that they can trigger false positive, where a clean file is

reported as being infected.

The integrity checksums are based on the assumption that a virus needs to make a

modification to a system in order to infect it. The simplest example is that a virus needs

to modify a file by overwriting or adding its code to the file, so that, when the file is run,

so is the viral code. The integrity checksum method consists of taking a checksum of

clean files or disks. Any change to the checksum indicates that the files or disks have

been modified by what could be a virus. Not only can that method generate false

positives, it is also inefficient against macro viruses or virus like Code Red that can insert

itself into memory and run without being saved to a file.

If the malicious code goes through all the scanners, there is a last line of defense offered

by some anti-virus products: the activity blocker. It will block all activities that could be

caused by a malicious code. The activity blocker will alert you, for example, if a process

is trying to format your hard drive or write to the boot record of your hard drive.

1.3 When does the AV detect a virus?

Usually, anti-virus software has two ways of operating. First, a real-time or on-access

scanner, which is memory resident (or service or daemon), monitors the system activity

at all times for the presence of viruses. A hook to the operating system alerts the real-time

scanner when a file is accessed, allowing the scanner to check the file. It has the

advantage of offering constant protection but it will only check files when they are

accessed. If an infected file resides on the disk and is not accessed, the real-time scanner

will not detect it. Then, an on-demand scanner can be started by the user at any given

time to check a file, folder or the content of the entire hard drive for viruses. The

ondemand scanner can check every single file, but it only offers a good assessment of

your system at a single point in time. On demand scan can be scheduled to check all the

files for viruses on a regular basis.

1.4 What anti-virus software can and cannot do?


• 100% protection

No anti-virus software in the world will provide you 100% protection, no

matter what they claim. Viruses and malicious code are often ahead of

anti-virus researchers. Melissa, FunLove, CodeRed, Nimda and many

other viruses have proven that fact. That is because of the way anti-virus

software work. Remember they need to have the virus signature to be able

to detect it. And most of the time, for new types of viruses, the heuristic

technology does not quite work. That is also the reason why it is vital to be

up to date on the virus definition database. However anti-virus software

will provide a solid protection against all the existing viruses (about 60,

000 to date) and will provide you with a quick fix when a new one comes

in.

• Repair viruses

If a virus is detected will my anti-virus software be able to repair it? Well,

it depends. It depends on the virus that has caused the infection. Some

viruses, especially macro viruses are easy to clean, because they don’t

damage the host file. It is easy for the anti-virus software to remove only

the malicious code and repair the file. Some other viruses overwrite the

content of the host file to replace it with its own code. That is the case of

the Love Letter virus. In such a case, the infected files cannot be repaired.

The only option is to delete the files and restore them from a backup. Last

but not least, some other malicious code, like Nimda, not only infects files,

they also make modification to your system. They replace system files,

and/or make registry changes. To get rid of viruses of that kind, the anti-

virus is not sufficient. You need removal tools, available on most vendors’

web sites, to undo what the virus has done and clean up your system.


CHAPTER 2

THE ANTIVIRUS INDUSTRY

(WORLDWIDE)

2.1 Synopsis:

When we look back on the years 2000-2010 from the perspective of the anti-virus

industry four technology trends were responsible for substantial changes in the

computing environment, which formed a backdrop for the virus problem. They are:

• Pervasive computing devices are now the dominant way that people interact

with the digital world, far outnumbering traditional PCs, and the shift in

architecture was responsible for both new problems and new protections.

• The decline of Moore's Law resulted in dramatically falling chip prices, resulting

both in their commoditization and much more widespread use throughout the

world.

• Broadband access to the Internet from most of the developed world put much of

the Earth's population online all the time.

• The rise of e-commerce has affected every sector of the economy; the digital

economy now rivals its material counterpart.

We review the most significant viral disasters in the past ten years, showing how they

could have been predicted from these technology trends, and usually avoided. To the

contrary, we show how the anti-virus industry actually responded, often after the fact.

While anti-virus technology has evolved significantly since the year 2000, with several

technological marvels to its credit, perhaps the most surprising change is that few end

users are even aware that it exists any more.

A small study about the antivirus industry in the last three decade reveals a series of

related and systematic information, which has been discussed below:

• In 1990, virus incidents were called urban myths, “like rumors of alligators in the

sewers of New York”.

• In 2000, it was so clear that viruses were real, and presented such an immediate

problem, that businesses would close their network connections when they heard

rumors of viruses.


• In 2010, the problem may be under control, at least for the time being.

• In 1990, there were around 50 viruses.

In 2000 there were around 50,000.

In 2010 there are nearly 500,000.

• In 1990, virus defenses consisted of scanning tools that were often unreliable and

hard to use. Anti-virus companies typically took a month or more to react to a

new virus, which was fine because it took the viruses even longer to spread

around the world.

• In 2000, virus defenses had matured to suites of products on multiple platforms

that were deployed around the world. Customers had simple Internet connections

to anti-virus vendors to submit suspicious objects and receive virus definition

updates. Anti-virus companies typically reacted to a new virus in days –

sometimes less if it appeared to be a major customer problem.

• In 2010, virus defense consists of global distributed systems, with components in

nearly every endpoint device and Internet way station in the world. Anti-virus

companies typically react to a new virus in minutes, and it’s a good thing too, as

that’s how fast viruses spread around the world.

In the last decade, there have been a few dramatic virus incidents that, in some way,

affected millions of people. There have been spectacular hoaxes, after which everyone

blamed everyone else for not figuring them out earlier. Viruses moved to new parts of the

computing ecology, almost always festering in these new niches before anti-virus

technology was available to cope with them. Somehow, the world muddled through it all.

In short the last decade was, for the virus problem and the anti-virus industry, much like

the previous one. The anti-virus industry had a tough job in keeping up with the changing

virus problem and the many new niches for viral mischief. In general, they did a great

job. We can breathe the same sigh of relief that we did in 2000 when the Y2K bug did not

destroy the world: through all the virus problems, the vast majority were handled quickly

and efficiently and we are, after all, still here. In the process, the anti-virus industry

created several technological marvels, pioneering vendor-maintained endpoint software

and creating global automated defenses. Anti-virus technology has become like air:

ubiquitous, vital for our survival, and almost completely invisible. Nevertheless, some

people say that the anti-virus industry is still more reactive than proactive, waiting for

problems to occur in a new viral niche before creating a solution for them. They say that

the self-mailing viral epidemics of a decade ago went on far too long before there was an

effective solution, that the Tea Party Virus could have been done years before but the


industry still wasn’t ready for it, that the virus that sank Lixxuid could have been

prevented. Perhaps they’re right. To be fair, it is difficult to anticipate exactly which

niche will become populated with viruses, and users do not often change their behavior in

the absence of a clear and present danger. Still, the stakes are increasing, and it is

becoming more and more problematic to be behind in protecting new areas of the

computing environment.

2.2 The Antivirus companies worldwide:

The major players worldwide in the Antivirus industry in today’s date have been listed

below:

• Agnitum

• AhnLab

• Alwil

• Arcabit

• Authentium

• Avanquest

• AVG

• Avast

• Avira

• BitDefender

• Bkis

• Bullguard

• CA (ISS) & (Threat Manager)

• Central Command

• Check Point

• Defenx

• Digital Defender

• eEye Digital Security

• Emsisoft

• EScan

• ESET

• Filseclab

• Fortinet

• Frisk

• F-Secure

• G DATA

• Ikarus

• Iolo

• K7

• Kaspersky

• Kingsoft

• Lavasoft

• McAfee

• Microsoft

• Nifty Corp.

• Norman

• PC Tools (Internet Security)

• PC Tools (Spyware Doctor)

• Preventon

• Proland

• Qihoo

• Quick Heal

• Rising

• SGA Corp.

• Sophos

• SPAM fighter

• Sunbelt

• Symantec

• Trustport

• VirusBuster

• Webroot


2.3 The last decade – an insight

• 2000: The New Millennium

In many ways, the beginning of the New Millennium was surprisingly boring. The

“Y2K Virus”, as it was called all too often, did not cause widespread havoc. Nor

did it fry all of the computers in the world, bankrupt entire countries or lead to the

end of the world. As the wave of midnight spread over the South Pacific and then

on to the rest of the world, the biggest surprise was that almost nothing happened.

The news media, which had spent the previous year focusing on worst-case

scenarios, worked hard to find anything at all, in any country whatsoever that

happened as a result of the Y2K problem. Sure, there were a few minor problems,

but fewer than happened on any normal day due to normal computer problems.

There were, of course, computer virus problems that year, and a couple of them

were quite significant at the time. They largely centered on the fact that the most

popular applications – the mail and document applications from Microsoft Corp. –

were themselves programmable, and were the medium in which viruses spread. It

was the first year in which a self-mailing virus really hit big, becoming the most

rapidly spreading, most widespread virus up to then. And even so, it took 24

hours to spread all around the world (since it still required people to arrive at

work, open their mail and look at what was called an “attachment”). I doubt that

more than a few techies even remember the name of that virus.

What is remembered is that anti-virus companies still weren’t prepared to handle

it. It still took them many hours to make a solution to the new virus widely

available and get it right when the virus itself sprinted around the world with the

speed of the rising sun. And this was after several self-mailing viruses the

previous year made it more than apparent that the problem had reached a critical

point.

There were two other important events that year, though many people

realized how important they were at a much later time. The first thing that

happened was that several anti-virus companies teamed up with mail and other

providers to integrate antivirus products into some of the infrastructure of the

Internet. Some people at the time viewed this as a great marketing move,

capitalizing as it did on the publicity that self mailing viruses had gotten, but

perhaps conferring only a small increment in real virus protection. Those who

have followed this technology realize how wrong they were now.


The second thing that happened is that some very basic immune system

technology was deployed for the first time. A team developed it at IBM Research,

in a joint effort with Symantec Corp. They were pretty proud of it at the time.

It really did find new viruses, analyze them, and distribute cures for them, and

it did it fairly quickly compared to what other companies could do then. Still,

looking back on it, it seems rather primitive. And there were a lot of

skeptics who thought it wouldn’t work as well as what they were already doing,

or wouldn’t work at all.

• 2001: The Zuzu Virus

The Zuzu Virus was a heinous and costly event, of course, but in retrospect it

was probably inevitable. It started on March 22, 2001 with a trickle, and then a

flood of panicky messages posted on various Internet newsgroups from what

appeared to be hundreds of companies around the world. They said that some

new, terrible virus had hit their company, that it was wreaking havoc, and that

they were unable to cope with it.

At the same time, anti-virus companies got copies of a very large, very complex

virus that contained the string “What is Zuzu?” Given the obvious urgency of the

situation, anti-virus gurus started analyzing it right away. It was easy to see that

the virus had all sorts of code related to mail, network-based spread, password

cracking, etc. But its size and complexity meant that no one would understand

what it did for quite a while.

The news media picked up the story. Managers of anti-virus groups were

interviewed, saying that this was the most complex virus ever seen and it could be

capable of just about anything. Security experts were interviewed, saying that this

was just the kind of thing they had feared for years. Could this be the killer virus,

the media asked, and the virus that really does bring down the Internet? Maybe,

they all agreed, maybe it is.

Security teams at hundreds, perhaps thousands of companies, responded quickly.

Not wanting to get hit themselves, they did what they had done in previous

epidemics – they shut down their mail systems, since this was the primary way

that epidemics spread at the time. But, because it was not understood how the

virus was propagating or what affects it had, they did more – they shut down their

Internet connections altogether and disabled their internal networks as well. They

were prepared to wait out the epidemic. Then things started getting odd. News

reporters, eager to do follow-up stories on the initial warnings, sought interviews


with officials from severely affected companies. They found a lot of companies

that had shut down their networks, and these made very effective stories. They

found a few small companies that claimed their computers had crashed because of

the virus. But, and this was the odd part, they found very few companies that

would say they had been hit. And none of them could actually produce a copy of

the virus.

It is a measure of the naiveté of the time that it was not until the next day that the

underlying story emerged. It turned out that the newsgroup postings were almost

all forged. There was a Zuzu Virus – the one that anti-virus companies had – but

it was not spreading wildly around the world. In fact, it was not spreading at all.

In fact, it had never spread anywhere.

The whole thing was a publicity stunt gone horribly wrong. A public relations

firm named MacIntyer Knox Oldsen & Urquhart had the clever idea of generating

buzz for their customer Zuzu Industries, an Internet security start-up, by attaching

its name to a virus scare. Unfortunately for everyone, this worked far too well.

Damages to businesses from cutting off their network access were estimated at

over a billion dollars.

The resulting liability suits sank Zuzu Industries almost immediately. It was

followed into bankruptcy soon thereafter by the ill-considered MacIntyer Knox

Oldsen & Urquhart. The news media concluded that the anti-virus industry had

blown the problem out of all proportion.

There was a trendy term in use around that time: “viral marketing”. Experts

don’t think this is what it meant, but it certainly fell out of use very quickly after

the Zuzu incident.

• 2002: A Little Tea Party

It was the early evening of April 15, the day on which income taxes must be

reported to the U.S. government. The Internal Revenue Service (the “IRS”),

which collects federal taxes in the U.S., had made a big and rather successful

push to get people to file their taxes electronically. So, millions upon millions of

people were typing on their PCs, finishing their electronic tax forms, and

submitting them over the Internet. At the same time, a new virus had been

released and was spreading rapidly via mail. It came as an “attachment” to mail

with the subject line “IRS announces 10% tax break for electronic filing”. It first

appeared on the east coast of the U.S., and was subsequently thought to have


originated in Reston, Virginia. With a subject line like that, and on the very day

when taxes were due, perhaps it is not surprising that it spread like wildfire

across the U.S., infecting a large but still unknown number of home computers.

The Tea Party Virus, as it became known, did three things. Like any self-mailing

virus of the time, it sent itself to everyone in the victim’s address book. That

was typically a few dozen to a few hundred people. Then it looked for files from

a few common tax return programs and, if it found them, changed them so that

more money was owed to the Government. The amount was not so large as to

be obvious, but was large enough to be particularly annoying to the people said

to owe it. The third thing the virus did was to delete itself, and all evidence of

itself except for the changes to the tax files themselves. This turned out to be the

most important characteristic of the virus.

Of course, anti-virus companies got samples of this virus within minutes of its

first appearance. But it was highly polymorphic, using techniques that had been

widely discussed in anti-virus circles but not incorporated into automated

defenses at that time. So, it sat in queues at various companies until human virus

analysts got around to looking at it. By then, it was much too late. The Tea Party

Virus had infected thousands, perhaps millions, of home computers, and

corrupted as many tax returns – returns that had already been submitted to the

IRS. By the next morning, news of the virus was all over the media. It was the

major story of the week. The IRS, seeking to calm worried taxpayers, announced

that they had put their best people on it, that they were working closely with anti-

virus companies, and that the situation was well in hand. As you might recall, it

wasn’t. There was no way of telling which tax returns had been corrupted. Indeed,

if anti-virus software hadn’t caught the virus with heuristic detection in the first

place and the virus had actually activated and had a chance to cover its tracks,

there was no way of knowing if the virus had ever been on a user’s system. And

that was the trick. The IRS didn’t know which returns had been corrupted. The

users didn’t know if the virus had been on their system. There was no way to tell

who owed what the government claimed, and who owed less. Not unless everyone

went through their records in great detail and did their tax calculations again.

After weeks of agonizing denials that they had an intractable problem, the IRS

finally conceded that they could not determine which tax returns were correct and

which were corrupted. Their only recourse was to ask all taxpayers who had

submitted electronic forms (and there were a lot of them!) to file their tax returns

again – on paper. It was the right thing to do, but it caused serious delays in

settling how much money taxpayers owed, and delayed many tax refunds by

months. The resulting public outcry prompted the U.S. Congress to pass

legislation requiring all federal agencies to install and run anti-virus software on

all of their systems, and to filter incoming and outgoing traffic for viruses. They


also banned electronic filing of tax returns, which is why, to this day; we still

submit them on paper every year. Now the clever among you will have noticed

that none of the things the Congress did would have actually prevented the Tea

Party Virus, or in fact diminished it in any way. But the Congress felt they had to

do something. Later that same week in April, a man named Martin Fennig was

arrested and charged with writing the Tea Party virus. He was subsequently

convicted in what appeared to be a fairly straightforward case. The conviction

was overturned on appeal for procedural errors by the investigators and Fennig

was freed. While there are various theories about who might have written the Tea

Party Virus, no one else was ever charged.

• 2003: Pervasive Pervasiveness

In 2003, another seminal event occurred though, again, few people realized how

seminal it would be for the anti-virus industry. For the first time since the early

1980’s, the PC was no longer the most prevalent computing platform in the

world. It had been overtaken, as widely predicted, by what were then called

“pervasive computing devices.” These were Personal Digital Assistants, Web-

Phones, and most devices running the low-end operating systems from The

Windows Company. These devices were aimed at people who used them as

special-purpose artifacts – designed to do a few tasks and nothing else. These

people were not interested in general-purpose computing, and were certainly not

interested in becoming system administrators for a half-dozen such devices. So

the manufacturers did the obvious thing. They relieved their customers of the

responsibility of system administration by doing it for them. Almost all of these

devices had subscription features that allowed the manufacturer to update the

device automatically with bug fixes and feature enhancements. As you know, this

strategy was very successful. Anti-virus companies were working on protection

for these devices, but these were not usually high-priority projects. Sure, viruses

had been written for virtually all of the environments used by these devices, but

no viruses were actually spreading in any significant way. Anti-virus efforts were

not, therefore, fabulously aggressive. There was basic technology to scan some

objects, or to prototype a simple heuristic or two but, with few exceptions, there

was not a concerted effort to protect these platforms against future threats.

• 2004: With Sugar, Please

In July of 2004, the Java 4 standard was announced. It included a new security

model called “Sugar”. The Java Group had focused on security since Java began.

In this release, they focused on enterprise-wide, and even global, administration


of security. Behavior Control Lists (BCLs), which were introduced in Java

3, were greatly extended so that developers and administrators could enforce

very fine-grained restrictions on the operation of a Java applet or application.

Developers could specify the behaviors that needed to be allowed for the program

to run. Administrators could specify policies for what behaviors were

allowed globally, for each software developer, or for each program. Having

extended BCLs, the Java Group also put into place a clever hierarchical

management scheme for it. An enterprise could establish and enforce a global

BCL policy, and each division within the enterprise could add its own local

BCLs. BCLs and their management structure were set up to be dynamic. They

could be modified or updated relatively quickly. A change in the global BCL

policy could be reflected across an enterprise in an hour or so. Anti-virus

companies viewed this as an opportunity to expand their existing services of

examining programs and declaring them to be either viruses or Trojan horses.

They offered services in which they would certify that the BCLs associated with

a given app were correct, that is, both needed by the program and not generally

dangerous if used. Subscribers to the service could get updates to the BCL

certifications and deploy them very quickly to every Java installation they had.

The anti-virus companies offered to certify programs developed by others,

initially for a fee and then, when that proved unpopular with the development

community, for free. Curiously, this was not a commercial success. It seems that

developers felt they could do this better themselves, and companies did not want

to rely on anti-virus vendors to certify the software they used. Ominously, the

Sugar architecture was not adopted by The Windows Company, which continued

to pursue its strategy of promoting a competing active content language that did

not have similar security architecture.

• 2005: The Digital Economy

As quickly as the Web had become a major social force during the 1990s, this last

decade saw the dramatic rise of the global digital economy. First seeking broader

markets for their services and more competition among their suppliers, companies

started finding, contracting with, and doing business with other companies over

the Net. It was clear that these first few sparks would burst into a bonfire as soon

as the number of these businesses reached critical mass. It was clear that it would

transform the global economy. What surprised everyone, as they had been

surprised by the Web a decade earlier, was how quickly it happened. By 2005,

there was no longer any doubt that the world was in the midst of an economic

revolution that would be bigger than the Industrial Revolution. Company after


company rushed to solidify their presence in the digital economy, eventually

automating much of their routine business processes and supplier relationships.

Opportunities for new companies that facilitated business in this new world were

at an all-time high. This was the revolution that carried Lixxuid4 into global

prominence. What started as a small Australian-based Internet bank in late 2000

grew explosively to become the twenty-fifth largest bank in the world by 2005 –

an event unprecedented among financial institutions – by facilitating financial

transactions for businesses in this digital economy. Then, on August 9, 2005,

Lixxuid’s luck ran out. It was mid-morning in Melbourne, and usage of their

primary transaction gateways went through the roof. Almost simultaneously, their

phones filled with customers reporting that their transactions were not being

processed. It took over an hour for worried administrators to confirm what they

feared: they were under attack. At first, they thought it was hackers, since it

looked initially like a common kind of denial of service attack. But, each time

they thought they had a handle on the problem, it grew worse. By the end of the

first day, they were under attack by more computers than they could count. The

attackers turned out not to be hackers, but viruses, using a variant of the VDP

(Viral Distributed Ping) attack.5 The number of attackers kept increasing because

the number of infected systems kept increasing in those first few hours. You may

not remember, but anti-virus companies did pretty well during this incident. They

got copies of the virus right away, and had solutions for the virus available well

before the sun set in Melbourne. (Some companies had a solution much faster

than others, for reasons that modesty forbids me to mention.) What did not go

well was actually eliminating the virus. While almost everyone had the capability

of automatically updating their virus definitions and cleaning any new viruses off

of their systems, very few people had this feature turned on. Indeed, most

corporations still required manual approval to distribute definitions, either

because they had extensive in-house testing procedures or because they didn’t

want to be the first ones to distribute definitions that might cause internal

problems. That was probably a good and conservative choice for their own

companies. But it meant that the VDP-XX virus could gain an early and firm

foothold in hundreds of companies, and tens of thousands of households,

worldwide. And all of them were aimed at Lixxuid. Lixxuid issued a hasty press

release, suggesting that they would take legal action against companies and

individuals who did not take rapid measures to prevent their systems from

attacking their bank. The media picked this up and made it part of almost every

story they ran. This got the attention of lots of people, especially in the more

litigious countries, and lots of people and companies made sure they updated their

anti-virus software to eliminate the virus. The viral population peaked early in the

second day. Lixxuid system administrators worked around the clock, and had


achieved some reduction in the incoming flood of traffic, but not nearly enough to

control the attack. It took another day and a half before a combination of anti-

virus software, media warnings, and hastily-crafted network filters brought the

attacking traffic down enough that Lixxuid could once again process transactions,

and even then only slowly. But the damage had been done. Lixxuid’s doors had

been closed for just over three days, and the world does not appreciate a bank that

closes its doors. On the first day that Lixxuid reopened for business, they bled to

death from customers withdrawing their money and closing their accounts. It is,

by now, the most analyzed bank failure in history. Police and investigatory

agencies from around the world joined in the search for the perpetrator or

perpetrators of this crime. The search went on for many months. Whether it was

because those responsible were crafty or just very, very quiet, no one was ever

arrested. To this day, theories abound. In the following year, over 50 copycat

attacks were stopped before they started by antivirus protection that was already

in place, and several authors of the copycat viruses were arrested and ultimately

convicted. Whether any of these copycat authors was the author of the original

VDP-XX virus is not known.

• 2006: Moore’s Wall

2006 brought a worrisome realization. For decades, Moore’s Law was the

foundation on which progress in computing was built – the nearly unshakable

belief that advances in silicon technology would lead to chips whose performance

doubled every 18 months. A prescient article by an Intel engineer in 1999

suggested that, in the following decade, the chip industry faced a series of very

difficult obstacles. The oxide layer, which allows transistors to be switched on

and off, would become so thin – just a few atoms thick – that it would no longer

be an effective insulator for the switching current. Dopants, which create free

electrons for the switch’s current, would become so sparse that the transistors

themselves would be unreliable. Solutions to these problems, the article pointed

out, were not obvious. Still, people in the chip industry, and throughout the

computing industry, were unfazed. Moore’s Law would continue its inexorable

climb one way or another, they assured each other. It had always been thus, they

reasoned, and thus it would always be. Unfortunately, their optimism was not

borne out. New ways of building transistors on chips to avoid these problems

turned out to be difficult to manufacture. New chip architectures to deal with the

inherent unreliability of the transistors turned out to be more elusive than hoped.

For a few years, everyone watched the performance curve deviate ever so slightly

from Moore’s Law. That had happened before, they said, and it always gotten

back on track. They were sure that someone, somewhere, would find a solution to


these problems. But by 2006 the trend was clear. Chip performance was not

increasing as rapidly as predicted. Despite tremendous efforts, the problems had

not been solved. We now refer to this as “Moore’s Wall” – the wall into which

the chip industry ran, headlong, and with dramatic consequences. The optimists

are with us always. Now they tell us that new technologies are just around the

corner - 3D devices, Molecular computing, Quantum computing. They assure us

that we will soon return to those halcyon days, that Moore’s Law will rise again in

a new realm as it has before, that Moore’s Wall will be known to our children

only as Moore’s Lapse. And experts think they’re right. What is not clear is how

long it will take to perfect these new technologies, to make them manufacturable,

to make them reliable, to make them affordable. What is not clear is how long

Moore’s Lapse will be.

In 2006 Intel, then the world’s pre-eminent maker of microprocessor chips,

introduced the Intel Googlium microprocessor and, at the same time, announced

that Moore’s Law was at an end that decades of easy performance increases were

over, at least for the time being. The Intel Googlium was to represent the last

significant silicon-related performance enhancement of the decade.

• 2007: The Unwiring of India

Moore’s Wall had an interesting effect. As it became harder to compete on raw

chip performance, basic chips became cheaper. And this happened at the same

time as the world piled into the digital economy. Several progressive countries

made big bets on these two trends. India was probably in the forefront. The

“unwiring” of India, started in 2003, was declared complete in 2007. High

bandwidth wired access was available in all major urban areas along with

moderate bandwidth wireless access. This accelerated massive buying of now-

cheap network devices in India, contributing further to their dramatic worldwide

price decline. In the space of a few years, this snowball effect spread devices

throughout the developed world and much of the developing world. Today, the

people at this conference are constantly connected to the Internet through the half-

dozen devices that we carry or wear all the time. This was a big change. The

ubiquity of these new devices was not missed by the virus writers¨. Device viruses

became the dominant virus problem. Anti-virus companies scrambled to update

their device technologies to handle the plethora of new viral carriers, and hook

them into their automated defenses.


• 2008: Nothing Happens

In 2008, nothing happened. Well, nothing directly relevant to the anti-virus

industry, anyhow. I suppose that people in the U.S. would regard the election of

President Clinton as significant.

• 2009: A Solution Emerges

Each decade seems to have brought with it a standard architecture to address the

virus problem of the time, and this decade is no different. As in previous decades,

the solution addresses the new problems that have emerged: Internet-based

spread. Virtually all viruses today spread primarily via the Internet. Naturally,

there are viruses that spread by other means, and the anti-virus industry is always

issuing breathless press releases about some tricky new way a virus spreads. But

nothing even comes close to Internet spread in terms of pervasiveness and speed.

So, most of the virus incidents seen by real people are spread via the Internet.

Fortunately, the Internet is an important part of the solution. Ten years ago, the

idea of integrating anti-virus software with commercial mail services was new.

Now, no one in their right mind would subscribe to a mail service that did not

filter out viruses. (There are people who do, and while they seem to have a kind of

“herd immunity” because almost everyone else has filters, they do get more virus

infections than the rest of us.) As active content became a part of standard XML

business transactions between companies, and after viruses showed up there as

well, nearly every business-to-business transaction facility now includes

integrated virus filters. Similarly, device hubs quietly watch for viruses in

transmissions to and from the many devices we now carry with us or wear. At the

endpoints – the devices we all carry around – manufacturers nearly universally

integrate anti-virus software into these devices before we purchase them.

Administrative overhead. As the demands of anti-virus updates on system

administrators, and particularly end users, became more severe, the industry took

that burden upon itself. Just as other kinds of software are updated automatically

by the company that develops them – correcting bugs or adding features –

antivirus software is largely updated automatically. Anti-virus software was one

of the first kinds of software to need continuous updates, and anti-virus

companies were among the first to pioneer the subscription models that have

become common throughout the software industry. Coupled with network-based

virus filtering and nearly universal integration of anti-virus software into devices

before they are purchased, automated updates mean that most users are blissfully

unaware that they even have anti-virus software. It has become part of the

firmament of nature in cyberspace - Rapid epidemics. Back in the late 1980’s,


when personal computer viruses were just beginning, those viruses spread on

floppy diskettes, that is, on physical media that one person would hand to another

person. This was really slow! It took a typical virus months or even years to

become prevalent around the world, if it ever did. These days, viruses sweep

around the word in hours or minutes. The anti-virus industry has responded with

technology for rapid, network-based response to epidemics. The goal of this

technology is the same as for the early immune system in 2000 – find new

viruses, craft cures for them, distribute and install the cure everywhere, and do

this faster than the viruses themselves can spread. But we must admit that the

solution that has evolved is quite a bit faster and more comprehensive than

what we put together in 2000. It would have been hard to imagine back then.

Complex viruses: The virus writers didn’t go to sleep during the last decade -

unfortunately. They have continued to develop techniques that tax even our

current, very impressive, anti-virus technology. A decade ago, industry pundits

predicted that scanning – looking for strings within a file that would indicate a

virus – would fall by the wayside, to be replaced by <insert pundit’s favorite

alternative technology here>. That didn’t happen, but viral defense did evolve to

blunt the tactics of the virus writers. One virus writing tactic that emerged – at

first by accident and later, I think, on purpose – was Lurking, making it hard to

find a virus via simple scanning technology that performed only a very simple

examination of certain parts of certain objects in the system. The antivirus

industry was forced to move to more comprehensive scanning – scanning all parts

of all objects, and doing some fairly sophisticated analysis during the scan. This

all took time, and a naive implementation would have been very, very slow. The

anti-virus industry came up with a clever solution – use various heuristics, long

relegated to second-class status as virus detectors – as filters in front of scanners.

That is, heuristics are now used as a first check for whether an object might be

infected. The front-line heuristics are very fast, and eliminate most objects as not

being infected. Any remaining objects are passed to second-line heuristics that are

a bit slower and a bit more precise. And down the line until the object is passed to

scanners, and then verifiers, to determine with great precision and certainty that it

is infected, and with which virus it is infected.6 Among these front-line heuristics

are the nearly abandoned change detectors of twenty years ago, which can tell

quickly if an object has changed since it was last checked for viruses; if it has not,

if it was not previously infected, and if the virus detector has not been updated,

it’s not necessary to check it again.

Small devices: Earlier in the decade, it was widely believed that devices – the

computing devices we carry and wear – would require radically different anti-


virus technology, at least to protect their internal environment. They were, it was

argued, so small – with hardly any memory at all - so small that it would not be

possible to fit the ever-growing PC-based anti-virus products into them.

Interestingly, this turned out to be right – and wrong. It was right in that the

monolithic, stand-alone applications that were typical of anti-virus protection then

would not fit. Nor would the ever-growing scanner-based virus definition files –

certainly not with as many viruses as we have cataloged today. But it was also

wrong; it was not necessary to stuff old programs into new devices. In retrospect,

the solution was obvious. The heuristic hierarchy that solved the speed problem

for complex viruses is the first half of the solution. Most of the time, it’s not

necessary to have anything running in the devices except the first-level, or maybe

the second-level, heuristics. And those are typically small and fast. The second

half of the solution is the Internet. If it’s ever necessary to actually scan an object

inside a device, it’s not necessary to scan it for all 500,000 known viruses.

Intermediate heuristics can easily cut the search down to a few hundred viruses at

most. These devices can easily cache virus definitions for the viruses you’re

actually likely to see. For all the rest, the definitions can simply be paged in from

the next level up in the network. In fact, the networks of anti-virus vendors are

now all hierarchical, caching the least information possible in the customer

devices and systems, staging the less-used information in intermediate servers and

gateways, and connecting them to the automated analysis facilities and human

analysts that are at the pinnacle of the pyramid. The Internet makes it all one

global system.

• 2010: Hello? Hello?

Here it is, 2010. The anti-virus industry has been working on the virus problem

for over twenty years. All in all, things seem to be going pretty well this year.

There have been no major virus incidents, no overblown virus hoaxes. The

nearly seven billion residents of the planet have gone about their daily routines

– shopping, gossiping, composing symphonies, and waging war – all without

thinking very much about computer viruses. And that’s how it should be. There

is one thing that’s just a little bit odd recently. In the past few days, the phones

have been acting up. It seemed to happen at the same time as an automated update

of the operating system from The Windows Company for the phone component

of devices. At first, everything other than the audio channel was fine. Then the

ear-ring too, and then the sketchpad. Many people might have had the same

experience. There was a news alert a few minutes later. This has never happened

before, at least not this widespread. It’s still not clear what’s going on. The media


are saying it’s a virus, however nothing is sure yet. Hopefully we will know more

during VB 2010 itself and be able to tell a more complete story.


CHAPTER 3


(INDIA)

India is a fast growing country in all segments – especially the IT sector. Starting from internet savvy youth, to necessities in education, social networking generation to IT career seeking chunk of the Indians and from outsourcing businesses to data security conscious Corporates, everyone is in search for the best and suitable antivirus for the protection of their data and machines. And this has created a luring market for antivirus companies all over the world to venture into the Indian market to reap benefits for both themselves as well the over a 120 crore population.

In recent times, the anti-virus market in India has opened up and global players are now eying the Indian market, especially the retail, SOHO and SMB segments as they offer huge opportunities for penetration. While the vendors such as ACI Infocom, Unistal, ESET and AVG have already entered the Indian market with a host of new products, others are preparing to enter the rat race. Sources within the industry say that Kingsoft (China) is another vendor that is watching the Indian anti-virus industry closely and evaluating its options here, while Panda from Spain has plans to re-enter the country.

While vendor competition becomes tougher, customers are rejoicing as this has given rise to genuine anti-virus products becoming increasingly affordable. Channel partners are watching this space closely as it is proving to be a lucrative business area.

According to a Gartner prediction dated Saturday, 29th August 2009, the Asia-Pacific security market was expected to be growing at an average of 28 percent, even as the worldwide market for anti-virus solutions at large is growing at 12 percent.

The advent of a host of anti-virus and Internet security vendors has opened up the market for customers in the retail, SOHO and SMB domain. Many of these vendors have introduced anti-virus at a price range of Rs 300-400, thereby giving customers the option of buying genuine software at an affordable price.

3.1 Expert’s voice:

MH Noble, MD, Zoom Technologies, distributors of Kaspersky range of solutions in India said, “Anti- virus only sells when the product cures and removes virus and does not slow down the computer/system. No small, local or foreign player can threaten the business of an established player, as it requires a big team carrying out research in several different regions and analyzing the samples in all regions of the world for the product to be effective. However, the product has to be affordable.”

Peter Baxter, VP-Business Development, AVG Technologies explained, “No company is secure and competition-proof in today's age especially with so many anti-virus


software solution providers (SPs) entering the Indian market. However, regardless of the technological superiority of any company, without adequate support one can quickly lose customers. Pricing, coupled with consistency and value for money, plays an important role when it comes to grabbing the market share. While many brands decide on a low- entry point and increase price over time, we believe that the Indian consumer is now savvy to this and looks for consistency and support as opposed to short-term pricing reductions.”

The established players and the ones who have been around in the market for decades, however are of the opinion those competitions only toughen them up. These vendors are of the view that having several options will give customers an ability to get more discerning and enable differentiation between anti-viruses that can give them just protection and the ones that can provide them greater protection.

Sharing his views on rising competition, Jaganath Patnaik, former VP-Sales and

Marketing, QuickHeal who is now with Kaspersky AV pointed out, “Pricing has never played that important a role as far as anti-virus solutions are concerned as one needs to offer value for money to the customers.”

Pointing out that anti-virus as a product is very similar to an operating system software, and like a user, who needs only one operating system to run the machine, he only needs one anti-virus solutions to fight viruses, Karthik Shahney, Regional Director, McAfee stated, “When it comes to buying an anti-virus, price does play a deciding role for the customer but he also seeks quality. Anti-virus, as software, is getting commoditized and the new entrants are lowering prices to penetrate the market further. However, security market is not only about anti-virus. The customer needs to bear in mind whether he needs simple protection or great protection for their machines and in case of latter, only that vendor who can provide 24x7 support and has an effective R&D in place can meet their requirements.”

Echoing similar sentiments, Amit Nath, Country Manager India & SAARC, Trend

Micro shared, “Vendors who understand the anti-virus market are going to remain unaffected by the fact that competition is on the rise. Throwing rock bottom prices at the market will not really help the new entrants grow as vendors. One needs to have a road map of three/four years, visualize the growth of the industry and have a strong R&D set- up in place.” Nath further mentioned that 'price vs value' phenomenon will not work for too long.

Hence, buying an anti-virus is more or less like purchasing a mobile phone. There are numerous options available and one needs to keep the desired features and price of the product in mind, before they select the best possible option. With the influx of a host of antivirus vendors, the customers will be in a better position to discern the quality of the product which will happen only when they have experienced the product. Hence the vendor who develops closeness with the channel partner community and offers good quality product backed by effective R&D set-up will continue to survive and grow in the market.


The antivirus industry in India started quite late compared to its foreign counterparts, but has been doing serious business thereafter. One of the major and pioneer players in the market was Symantec’s Norton antivirus. However, the main problem that these companies faced that time were the lack of awareness among the people, and the very high price at which these softwares were pitched in the market. Along with these, the low usage of internet and poor marketing and advertisement campaigns also contributed towards the late spreading of the antivirus network in India.

Now, the market has changed a lot with highly efficient yet affordable antivirus products flooding the market. Perhaps this has come across probably due to the do-or-die competition that the antivirus companies have entered into in this sub-continent. And with the customers growing smarter by the day, these companies have to put their think tanks to the best use to capture new segments of the untapped market and even to retain their existing clients.

3.2 Antivirus products operating in India:

An attempt to list the antivirus companies’ products operating in India has been given below:

• Avira Antivirus

• Avast Antivirus

• AVG Antivirus

• BitDefender Antivirus

• EScan Antivirus

• ESET NOD32 Antivirus

• F-Secure Antivirus

• G-Data Antivirus

• K7 Antivirus

• Kaspersky Antivirus

• Kingsoft Antivirus

• McAfee Antivirus

• Microsoft Security Essentials

• Norman Antivirus and Anti-Spyware

• Net Protector Antivirus

• Panda Antivirus

• PC Tools Spyware Doctor with Antivirus

• QuickHeal Antivirus

• Sophos Antivirus

• Symantec Norton Antivirus

• Trend Micro Antivirus and Anti-Spyware

• Trustport Antivirus


CHAPTER 4


(AHMEDABAD REGION)

Ahmedabad, the economic capital of the prosperous state of Gujarat has been a battlefield for the

antivirus companies lately. With QuickHeal Antivirus products leading the way in the region at

present, the competitors such as Kaspersky, Symantec, EScan, K7, etc are trying hard to reduce

the gap and grow in publicity and sales.

The study and survey conducted over a period of six weeks in Ahmedabad region has helped

conclude that QuickHeal Antivirus Technologies Pvt. Ltd’s product “Total Security 2010” has

been the antivirus software with the highest demand followed closely by Kaspersky’s 2010

edition of the antivirus.

Though the residents of this city have not been counted among the tech-savvy population of the

country for long, yet the present scenario reveals a latent market for the antivirus companies to

venture into. The Government’s initiatives to uplift the technological side of the individuals of

the state has led to the extensive usage of computers and other electronic media of education and

this in turn has increased the chances of the growth of internet-bourne viruses. Just 3-4 years

back the state didn’t find a good reason to go after antivirus security as there was a pretty less

habit of referring the internet among the laymen for knowledge and information. Now, with the

increasing introduction of Wi-Fi networks all across the city (in malls, colleges, schools, Offices,

etc), along with the inseparable usage of the carrier of malware – USB devices, the proximity of

the laptops and computers being infected with viruses has become a major threat. Moreover, the

awareness about data theft and its security among the common men has led to everyone going for

an antivirus right at the time of purchasing the machines.

Earlier antivirus software was more of a product which used to give mental peace to the tech-

savvy person that his machine and data are safe. But now, the technical know-how has expanded

so like a forest fire that people are not just contended with the mental security that they have an

antivirus installed on the laptops or desktops. They have started demanding extended features

which give them not only maximum possible protection from malware and data theft but those

which also helps them work efficiently on the systems, without slowing down or interfering in

the work that they are doing.

The major factors influencing the antivirus softwares which are playing each other in the

Ahmedabad market are:

• Quality

• Price


However there exists one superior factor which influences both of the above mentioned aspects

and that is ‘Brand image’. For example: Symantec Norton antivirus has been an old and quality

player in Ahmedabad, and people still remember this brand whenever antivirus is talked about.

With the advent of other softwares entering the Ahmedabad market Norton has no doubt lost

some ground but it still is a brand to compete with. Norton antivirus is expensive as well, but it

has built its image in such a way over a period of time that people who prefer quality will go for

Norton AV. A comparatively newer brand Kaspersky AV has gained ground and recognition

within a very short span of time. A factor which has boosted the sales of Kaspersky is its low

cost. Basically speaking, the business-minded mentality of the Ahmedabad crowd brings in a

tendency in them to go for products which give them quality and which comes cheap as well. At

present, QuickHeal Antivirus Technologies Pvt. Ltd.’s products are in demand despite a higher

price range. Discussions with some of the end-users have revealed that the advertisements that

QuickHeal has aired on the radio and television have helped in increasing its brand value among

the people who already were using some brand of antivirus as well as spreading news about its

presence in Ahmedabad among the first timers.

Another key factor which encourages an end-user to go for a particular brand is the realization of

value. In the case of an antivirus software, local on-site technical support along with 24x7

operating toll-free number are best suited for delivering the basic value that a customer may

expect. QuickHeal Antivirus Technologies is the only company which offers technical support

home-to-home for the customers in Ahmedabad at present. So it shows in the sales of its

products. Net Protector Antivirus, which is an upcoming brand in the city, is following in

QuickHeal’s footsteps and is trying to give technical support through the dealers to all the

customers. Further details about the Ahmedabad antivirus market have been given in the Key

Findings section in the later part of this report.

The major Antivirus companies operating in Ahmedabad are:

• QuickHeal AV

• Kaspersky AV

• K7 AV

• Symantec Norton AV

• Net Protector AV

• EScan Internet Security and AV

• McAfee AV

• Trend Micro AV

• G-Data AV

• AVG Antivirus


Some other brands which exist in the end-users catalogue apart from the above mentioned

antiviruses are:

• Avast AV/ Avira AV

• Panda AV and some others.

These other brands have probably been introduced through the internet downloads as free

versions or pirated softwares.

Piracy had been actively involved in the Ahmedabad antivirus market about 2-3 years back. And

it used to pull away an alarming chunk of the customers. But frequent crackdowns by legal

authorities have shrunk the piracy market considerably. Genuine softwares which have a market

price of around Rs. 1000-1300 were sold for just Rs. 100-150 in the pirated version. It is this

reason because of which the dealers as well as the end-users frequently took refuge in this market

so religiously. However, the low cost genuine antivirus softwares which have been introduced

lately have added to the decline of the piracy market.

Moreover regular and automatic update facilities in most of the new antivirus softwares over the

internet have helped promote the cause of genuine softwares greatly.

Added to these, recently Microsoft had initiated raids with the help of police authorities at major

centers which used to deal in pirated software business and taken necessary legal action which

has dampened the piracy market to a large extent. Such measures on a repetitive basis can

expectedly increase the sale of genuine software, be it antivirus or operating system or other

software products.


CHAPTER 5


5.1 An insight:

• Incepted in 1993 by the Katkar Brothers it started with a product idea in the

security and Anti- Virus domain. It successfully developed an Anti-Virus product

and christened it Quick Heal.

• In 1995 was incorporated to form CAT LABS PVT LTD to make Brand Quick

Heal a strong brand in the IT security field. In an industry, which has seen very

few success stories and overwhelmed by the technical challenges posed by new

viruses’ every day Quick Heal has grown exponentially in the past 13 years. This

is evident by its presence in more than 50 countries worldwide and its listing on

more than 400 shareware sites and with a growth rate of nearly 100% year on

year. Over the years they have moved from a simple Antivirus Company, to a

comprehensive Security Products Company.

• Certification, Independent Software vendor certification from Microsoft

Corporation, Major shareware sites top accreditation, MOU with CERT_IN a

Government of India venture into cyber security and top reviews in major

industry magazines. We are also among the top 100 emerging companies as rated

by Red Herring.

• Quick Heal strength lies in its exceptional team of software and management

professionals. Having a strong software engineering discipline derived out of

Quick Heal product culture and having worked with emerging technologies for

the past twelve years. Quick Heal has developed an excellent learning and

adaptation capability. This unique capability has been instrumental in Quick Heal

success in taking on development of the product to its present stage.

• Quick Heal on numerous occasions has been the first to come out with the fastest

virus solutions in a record time ahead of any of its foreign counterparts.


5.2 Awards and recognitions:

• Virus Bulletin award:

Quick Heal till date is the only Indian Antivirus using indigenous Antivirus

engine to achieve this award. They have in all 22 Vb-100% awards as on date.

The company has received the prestigious VB 100% award, on all platforms

(Windows, Novell, Linux, XP, 2000, 2003, Vista etc.) the most prestigious of

awards in the Anti-Virus Industry. It is the only Anti-Virus software from Asia to

get VB 100% certification for its Linux based Anti- Virus.

• Checkmark Level 2 certification:

Quick Heal has become one of the first Anti-Virus software’s from Asian

Subcontinent to bag the prestigious “Checkmark Certification Level 2” by West

Coast Labs U.K.

• Microsoft ISV Certification:

Quick Heal has been recognized by Microsoft as a Security / Anti-Virus partner.

Microsoft certified Quick Heal Technologies Pvt Ltd as its Independent Software

Vendor (ISV) for providing antivirus solution for Microsoft operating systems

and generic mail protection service. Quick Heal has been already associated with

Microsoft by offering Antivirus Quick Heal to the Genuine Microsoft Windows

users at a discounted price under Microsoft Windows Genuine Advantage. With


this ISV certification Quick Heal will be able to get to work with Microsoft on

Security issues for Microsoft operating systems. This certification will benefit

customers through Microsoft OS compatible security solutions.

• MoU with CERT In:

Quick Heal has signed a Memorandum of Understanding with Indian Computer

Emergency Response Team (CERT-In) for security co-operation. Under this

terms of the agreement Quick Heal and CERT-In will initiate co-operative

activities in the areas like Mal ware analysis and incidents on Internet Security.

• Red Herring Finalist:

Red Herring Magazine had short listed CAT LABS PVT LTD for Red Herring 100

Asia 2007 awards.

• Compass 2007 Exhibition Award:

Recently Computer association of Eastern India has awarded Quick Heal as the

best product in the Antivirus segment in the Compass 2007 Exhibition.

5.3 Advantages of Quick Heal Antivirus:

• Quick Heal offers lethal combines of Reactive and Proactive technologies to keep

viruses band other malware out from the systems.

• It provides e-mail, Network, Intranet and other online protection services.

Needless to say, its Virus Bulletin (VB100) award winning and Check Mark


certified virus scan engine eliminates 100% In - the - Wild viruses in all types of

files, compressed archives, and mailboxes both Online and Off-line.

• What distinguishes Quick Heal from its peers is its design philosophy, which is

user friendly, futuristic in nature to counter the most dangerous malwares. This

ensures that the users get a stable, reliable and consistent protection of the highest

standard while exploring every corner of the cyber world not only from the

known virus but also against unknown threats.

• Quick Heal Antivirus Technologies Pvt. Ltd. is the leader in providing prompt

and easily accessible technical support through email, telephonic and chat.

• Regarding technical intricacy they are rated as best for unknown malwares (DNA,

sensor, heuristic), real time protection for unknown viruses, low on system

resource, optimum balance between performance and security.

• Moreover they have small and incremental updates (2-6 times per day), free

upgrade policy, and flexible licensing policy. Their user friendly interface makes

easy for customers to operate.

5.4 Features of Quick Heal Antivirus:

• DNA Scan Technology

• QuickHeal Active Sensor

• QuickHeal Messenger

• Smart E-mail protection

• Smart Memory Scanning

• Emergency Bootable CD

• Native Boot Scan

• QuickHeal Firewall Protection

• Content Filter

• MS-Office protection

• Complete and small upgrades

• Anti Root-kit

• PC to Mobile scan

• Antimalware support

• Advanced System Explorer

• Window Spy

• Data Theft Protection

• System Hijack Restore

• Privacy Track Cleaner

• Drag ‘N’ Drop Scanning

• Multiple Scanning


• Control Scanning

• Automatic Hourly Update System

• Multiple Scheduling of Scanning

• Powerful Quarantine Tool

These features are the combined overall features available in the entire range of

QuickHeal antivirus softwares.


CHAPTER 6

COMAPARATIVE STUDY – QUICKHEAL V/S OTHERS

A detailed comparative study conducted by VIRUS BULLETIN in April 2010 revealed the

performance and feature results of the above mentioned antivirus companies’ products. The

results have been categorized and shown below:

• On demand tests:

On-demand

tests

WildList Worms & bots Polymorphic

viruses Trojans Clean sets

Missed % Missed % Missed % Missed % FP Susp.

Agnitum 0 100 105 97.96 191 89.11 1255 89.39 1

AhnLab 0 100 424 91.75 8 99.59 5703 51.78 2

Alwil 0 100 28 99.46 507 93.28 197 98.33

Arcabit 0 100 747 85.47 1319 79.03 5781 51.12 6

Authentium 0 100 140 97.28 3 99.85 1759 85.13 4

Avanquest 0 100 46 99.11 1989 65.32 446 96.23 1

AVG 0 100 17 99.67 26 98.79 284 97.60

Avira

(Personal) 0 100 11 99.79 0 100 148 98.75

Avira

(Professional) 0 100 11 99.79 0 100 148 98.75

BitDefender 0 100 24 99.53 0 100 618 94.78

Bkis

(Gateway

Scan)

3 99.58 807 84.31 2773 51.85 6551 44.61

Bkis

(Home

edition)

18 97.50 847 83.53 2776 51.20 6551 44.61

Bullguard 0 100 18 99.65 0 100

316 97.33

CA (ISS) 0 100 432 91.60 958 92.06 5184 56.17

CA (Threat

Manager) 0 100 430 91.64 958 92.06 5063 57.19

Central

Command 0 100 109 97.88 191 89.11 1229 89.61 1

Check Point 1 99.99 56 98.91 9 99.91 379 96.80 5

Defenx 0 100 109 97.88 191 89.11 1251 89.42 1

Digital

Defender 0 100 135 97.37 191 89.11 1338 88.69 1

eEye Digital

Security 104 99.99 282 94.52 288 83.47 2764 76.63 3

Emsisoft 974 99.95 10 99.81 1285 78.59 202 98.29 1 1

EScan 0 100 18 99.65 0 100 320 97.29 3

ESET 0 100 23 99.55 0 100 172 98.55

Filseclab 1548 97.97 310 93.97 9913 41.20 1881 84.10 5 1

Fortinet 0 100 330 93.58 30 99.09 3099 73.80 1


Frisk 0 100 185 99.40 0 100 1997 83.12 1

F-Secure

(Client

Security)

0 100 18 99.65 0 100 532 95.50

F-Secure (PSB

Workstation) 0 100 18 99.65 0 100 532 95.50

G-Data 0 100 4 99.92 0 100 11 99.91

Ikarus 973 99.95 3 99.94 1285 78.59 142 98.80 1

iolo 0 100 186 96.38 3 99.85 1984 83.23 1

K7 0 100 56 98.91 0 100 463 96.09 1

Kaspersky

(Antivirus

2010)

0 100 45 99.12 0 100 255 97.84

Kaspersky

(Antivirus 6) 1 99.99 74 98.56 1 99.99 545 95.39

Kingsoft

(Advanced) 0 100 1008 80.40 2382 56.61 10525 11.02

Kingsoft

(Standard) 0 100 934 81.84 2382 56.61 9352 20.93

Kingsoft

(Swinstar) 6 99.17 659 87.18 3350 47.72 6625 43.99 1

Lavasoft 0 100 15 99.71 1994 65.16 107 99.10 2

McAfee Total

Protection 0 100 31 99.40 4 99.99 484 95.91

McAfee Total

Protection 0 100 46 99.11 1 99.99 786 93.35

Microsoft 1 99.99 30 99.42 0 100 543 95.41

Nifty Corp. 1 99.99 71 98.62 1 99.99 673 94.31 5

Norman 104 99.99 284 94.48 293 82.92 2789 76.42 3

PC Tools

(Internet

Security)

0 100 25 99.51 0 100 243 97.95

PC Tools

(Spyware

Doctor)

0 100 25 99.51 0 100 245 97.93

Preventon 0 100 135 97.37 191 89.11 1338 88.69 1

Proland 0 100 111 97.84 191 89.11 1308 88.94 1

Qihoo 0 100 23 99.55 11 99.98 354 97.01

Quick Heal 0 100 188 96.34 5 99.51 1955 83.47

Rising 0 100 620 87.94 1130 70.02 5435 54.05

SGA Corp. 0 100 26 99.49 0 100 364 96.92

Sophos 0 100 44 99.14 0 100 554 95.32 3

SPAMfighter

(VIRUS

fighter Plus)

0 100 136 97.36 191 89.11 1360 88.50

SPAMfighter

(VIRUS

fighter Pro)

0 100 135 97.37 191 89.11 1338 88.69

Sunbelt 0 100 15 99.71 1994 65.19 121 98.98 2

Symantec

(Endpoint

Protection)

0 100 38 99.26 0 100 324 97.26

Symantec

(Norton

Antivirus)

0 100 21 99.59 0 100 392 96.69


Trustport 0 100 3 99.94 0 100 23 99.81

VirusBuster 0 100 109 97.87 191 89.11 1229 89.61

Webroot 0 100 36 99.30 0 100 483 95.92

• On-access tests:

On-access

tests

WildList Worms & bots Polymorphic

viruses Trojans

Missed % Missed % Missed % Missed %

Agnitum 0 100.00% 115 97.76% 191 89.11% 1373 88.39%

AhnLab 0 100.00% 424 91.75% 8 99.59% 5713 51.70%

Alwil 0 100.00% 20 99.61% 507 93.28% 172 98.55%

Arcabit 1 99.86% 751 85.39% 1319 79.03% 5811 50.87%

Authentium 0 100.00% 193 96.25% 3 99.85% 2061 82.58%

Avanquest - - - - - - - -

AVG 0 100.00% 30 99.42% 26 98.79% 421 96.44%

Avira

(Personal) 0 100.00% 15 99.71% 41 100.00% 169 98.57%

Avira

(Professional) 0 100.00% 12 99.77% 0 100.00% 165 98.61%

BitDefender 0 100.00% 30 99.42% 0 100.00% 651 94.50%

Bkis

(Gateway

Scan)

3 99.58% 807 84.31% 2773 51.85% 6551 44.61%

Bkis (Home

Edition) 18 97.50% 847 83.53% 2776 51.20% 6551 44.61%

Bullguard 0 100.00% 18 99.65% 0 100.00% 316 97.33%

CA (ISS) 0 100.00% 432 91.60% 958 92.06% 5184 56.17%

CA (Threat

Manager) 0 100.00% 430 91.64% 958 92.06% 5063 57.19%

Central

Command 0 100.00% 113 97.80% 191 89.11% 1319 88.85%

Check Point 1 99.9999% 99 98.07% 9 99.91% 858 92.75%

Defenx 0 100.00% 115 97.76% 191 89.11% 1373 88.39%

Digital

Defender 0 100.00% 140 97.28% 191 89.11% 1421 87.99%

eEye Digital

Security 123 99.99% 284 94.48% 338 81.83% 2960 74.97%

Emsisoft - - - - - - - -

EScan 0 100.00% 24 99.53% 0 100.00% 346 97.07%

ESET 0 100.00% 71 98.62% 0 100.00% 392 96.69%

Filseclab 2595 97.91% 295 94.26% 11413 37.25% 1718 85.48%

Fortinet 0 100.00% 330 93.58% 30 99.09% 3171 73.19%

Frisk 0 100.00% 192 96.27% 0 100.00% 2070 82.50%

F-Secure

(Client

Security)

0 100.00% 22 99.57% 0 100.00% 541 95.43%

F-Secure (PSB

Workstation) 0 100.00% 22 99.57% 0 100.00% 541 95.43%

G DATA 0 100.00% 6 99.88% 0 100.00% 26 99.78%

Ikarus 973 99.95% 3 99.94% 1285 78.59% 142 98.80%

iolo 0 100.00% 186 96.38% 3 99.85% 1984 83.23%


K7 0 100.00% 61 98.81% 0 100.00% 730 93.83%

Kaspersky

(Anti-Virus

2010)

0 100.00% 79 98.46% 0 100.00% 376 96.82%

Kaspersky

(Anti-Virus 6) 1 99.9999% 94 98.17% 1 99.999% 590 95.01%

Kingsoft

(Advanced) 0 100.00% 1011 80.34% 2382 56.61% 10549 10.81%

Kingsoft

(Standard) 0 100.00% 937 81.78% 2382 56.61% 9375 20.74%

Kingsoft

(Swinstar) - - - - - - - -

Lavasoft 2 99.72% 25 99.51% 2004 65.03% 257 97.83%

McAfee Total

Protection 0 100.00% 36 99.30% 0 100.00% 601 94.92%

McAfee Virus

Scan 0 100.00% 49 99.05% 1 99.999% 788 93.34%

Microsoft 1 99.99% 64 98.76% 0 100.00% 764 93.54%

Nifty Corp. 1 99.9999% 56 98.91% 1 99.999% 348 97.06%

Norman 110 99.99% 285 94.46% 338 81.83% 2944 75.11%

PC Tools

(Internet

Security)

0 100.00% 27 99.47% 0 100.00% 271 97.71%

PC Tools

(Spyware

Doctor)

0 100.00% 27 99.47% 0 100.00% 260 97.80%

Preventon 0 100.00% 140 97.28% 191 89.11% 1421 87.99%

Proland 0 100.00% 112 97.82% 191 89.11% 1310 88.92%

Qihoo 0 100.00% 23 99.55% 42 99.79% 409 96.54%

Quick Heal 0 100.00% 351 93.17% 42 96.49% 5274 55.41%

Rising 0 100.00% 620 87.94% 1130 70.02% 8376 29.18%

SGA Corp. 0 100.00% 31 99.40% 0 100.00% 397 96.64%

Sophos 0 100.00% 23 99.55% 0 100.00% 392 96.69%

SPAM fighter

(VIRUS

fighter Plus)

0 100.00% 427 91.70% 191 89.11% 1384 88.30%

SPAM fighter

(VIRUS

fighter Pro)

0 100.00% 140 97.28% 191 89.11% 1421 87.99%

Sunbelt - - - - - - - -

Symantec

(Endpoint

Protection)

0 100.00% 26 99.49% 0 100.00% 309 97.39%

Symantec

(Norton

Antivirus)

0 100.00% 17 99.67% 0 100.00% 209 98.23%

Trustport 0 100.00% 6 99.88% 16 100.00% 34 99.71%

VirusBuster 0 100.00% 113 97.80% 191 89.11% 1319 88.85%

Webroot 0 100.00% 58 98.87% 0 100.00% 539 95.44%


• System resource usage statistics:

• Reactive and Proactive (RAP) detection scores:

RAP

detection

scores

Reactive Reactive

average

Proactive Overall average

Week 3 Week 2 Week 1 Week +1 Missed

Agnitum

Outpost

Security Suite

Pro

87.61% 75.41% 70.84% 77.95% 47.75% 70.40%

AhnLab V3

Internet

Security

68.25% 50.57% 36.40% 51.74% 21.65% 44.22%

Alwil Avast!

free antivirus 96.55% 94.69% 89.78% 93.67% 52.72% 83.44%


Arcabit

ArcaVir 2010 67.58% 57.78% 57.51% 60.96% 23.43% 51.58%

Authentium

Command

Anti-Malware

81.41% 75.54% 57.85% 71.60% 51.55% 66.59%

Avanquest

Double Anti-

Spy

Professional

93.63% 91.68% 78.21% 87.84% 42.19% 76.43%

AVG Internet

Security

Network

Edition

93.55% 91.35% 81.26% 88.72% 49.28% 78.86%

Avira AntiVir

Personal 92.28% 96.19% 90.32% 92.93% 61.59% 85.10%

Avira AntiVir

Professional 92.28% 96.19% 90.32% 92.93% 61.59% 85.10%

BitDefender

Antivirus

2010

89.03% 70.53% 63.31% 74.29% 51.85% 68.68%

Bkis Bkav

Gateway

Scan

47.93% 43.70% 32.05% 41.23% 21.96% 36.41%

Bkis Bkav

Home Edition 47.93% 43.70% 32.05% 41.23% 21.96% 36.41%

Bullguard

Antivirus 94.55% 86.08% 82.11% 87.58% 63.16% 81.47%

CA Internet

Security Suite

Plus

67.23% 59.42% 64.28% 63.65% 53.20% 61.04%

CA Threat

Manager 68.69% 60.56% 65.78% 65.01% 55.35% 62.59%

Central

Command

Vexira

Antivirus

Professional

88.47% 77.32% 71.10% 78.96% 48.28% 71.29%

Check Point

Zone Alarm

Suite

94.45% 95.52% 92.35% 94.11% 78.15% 90.12%

Defenx

Security Suite

2010

88.26% 77.26% 71.14% 78.89% 48.34% 71.25%

Digital

Defender

Antivirus

87.42% 76.03% 69.06% 77.50% 47.64% 70.04%

eEye Digital

Security Blink

Professional

66.47% 57.84% 50.75% 58.35% 45.70% 55.19%

Emsisoft a-

squared Anti-

Malware

99.13% 99.42% 97.62% 98.72% 71.30% 91.87%

EScan

Internet

Security for

Windows

94.42% 85.75% 80.46% 86.88% 62.60% 80.81%


ESET NOD32

Antivirus 94.08% 94.11% 89.18% 92.46% 78.04% 88.85%

Filseclab

Twister Anti-

Trojan Virus

82.74% 76.74% 67.69% 75.72% 67.66% 73.71%

Fortinet

FortiClient 72.87% 69.75% 64.54% 69.05% 23.15% 57.58%

Frisk F-PROT 79.34% 72.52% 56.15% 69.34% 49.92% 64.48%

F-Secure

Client

Security

91.22% 83.97% 66.53% 80.57% 55.26% 74.24%

F-Secure PSB

Workstation

Security

91.22% 83.97% 66.53% 80.57% 55.26% 74.24%

G DATA

Antivirus

2010

99.09% 98.86% 91.14% 96.37% 65.25% 88.59%

Ikarus virus.

Utilities 98.93% 99.29% 94.64% 97.62% 68.42% 90.32%

iolo System

Mechanic

Professional

79.28% 72.47% 56.15% 69.30% 49.95% 64.46%

K7 Total

Security 90.85% 85.44% 58.94% 78.41% 50.14% 71.34%

Kaspersky

Anti-Virus

2010

93.55% 96.03% 93.23% 94.27% 77.36% 90.04%

Kaspersky

Anti-Virus 6

for Windows

Workstations

93.24% 95.79% 92.38% 93.80% 76.47% 89.47%

Kingsoft

Internet

Security 2010

Advanced

Edition

32.16% 24.31% 21.93% 26.13% 17.61% 24.00%

Kingsoft

Internet

Security 2010

Standard

Edition

37.64% 36.53% 26.45% 33.54% 21.88% 30.63%

Kingsoft

Internet

Security 2010

Swinstar

Edition

42.62% 38.34% 28.81% 36.59% 22.34% 33.03%

Lavasoft Ad-

Aware

Professional

Internet

Security

96.96% 96.35% 82.57% 91.96% 62.12% 84.50%

McAfee Total

Protection 94.64% 92.87% 84.84% 90.78% 66.01% 84.59%

McAfee Virus

Scan

Enterprise

90.83% 89.17% 82.72% 87.57% 63.61% 81.58%


Microsoft

Security

Essentials

91.14% 93.06% 74.15% 86.12% 55.52% 78.47%

Nifty Corp.

Security 24 93.45% 94.31% 85.59% 91.12% 62.36% 83.93%

Norman

Security Suite 66.36% 57.81% 50.30% 58.16% 45.75% 55.06%

PC Tools

Internet

Security 2010

93.21% 92.55% 76.19% 87.32% 34.49% 74.11%

PC Tools

Spyware

Doctor

93.22% 92.58% 76.20% 87.34% 34.53% 74.13%

Preventon

Antivirus 87.42% 76.03% 69.06% 77.50% 47.64% 70.04%

Proland

Protector

Plus

Professional

87.71% 76.26% 70.82% 78.26% 48.13% 70.73%

Qihoo 360

Security 93.88% 84.32% 73.68% 83.96% 56.51% 77.10%

Quick Heal

Antivirus

2010

78.68% 69.61% 63.17% 70.49% 44.58% 64.01%

Rising

Internet

Security 2010

59.40% 42.67% 34.77% 45.62% 25.07% 40.48%

SGA Corp.

SGA-VC 94.36% 85.88% 79.65% 86.63% 62.08% 80.49%

Sophos

Endpoint

Security and

Control

95.90% 93.43% 90.74% 93.36% 75.43% 88.88%

SPAM fighter

VIRUS fighter

Plus

87.43% 76.03% 69.06% 77.51% 47.59% 70.03%

SPAM fighter

VIRUS fighter

Pro

87.25% 75.84% 68.98% 77.36% 47.61% 69.92%

Sunbelt

VIPRE

Antivirus

Premium

96.97% 96.45% 83.53% 92.31% 66.10% 85.76%

Symantec

Endpoint

Protection

91.37% 90.35% 65.00% 82.24% 31.15% 69.47%

Symantec

Norton

Antivirus

91.77% 90.76% 66.49% 83.00% 33.24% 70.56%

Trustport

Antivirus

2010

98.67% 96.09% 96.74% 97.17% 79.66% 92.79%

VirusBuster

Professional 88.47% 77.32% 71.10% 78.96% 48.28% 71.29%

Webroot

Antivirus with 96.48% 94.12% 89.90% 93.50% 74.40% 88.72%


Spy Sweeper

• On-demand throughput (MB/s):

On demand

throughput

(MB/s)

Archive files Binaries and system

files

Media and

documents Other file types

Default

(cold)

Default

(warm) All files

Default

(cold)

Default

(warm)

All

files

Default

(cold)

Default

(warm)

All

files

Default

(cold)

Default

(warm)

All

files

Agnitum 2.29 18.00 2.29 8.81 391.41 8.81 12.81 76.44 12.81 128.99 343.96 128.99

AhnLab 11.13 11.18 11.13 25.39 25.95 25.39 10.38 10.47 10.38 9.64 9.38 9.64

Alwil 213.25 277.23 7.57 40.49 49.44 37.58 29.03 30.99 29.78 43.00 43.00 24.00

Arcabit 7.02 6.98 7.02 14.86 14.68 14.86 24.14 26.36 24.14 14.95 15.40 14.95

Authentium 5.56 5.61 5.56 12.33 12.26 12.33 18.80 19.60 18.80 11.73 12.14 11.73

Avanquest 0.61 0.61 0.61 4.12 4.60 4.12 1.09 1.53 1.09 2.15 1.56 2.15

AVG 0.68 0.68 0.47 11.74 11.71 2.32 6.82 6.61 6.71 4.98 4.61 4.65

Avira

(Personal) 4.34 4.27 4.34 33.55 33.55 33.55 19.43 18.20 19.43 9.64 15.40 9.64

Avira

Professional 4.09 4.20 4.09 39.80 38.50 39.80 20.66 18.80 20.66 19.84 15.88 19.84

BitDefender 24.98 26.66 24.98 16.37 17.14 16.37 5.45 5.59 5.45 3.45 3.79 3.45

Bkis

(Gateway

Scan)

99.01 77.01 N/A 3.34 3.34 3.34 4.99 4.90 4.99 4.30 4.06 4.30

Bkis (Home

Edition) 99.01 99.01 1.05 3.17 3.17 3.03 4.99 4.93 4.25 4.30 4.11 2.90

Bullguard 4.10 4.09 4.10 26.39 28.90 26.39 11.08 10.42 11.08 8.82 9.38 8.82

CA (ISS) 2.80 2.81 2.80 31.31 29.54 31.31 25.48 25.20 25.48 21.50 20.64 21.50

CA (Threat

Manager) 1.27 1 386.14 1.27 23.60 117.42 23.60 10.97 55.93 55.93 9.21 33.29 9.21

Central

Command 7.81 7.90 2.39 20.69 20.78 20.51 17.50 16.50 12.40 13.76 12.90 10.53

Check Point 1.94 1.95 1.94 16.37 16.25 16.25 6.10 6.27 6.10 6.18 6.45 6.18

Defenx 1.12 14.99 1.12 15.01 391.41 15.01 6.23 22.48 6.23 4.76 51.59 4.76

Digital

Defender 3.24 3.24 0.66 10.48 10.63 2.50 13.03 12.26 2.91 12.43 10.32 2.81

eEye Digital

Security 1.49 1.50 1.49 1.80 1.77 1.80 0.80 0.80 0.80 0.59 0.58 0.58

Emsisoft 5.48 5.58 N/A 6.33 6.62 6.33 7.85 8.75 7.85 6.66 7.82 6.66

EScan 126.01 126.01 N/A 3.46 3.46 N/A 0.84 0.84 N/A 0.62 0.62 N/A

ESET 3.62 3.62 3.62 12.90 12.83 12.90 13.33 13.98 13.33 12.58 12.74 12.58

Filseclab 1.24 1.23 1.22 19.99 19.25 19.17 5.73 5.54 5.49 5.32 4.80 5.32

Fortinet 3.90 4.52 3.90 7.26 8.37 7.26 19.94 21.63 19.94 9.38 10.02 9.38

Frisk 7.30 7.33 7.30 11.10 11.32 11.10 26.66 31.41 26.66 18.76 19.47 18.76

F-Secure

(Client

Security)

6.68 2772.27 6.68 16.77 1565.63 60.22 10.28 114.66 29.40 49.14 343.96 27.15

F-Secure

(PSB

Workstation)

6.66 2772.27 6.66 361.30 2348.44 64.34 13.49 327.59 36.40 93.81 343.96 28.66

G DATA 2.52 2772.27 2.52 18.06 1174.22 18.06 10.42 229.31 10.42 8.97 343.96 8.97

Ikarus 23.69 23.69 N/A 11.32 11.32 11.32 13.18 12.13 13.18 14.95 10.86 14.95


iolo 6.58 6.60 N/A 11.32 11.24 N/A 14.89 12.07 N/A 8.53 12.43 N/A

K7 7.24 7.30 7.24 9.66 9.74 9.66 29.78 29.03 29.78 20.23 19.11 20.23

Kaspersky

(Anti-Virus

2010)

4.11 1386.14 4.11 30.70 391.41 30.70 16.38 48.79 16.38 11.86 79.38 11.86

Kaspersky

(Anti-Virus 6) 4.68 1386.14 4.68 37.28 587.11 37.28 11.47 69.49 11.47 13.23 147.41 13.23

Kingsoft

(Advanced) 1.55 1.55 1.55 24.46 25.67 24.46 5.49 5.28 5.49 22.93 14.74 22.93

Kingsoft

(Standard) 1.52 1.53 1.52 23.02 23.14 23.02 5.32 5.24 5.32 16.64 12.74 16.64

Kingsoft

(Swinstar) 5.25 5.21 N/A 37.28 40.14 N/A 32.76 30.17 N/A 25.17 24.57 N/A

Lavasoft 63.01 72.95 N/A 12.17 12.30 12.17 2.46 2.57 2.46 3.50 3.34 3.50

McAfee Total

Protection 1.66 2.03 1.66 9.87 50.50 9.87 5.15 15.81 5.15 8.32 36.85 8.32

McAfee Virus

Scan 86.63 89.43 1.97 13.05 13.08 11.98 7.62 7.10 7.62 6.11 4.37 4.30

Microsoft 2.61 2.52 2.61 13.31 13.27 13.31 19.60 19.60 19.60 10.12 12.14 10.12

Nifty Corp. 2.38 924.09 2.38 17.33 195.70 17.33 6.48 34.23 6.48 6.25 26.46 6.25

Norman 1.12 1.13 1.12 2.47 2.47 2.47 2.33 3.45 2.33 1.59 2.45 1.59

PC Tools

(Internet

Security)

1.42 1.47 0.51 6.02 25.39 6.02 6.35 6.20 6.35 5.37 5.29 5.37

PC Tools

(Spyware

Doctor)

2.13 2.22 0.69 31.74 23.48 31.74 8.19 8.25 8.19 7.82 7.48 7.82

Preventon 3.23 3.22 N/A 10.04 10.06 10.04 13.03 12.20 13.03 12.28 10.22 12.28

Proland 7.05 7.04 7.05 19.73 20.16 19.73 7.77 7.67 7.77 5.93 5.49 5.93

Qihoo 1.52 1.52 1.52 5.21 4.99 5.21 1.15 1.03 1.15 0.75 0.84 0.75

Quick Heal 3.57 3.58 2.58 38.50 37.58 38.50 9.93 9.72 9.40 3.75 9.92 8.74

Rising 1.43 1.45 1.43 6.97 7.07 6.97 3.49 3.51 3.49 5.76 5.86 5.76

SGA Corp. 2772.27 2772.27 N/A 24.85 27.15 N/A 15.60 17.24 N/A 85.99 515.94 N/A

Sophos 252.02 277.23 2.48 15.55 15.71 14.45 21.43 23.16 17.11 12.43 11.47 9.05

SPAM fighter

(VIRUS

fighter Plus)

3.11 3.07 3.11 8.68 9.68 8.68 10.42 9.28 10.42 11.59 6.88 6.88

SPAM fighter

(VIRUS

fighter Pro)

56.58 53.31 56.58 10.12 10.12 10.12 16.62 17.11 16.62 10.32 10.32 10.32

Sunbelt 102.68 102.68 2.21 13.77 13.73 13.50 2.40 2.39 2.39 3.39 3.12 3.10

Symantec

(Endpoint

Protection)

2.35 2.24 2.35 14.41 15.71 14.41 8.79 8.92 8.79 6.11 6.22 6.11

Symantec

(Norton

Antivirus)

4.93 693.07 693.07 29.17 260.94 29.17 13.57 55.93 55.93 13.58 43.00 13.58

Trustport 1.25 1.27 1.25 7.03 7.40 7.03 5.10 4.87 5.10 3.30 3.36 3.30

VirusBuster 7.72 7.77 7.74 20.16 20.25 20.16 15.92 15.29 11.52 79.38 206.38 79.38

Webroot 2.56 2.53 2.56 11.65 11.65 11.65 10.38 9.10 10.38 8.53 5.73 8.53


• File access lag time (s/MB):

On demand

throughput

(MB/s)

Archive files Binaries and system

files

Media and

documents Other file types

Default

(cold)

Default

(warm)

All

files

Default

(cold)

Default

(warm)

All

files

Default

(cold)

Default

(warm)

All

files

Default

(cold)

Default

(warm)

All

files

Agnitum 0.01 0.00 0.00 0.10 0.00 0.00 0.16 0.04 0.04 0.19 0.04 0.04

AhnLab 0.02 0.02 NA 0.04 0.03 0.04 0.09 0.08 0.09 0.09 0.09 0.09

Alwil 0.03 0.00 0.15 0.04 0.00 0.05 0.11 0.00 0.22 0.19 0.00 0.33

Arcabit 0.00 0.00 0.14 0.05 0.05 0.05 0.03 0.03 0.03 0.02 0.02 0.05

Authentium 0.04 0.04 0.07 0.12 0.10 0.08 0.19 0.17 0.05 0.22 0.22 0.08

Avanquest 0.01 0.00 NA 0.07 0.01 NA 0.36 0.05 NA 0.27 0.07 NA

AVG 0.00 0.00 0.02 0.08 0.07 0.07 0.12 0.11 0.12 0.17 0.16 0.19

Avira

(Personal) 0.01 0.00 0.05 0.03 0.00 0.03 0.05 0.03 0.05 0.06 0.05 0.06

Avira

(Professional) 0.01 0.00 0.04 0.02 0.00 0.03 0.05 0.04 0.06 0.06 0.06 0.06

BitDefender 0.01 0.00 0.45 0.04 0.00 0.04 0.14 0.01 0.14 0.18 0.01 0.18

Bkis

(Gateway

Scan)

0.01 0.01 NA 0.23 0.22 0.23 0.12 0.12 0.12 0.17 0.16 0.17

Bkis (Home

Edition) 0.01 0.01 NA 0.23 0.23 0.23 0.12 0.13 0.12 0.17 0.17 0.17

Bullguard 0.25 0.25 0.25 0.05 0.04 0.05 0.14 0.14 0.14 0.18 0.18 0.18

CA (ISS) 0.01 0.01 0.15 0.03 0.02 0.05 0.04 0.03 0.22 0.04 0.03 0.33

CA (Threat

Manager) 0.01 0.01 NA 0.03 0.03 0.03 0.09 0.08 0.09 0.06 0.05 0.06

Central

Command 0.00 0.00 NA 0.04 0.04 0.04 0.02 0.02 0.04 0.08 0.09 0.10

Check Point 0.01 0.01 NA 0.04 0.02 0.04 0.12 0.11 0.12 0.12 0.12 0.12

Defenx 0.01 0.00 NA 0.06 0.00 0.06 0.13 0.02 0.13 0.20 0.02 0.20

Digital

Defender 0.00 0.01 0.09 0.09 0.09 0.09 0.01 0.01 0.05 0.02 0.01 0.09

eEye Digital

Security 0.00 0.00 NA 0.00 0.00 0.00 0.01 0.01 0.01 0.01 0.01 0.01

Emsisoft NA NA NA NA NA NA NA NA NA NA NA NA

EScan 0.00 0.00 0.17 0.05 0.01 0.01 0.06 0.00 0.02 0.04 0.00 0.06

ESET 0.00 0.00 NA 0.01 0.01 0.01 0.07 0.07 0.07 0.05 0.05 0.05

Filseclab 0.00 0.01 NA 0.02 0.02 0.02 0.11 0.11 0.11 0.01 0.01 0.01

Fortinet 0.20 0.00 0.20 0.13 0.01 0.13 0.07 0.00 0.07 0.14 0.01 0.14

Frisk 0.01 0.01 NA 0.08 0.08 0.08 0.02 0.02 0.02 0.03 0.03 0.03

F-Secure

(Client

Security)

0.01 0.01 NA 0.07 0.00 NA 0.15 0.03 NA 0.06 0.03 NA

F-Secure

(PSB

Workstation)

0.01 0.01 NA 0.07 0.00 NA 0.12 0.00 NA 0.03 0.01 NA

G DATA 0.08 0.00 0.54 0.07 0.00 0.08 0.18 0.02 0.18 0.24 0.02 0.24

Ikarus 0.04 0.04 NA 0.08 0.08 0.08 0.06 0.06 0.06 0.07 0.07 0.07

iolo 0.04 0.04 NA 0.10 0.10 NA 0.16 0.15 NA 0.18 0.17 NA

K7 0.02 0.00 NA 0.09 0.00 0.09 0.03 0.01 0.03 0.05 0.01 0.05

Kaspersky

(Anti-Virus

2010)

0.01 0.01 0.03 0.05 0.00 0.05 0.13 0.04 0.13 0.14 0.04 0.15


Kaspersky

(Anti-Virus 6) 0.01 0.00 0.39 0.05 0.00 0.04 0.13 0.04 0.14 0.14 0.04 0.15

Kingsoft

(Advanced) 0.00 0.00 NA 0.03 0.00 0.03 0.18 0.00 0.18 0.05 0.00 0.05

Kingsoft

(Standard) 0.00 0.00 NA 0.03 0.00 0.03 0.18 0.00 0.18 0.05 0.00 0.05

Kingsoft

(Swinstar) NA NA NA NA NA NA NA NA NA NA NA NA

Lavasoft 0.00 0.00 NA 0.07 0.02 NA 0.01 0.00 NA 0.30 0.07 NA

McAfee Total

Protection 0.01 0.00 NA 0.08 0.01 0.08 0.13 0.00 0.13 0.21 0.01 0.21

McAfee Virus

Scan 0.01 0.01 0.44 0.08 0.04 0.07 0.16 0.08 0.15 0.24 0.13 0.23

Microsoft 0.01 0.00 NA 0.07 0.00 0.07 0.05 0.00 0.05 0.08 0.00 0.08

Nifty Corp. 0.01 0.00 NA 0.05 0.01 0.05 0.13 0.02 0.13 0.14 0.02 0.14

Norman 0.01 0.01 NA 0.09 0.09 0.09 0.29 0.28 0.29 0.34 0.34 0.34

PC Tools

(Internet

Security)

0.01 0.00 NA 0.15 0.01 NA 0.03 0.02 NA 0.03 0.02 NA

PC Tools

(Spyware

Doctor)

0.01 0.00 NA 0.12 0.04 NA 0.19 0.20 NA 0.25 0.23 NA

Preventon 0.00 0.00 NA 0.09 0.09 0.09 0.01 0.00 0.05 0.02 0.01 0.09

Proland 0.00 0.00 NA 0.04 0.01 0.04 0.02 0.01 0.05 0.00 0.00 0.12

Qihoo 0.00 0.01 NA 0.01 0.00 0.00 0.04 0.03 0.04 0.04 0.03 0.04

Quick Heal 0.04 0.04 NA 0.02 0.02 0.02 0.10 0.09 0.10 0.10 0.10 0.10

Rising 0.02 0.02 NA 0.14 0.13 0.14 0.18 0.17 0.18 0.15 0.19 0.15

SGA Corp. 0.00 0.00 NA 0.04 0.00 NA 0.12 0.01 NA 0.02 0.02 NA

Sophos 0.00 0.00 0.34 0.06 0.06 0.06 0.04 0.03 0.04 0.08 0.08 0.09

SPAM fighter

(VIRUS

fighter Plus)

0.01 0.01 NA 0.10 0.10 0.10 0.03 0.03 0.08 0.06 0.06 0.13

SPAM fighter

(VIRUS

fighter Pro)

0.00 0.00 NA 0.09 0.09 0.09 0.01 0.00 0.01 0.02 0.01 0.02

Sunbelt 0.01 0.00 NA 0.06 0.01 0.06 0.38 0.04 0.38 0.27 0.05 0.27

Symantec

(Endpoint

Protection)

0.01 0.01 NA 0.06 0.06 0.06 0.09 0.08 0.09 0.11 0.10 0.11

Symantec

(Norton

Antivirus)

0.01 0.01 NA 0.05 0.06 0.05 0.08 0.08 0.08 0.09 0.08 0.09

Trustport 0.04 0.01 1.35 0.20 0.02 0.22 0.30 0.09 0.32 0.44 0.06 0.47

VirusBuster 0.00 0.00 NA 0.04 0.04 0.04 0.03 0.02 0.04 0.09 0.09 0.10

Webroot 0.01 0.01 NA 0.09 0.08 0.09 0.08 0.08 0.08 0.17 0.14 0.17


CHAPTER 7

TRENDS OVER THE YEARS

Over the past few years, the antivirus industry has undergone some major changes. The market

leader has changed (McAfee has lost ground to Symantec and Kaspersky is growing fast too),

some independent antivirus companies have either disappeared from the market or have been

taken over (the Romanian company RAV and the Australian company VET), and new players

(BitDefender, ClamAV) have appeared.

Here, we will deal with ‘standard’ antivirus solutions: for home computers, workstations,

corporate file and mail servers. Arguably, antivirus solutions for smart-phones could be included

in this list examine. Virus attacks targeting mobile phones may not be particularly common at the

moment but the situation is likely to change radically - for the worse, naturally - in the next few

years. This section does not focus on hardware solutions (such as gateways, routers with

integrated virus scanning capability), or solutions for large UNIX systems. Moreover ‘standard’

antivirus solutions will continue to evolve. In order to understand the nature of such solutions

and to identify trends, we need to determine the main factors currently influencing the antivirus

industry.

Factor 1: Continuing criminalization of the Internet

Any society of a certain size (such as a town or a country) includes criminal

elements. Crime levels are determined by the following factors:

� the size of the community (the bigger it is, the higher the number of

potential and actual criminals)

� the level of economic development (it's easier to earn a living by honest

means in more developed countries)

� the ability of law enforcement bodies (e.g. the police) to investigate crimes

and imprison the perpetrators

The Internet is no exception. Its size is immense, and many of the different

countries which make up part of this community are economically undeveloped.

A particular cause for concern is programs which advocate ‘cheap computers for

poor third world countries’) - these further encourage criminal activity on the

Internet. Statistics on the number of malicious programs originating from specific

countries confirm this: the world leader in virus writing is China, followed by

Latin America, with Russia and Eastern European countries not far behind.


In terms of law enforcement, in the vast majority of cases investigating

cybercrime is a complex task, particularly taking into account the fact that the

Internet has no physical borders.

Data which falls into the three categories listed above clearly indicate that not

only is the level of criminal activity on the Internet already high, but that it will

also continue to increase. One piece of evidence for this statement is that the

amount of crimeware has increased twofold over the past year; this indicates that

criminal activity on the Internet has doubled in the same space of time. There is

no reason to suppose that this growth rate will slow in the future.

The conclusion: pressure on antivirus companies will increase as they will have

to analyze more and more malicious code. Companies that fail to detect new

malicious programs quickly and thus leave their customers unprotected will suffer

a decrease in their market share, and will not be capable of competing in this

professional arms race.

Factor 2: Increased variety of malware and attack methods

Fourteen years ago, back in 1996, malicious programs fell into two categories:

viruses and primitive Trojans. At that time, there was no such thing as malware

which could be used for criminal ends. However, in the intervening decade,

malware has become far more complex and varied:

� network worms

� a wide range of Trojan programs, including Spyware

� AdWare

� malicious application of legitimate programs (such as keyloggers and

remote administration utilities)

� a wide range of spam, from begging emails to blackmail

� phishing - a clearly differentiated type of financial scam

� network attacks and rackets, etc

The vast majority of malicious programs are written for Win32 systems. The

number of malicious programs targeting Linux, MacOs, and smartphones

(running under a variety of operating systems) is still, as yet, insignificant. There

have also been a handful of PoC viruses for 64 bit systems.

The conclusion: antivirus companies have to be prepared to work with a wide

variety of malware. This means not only releasing products but providing


continued support: testing them, and releasing updates for the whole product

range. Companies that cannot keep up with the very latest technological

developments will not be able to break into new industry segments. Moreover,

they will start to lose ground on their own territory, and current competitors or

completely new players will take advantage of new market opportunities.

Factor 3: Microsoft

Microsoft is going to be seriously focusing on the security solutions market; this

will include developing antivirus solutions. The antivirus industry is in a state of

shock - everyone remembers Netscape and other independent projects, which

either significantly lost market share or disappeared altogether after Microsoft

produced similar products. Microsoft is planning to bring the following to the

market:

� antivirus for home PCs

� antivirus for workstations (planned for the future)

� solutions for MS Exchange (using the multi-engine Antigen from Sybari)

Of course, the appearance of this commercial giant will be a heavy blow to other

manufacturers. But just how heavy will the blow be is hard to predict.

Users come in a range of shapes and sizes. So what factors influence them when

buying an antivirus solution?

� Commodity: the user buys the cheapest antivirus, or the most attractively

packaged.

� Branding: The user buys either a brand to which s/he has loyalty. or a

branded product which has been successfully marketed.

� Branding: the user is determined not to buy a Microsoft product. Such

consumers will not trust antivirus solutions produced by this manufacturer.

� Performance characteristics: the overall quality of the product.

It’s clear that these factors, and the types of user described, don’t exist in any pure

form. The factors which influence consumer chose will be a combination of

A+B+C+D in varying degrees. If we’re talking about the home user market,

factor B will have a significant influence. For example, as Antigen uses several

antivirus engines (including some very good ones), the corporate market will be

influenced by B+D. In order to estimate Microsoft's future market share, and the

losses which other antivirus companies will correspondingly suffer, the value of


A, B, C, and D needs to be determined. This is a simple task which can be

fulfilled via consumer surveys.

Conclusions

As shown above, there are three deciding factors which affect the condition of the

antivirus industry:

� The criminalization of the Internet

� Various types of criminal activity

� Antivirus protection from Microsoft

The antivirus market of the future will be heavily influenced by these three factors

and to a certain extent it has already started influencing the consumers and the

market as a whole.

So is it time to throw in the towel?

The answer to this question is unclear. We should remember Microsoft’s first

attempt to create an integrated antivirus solution, MSAV for MS-DOS in 1994.

This attempt was unsuccessful. It’s rare to make the same mistake twice. 12 years

have passed since 1994, and a lot has changed during that time. The most

important thing is that consumer demand for quality has increased: detection

rates, speed of reaction to the dramatically increased number of attacks, frequency

of updates, proactive technologies.

If a product is technically sound but does not offer better antivirus protection than

Microsoft’s solution, it will more than likely be bought mainly by consumers

influenced by factor C. If a product offers better protection than Microsoft’s

antivirus together with a lower price, then it will appeal to buyers of all

categories. Furthermore, if an antivirus developer’s engine is integrated into

Antigen, then there is no need to worry about the future (as long as the engine

continues to be used). Microsoft will not be selling the product itself, but taking a

percentage from the vendor. And for Microsoft, that is the beauty of it: it can sit

back and enjoy the profits (and the ideology of a “multi-engine solution" will

transform the antivirus business into a trade in engines rather than products).

It will be a different, rather sorry, story for those vendors whose antivirus engines

are not integrated into Antigen. On the other hand, such companies should not,

perhaps, be written off; as there's no solution which can provide 100% protection

against all threats, the IT market (including the antivirus market) is extremely

crowded. The more troublesome a disease, the more medicines will be taken to

combat it: in a similar way, users plagued by computer viruses are ready to


embrace new technologies to rid themselves of the problem, and this means they

will be ready to embrace a variety of solutions, not only those from the software

giant. The message to antivirus companies is clear: if the company is not only to

survive, but to survive profitably, compatibility issues have to be solved. Engines

from different developers have to be developed with peaceful coexistence in mind

(as is the case with Antigen) Another alternative is to develop double or triple

layer protection against Internet threats.

The conclusion: It’s likely that things won’t turn out that badly. However, some

antivirus companies will have to start cutting their budgets and thinning the ranks

of their employees. Public companies will find that Microsoft’s entry to the

antivirus market will impact the value of shares, and a fall in value will have the

following negative consequences

� It will be harder to attract investment

� Employees share options will be devalued

One consequence will be that middle and senior management will desert the

company.

Summary of trend analysis:

Changes are underway in the antivirus industry and will continue for some time to

come. It’s not unlikely that Microsoft’s entry to the IT security market will be a

decisive factor which affects the changing situation. The software giant’s entry

will undoubtedly have an impact on the best-known industry players and the

current market share of antivirus companies is likely to change radically.

Naturally, each company will be affected in a different way. For some, it will

come as a heavy blow, while others will barely be affected and yet others will

welcome Microsoft’s arrival on the market. The only factor which will be a

watch-out for all is whether Microsoft makes the product available ata consumer-

friendly price or not.

The most negative consequences will be felt by:

� Publicly held companies

� Businesses which rely on income from the market sector which Microsoft

is entering

� Manufacturers with engines which are inferior in quality to Microsoft’s

� Manufacturers whose engines aren't used in Antigen

The brightest future awaits:


� Privately held companies

� Manufacturers with a broad product range

� Manufacturers with a high-quality engine

� Manufacturers whose engines are used in Antigen

Hopefully, the arrival of the software giant on the IT security market will have a

positive impact on future developments in this field and will raise the quality of

security solutions, if not then atleast increase the competition among the existing

big players for the benefit of the organisations and the consumers. It is to be

hoped that the Internet will become a safer place as a result - every desk will not

only have a computer on it, but a secure computer.

CHAPTER 8

MARKET VIEWS & INTERVIEWS

Dipen Halwai (Candid Magazine Management, Gujarat Region)

About Dipen Halwai: Mr. Dipen is in charge of Candid magazine in the entire

state of Gujarat. Candid is the most referred magazine by the Computer and

software dealers for knowledge and details about various IT products existing or

being newly launched in the market. He has been working with the magazine

for many years now. He is also a key distributor for Kaspersky Antivirus in

Ahmedabad.

The following information came into light from the interview conducted:

� What is your opinion about the antivirus market in

Ahmedabad as well as Gujarat as a whole?

Ans: We will discuss about the brands which have somewhat a

considerable impact on the market. These brands are – Kaspersky,

QuickHeal, AVG, Norton AV, Net Protector and EScan.

QuickHeal has a very good track record in Ahmedabad as of now,

Kaspersky is growing as a brand which offers good performance

and is cheap as well, Norton is preferred by Corporates as it has a


good image since a long time and the clients have developed a

sense of trust in the brand, Net Protector is a comparatively newer

brand which has found ground in Ahmedabad and they are

approaching and spreading in the market fast with strategies

imitated from QuickHeal, Norton and Kaspersky, EScan is also

becoming a preferred brand for those clients whose work rotates

around internet usage and added to it is cheap and gives good

scanning support.

� Which are the other brands which exist in the market?

Ans: K7, iolo, G-Data, Trend Micro, Trust port and McAfee.

� Can you throw some light on the margins for dealers on these

softwares? (approximately)

Ans: QuickHeal Products:

� Total Security: End-user price - Rs.1650

Dealer price - Rs. 900

� Guardian: End-user price - Rs. 600-700

Dealer price - Rs. 280-300

� Internet Security: End-User price - Rs. 1000


� Quick Heal AV 2010 End-User price - Rs. 650


Further discussions with Mr. Halwai revealed the following facts:

• One major differentiating factor in the two major competing brands

of Ahmedabad viz. Quick Heal and Kaspersky is that while the

former needs a system formatting before updating or installation of

newer version, which runs the risk of releasing viruses from the

virus chest, the latter presents no such problem.

• Kaspersky AV needs no specific renewal action.

• In Gujarat, Quick Heal AV is dominant in the Ahmedabad market

due to its on-site local support, however some other brands which

are doing pretty well are Trend Micro in Surat and South Gujarat

districts, Norton AV in Banks and other financial institutions and


Kaspersky among students of various disciplines (because of its

low price).

• Net Protector is a good AV software, but its market hasn’t the

required boost due to less awareness among the consumers.\

• Kaspersky’s performance in comparison with QuickHeal I regards

with encryption protection is far superior which also helps in

making the software faster, lighter and better when downloading

updates is the context.

• K7 had a good Brand image but they stopped their core product

and started Total Security. This created a doubt in the mind of the

customers that K7 was not competent enough and moreover it

failed to instill confidence in the mind of the customer about the

new product.

• Iolo had also introduced System Shield in the Indian market some

time back, but due to inadequate advertising and less promotional

activities by Mediaman Distribution (its main distributor in India),

it failed to capture the customers even after keeping a low market

price of Rs. 390 for a 3-user pack.

• As a changing trend, awareness has increased among the IT

customers in the last 3 years. Earlier virus definition was not that

clear and hence people were not aware of data theft through spam

mails, etc. But now data theft has increased and with the customers

becoming smarter, they don’t mind going for an expensive

software if it serves the purpose of data protection properly.

• McAfee used to follow the PULL strategy in the sales of its

products but now they have shifted to a PUSH strategy with the

market being increasingly flooded by more and more competitor

companies.

• TAG Computek Pvt. Ltd. is the national distributor for TrustPort

in India now. Earlier this distributor used to deal in Kaspersky AV,

but now they have shifted their operations to TrustPort. This

distributor is trying hard to promote the brand name of TrustPort

AV and has fairly succeeded in doing so in Mumbai.


• Kaspersky’s appointment of Mr. J. Tripathi, former Marketing head

of QuickHeal has helped the former a lot in recent times and

competition is expected to grow in the near future.

• The expected approximate budget for the top three antivirus players

in the Indian market for this year for promotional activities has

been given below:

Norton: Rs. 2-3 crores

Kaspersky: Rs. 4-5 crores

QuickHeal: Rs. 1 crore.

• Mr. Dipen Halwai also suggested that there are some companies

which are there to remain in the market for some timeand

QuickHeal is one of them.

• In Gujarat, the monthly share of sales approximately has been

given below:

QuickHeal: Rs. 3.5-4 crores

Kaspersky: Rs. 1-1.5 crores

Norton: Rs. 1.5-2 crores

Trend Micro: Rs. 25-30 lakhs

EScan: Rs. 50 lakhs

• Another surprising fact revealed by Mr. Halwai is that there are

often hidden sales in the market which deceive the companies of

the actual sales of their software products. To support this he said

that most of the distributors suggest upcoming dealers and

distributors to deal in QuickHeal just because that will reduce any

unwanted competition in the market among the dealers. The main

fact underlying this behavior is safeguarding their margins and

customer base. But at the same time they suggest the customers to

buy Kaspersky instead of QuickHeal citing the reason that

Kaspersky comes cheap and it also gives them better margins than

QuickHeal. This is actually an alarming case for QuickHeal

Technologies.

• A small analysis of the sales trends of the AV softwares in the

market has been given below:


� 2 years back, Bit Defender’s sales was better than

Kaspersky in India, now it’s the opposite

� G-Data is doing good promotion through engineers and

technical people in Gujarat, but has failed to increase sales.

� Trend Micro has not succeeded in improving sales either

� QuickHeal, Norton and Kaspersky’s sales have increased

gradually over a period of time now.

� K7’s sales fluctuate from time to time

� EScan’s sales have increased in Gujarat, but the increment

has been on a slow basis.They are now targeting new and

prospect dealers.

� McAfee’s sales have declined over the years.

Candid magazine has approximately Rs. 2.5-3 yearly budget for

Kaspersky’s promotional activities.

Mr. Halwai suggested that now that QuickHeal has started

promoting the brand in local Television media and Radio, other

brand will also follow suit soon. So QuickHeal should start

thinking about alternative options for promotion which will project

the company name and its product in a different and more effective

way.

Mr. Anil Gupta (National Sales Head, EScan)

An online interview of Mr. Anil Gupta, national Sales Head, EScan (secondary

data) is given below:

• What is your present focus of operations in India?

We are working to strengthen our market presence in the East and North

region by adding more channel partners to our network focusing on more

penetration in the B & C class cities.

• Information security solutions are considered to be a lucrative

opportunity in India. What are your comments on this?

Security as Industry is growing very rapidly, Antivirus and Internet

security market has been growing at rate of 28% YOY, and with onslaught

of PC penetration in B & C Class cities the Market opportunity and growth

will definitely remain in double digits. Opportunity for partners is

immense for right solution provider who can deliver product and help


client secured his operation. The anti-virus industry is growing extensively

and the market opportunity in the SOHO and retail segment alone is US

$40 million (nearly Rs 200 Crore). The SMB enterprises again are looking

beyond end-point security and they want a total solution, ranging from e-

mail security, gateway-level specialized security and spam control, among

others. Growth will largely be fuelled by PC penetration and SME/SMB

segment which is growing exponential.

• How do you plan to tap the solution providers which are working on

this segment? Do you have any partnerships with systems integrators?

We have been talking to Solution providers about the advantages of

working with EScan in terms of ease, better product portfolio and Features

software, higher margins, better incentives and good support and above all

customized product offering, where we are already working with some of

the big SI like HCL/CMS/ALLIED.

• What is your channel policy in India? What kind of channel expansion

are you looking for in the near future - both in resellers as well as

solution providers?

We plan to introduce this year a special program for the resellers to

proactively sell EScan, thus looking for an additional 5-7% increase on our

present market share to capture approximately 15% of market in consumer

segment, primarily with the packaged software in the SOHO segment.

This will also be driven by our plans of consumer awareness and

activation program across India.

• What is your growth strategy here? What are the engines of growth

for EScan in India?

Our previous channel programs has been accepted very well by the

channel continuing that we want to add the "Authorized EScan Resellers"

nos to atleast by 400 no.s through our new partner Development program.

This encompasses and rewards the channel for their contribution to the

mutual growth. In order to achieve our objective the key initiatives are

partner enablement and training on our existing solutions. Identifying new

partners in territories where we have traditionally not been present, thereby

achieving 200-250 thousand users during the year. We are constantly


evaluating and appointing new channel partners to further our growth.

Ideally, we like to identify new markets for our channel expansion.

• How do you look at the competition from other vendors operating in

the similar segment? How do you differentiate and win over the

competition?

EScan provides its partners with the latest update on its competition

through our partner portal. That would help our partners to position us

much more aggressively against competitive technology or vendors. EScan

sells its products in the Indian market. We also have a Development

Center in India which helps us to identify and develop some key features

and probably tailor them more to requirements from Indian customers.

Source: http://cellit.co.in/Interviews_Inner.aspx?ID=38

CHAPTER 9

FINDINGS

9.1 MARKET DYNAMICS

The market dynamics of the Antivirus industry can be studied in view of four

major segments, viz:

� Market size:

According to US-based research firm Forrester, this market was

just about $35 million last year in India. This fiscal, it is projected

to grow at a robust 37.6%.

� Market trend:

This topic has been discussed earlier under heading.

� Drivers (Growth and Technology):

With more than 400 viruses said to be doing the rounds over the

internet at any given point, the threat of security breaches is

driving the market for antivirus products.


IDC, a US-based technology research firm, expects the number of

devices connected to the global network to double to 3 billion by

2011.

With newer and newer electronic products being introduced in the

market today, starting from laptops to mobile phones with multi

functions and the extent to which they are involved in data transfer

and internet usage, the risk of new viruses is on the rise with the

day.

� Strengths and weaknesses:

The major strength of this industry is that there is no other way to

tackle viruses and protect the data of the people worldwide other

than through the softwares provided by the various brands

available. And with a gradual increase in the affordability of these

softwares, the market and the customers have witnessed a fast

change in the ways available to protect their data and systems from

hostile factors.

The major weakness of this industry is the constant attack of piracy

and to a large extent, the industry’s inability to prevent the

duplicacy of the softwares, which become available to the

customers through torrents sites.

9.2 MAJOR FINDINGS

Dealers/ Distributors/ Retailers approached:

• Personal interviews: 85

• Telephonic interviews: 33

Industry experts: 02

Total: 120 respondents

From the surveys and interviews conducted in Ahmedabad among various

dealers, retailers and distributors of antivirus softwares, the following have been

found out:

• In terms of availability, (in descending order)


QuickHeal AV products: 96 dealers / 118 dealers

Kaspersky AV products: 91 dealers / 118 dealers

K7 AV products: 63 dealers / 118 dealers

Symantec (Norton) AV: 55 dealers / 118 dealers

Net Protector AV products: 39 dealers / 118 dealers

EScan AV products: 29 dealers / 118 dealers

AVG products: 17 dealers / 118 dealers

Trend Micro AV products: 09 dealers / 118 dealers

Mc Afee AV products: 08 dealers / 118 dealers

Bit Defender AV products: 02 dealers / 118 dealers

G-Data AV products: 02 sealers / 118 dealers

Doctor Spyware products: 01 dealers / 118 dealers

Therefore, in terms of availability, QuickHeal Antivirus products are the

most available in the antivirus software market of Ahmedabad, Gujarat.

• In terms of product performance, ranks of the antivirus software brands

operating in Ahmedabad have been given below: (from the charts)

1. QuickHeal AV

2. Kaspersky AV

3. Symantec (Norton) AV

4. Net Protector AV

5. K7 AV

6. EScan AV

7. Trend Micro AV

8. AVG

9. Others are insignificant

Therefore, QuickHeal antivirus leads the rank list for the best performing

antivirus software, followed closely by Kaspersky and Symantec (Norton)

antivirus.

• In terms of pricing and dealer margin, (top 5 antivirus softwares)

1. Kaspersky AV

2. Net Protector AV

3. K7 AV

4. EScan AV

5. AVG Antivirus


The dealer margin list is headed by Kaspersky antivirus, followed by Net

Protector and K7 antivirus. QuickHeal and Norton antivirus don’t feature

in this list due to their comparatively higher price range for the end-user as

well as a higher dealer-buying price.

• In terms of company support such as advertisement, promotions, freebies

and discounts for dealers, etc,

1. QuickHeal AV

2. Net Protector AV

3. Kaspersky AV

4. EScan AV

5. Others are insignificant

• In terms of post sales services such as after sales technical support and

assistance, toll-free number help, etc,

1. QuickHeal AV

2. Net Protector AV

3. Others are almost same i.e toll free help numbers are available and the

end-users have to call at these numbers whenever they need any

technical assistance.

For QuickHeal and Net Protector, local technical support is available.

EScan is also planning to come up with a technical team to support the

customer base during technical problems such as installation,

upgradation, etc.

• In terms of customer demand, (top 5 brands)

1. QuickHeal AV

2. Kaspersky AV

3. Net Protector AV

4. Symantec (Norton) AV

5. K7 Antivirus

Thus we see that the customer demand for QuickHeal Antivirus in

Ahmedabad is much more than the other competing brands. The second


ranked brand is Kaspersky and is closely followed by Net Protector, an

upcoming brand and then Symantec’s Norton Antivirus.

• POSITIVES

The positive facts learnt from the survey have been listed below:

� Products of QuickHeal Antivirus Technologies Pvt. Ltd. are the best

selling antivirus products in the city of Ahmedabad with almost every 3

out of 5 customers desiring to avail the brand.

� The customers prefer and opt to purchase QuickHeal antivirus, Internet

Security and Total Security for their laptops and computers (depending on

the level of usage) more than any other brand despite of the comparatively

higher price of QuickHeal products.

� The advertisements in Radio and television media have helped spread

news and awareness about the products and people who earlier did not

have much knowledge about the importance of an antivirus software have

turned to QuickHeal Antivirus products as their first trials.

• NEGATIVES

� Grownak Enterprise located at Paldi area of Ahmedabad is the first

enterprise/ dealer to feature in the list of www.justdial.com when a

prospect customer searches for QuickHeal Antivirus dealers. But this

dealer is now pushing the sales of Net Protector Antivirus. This is a threat

to QuickHeal Antivirus Technologies Pvt. Ltd. as it faces the risk of losing

a bulk of potential customers to Net Protector and also a diminishing

demand of its products due to availability of such dealers in the market.

� Lesser visits and supervision by the QuickHeal staff, as stated by the

dealers. This is hampering further growth of QuickHeal and allowing

other brands to rise because the staff and representatives of other brands

such as EScan and Net Protector are spread wide in the market in search of

potential dealers who are willing to shift brands and deal in newer

products which give them more profits and margins.


CHAPTER 10

CONCLUSION

13.1 RECOMMENDATIONS

• QuickHeal AV Tech. Pvt. Ltd. should step up dealer satisfaction strategies

to an extended level because as per most of the dealers, QuickHeal gives

benefits and special gifts on the achievement of a certain level of points in

the sales. And this actually doesn’t benefit the dealers much. Like Net

Protector and other brands who follow such schemes, if QuickHeal too

emphasizes on giving discounts on the purchase of software packs by the

dealer from the company or distributors, it will help the dealers more as

they can utilize the money saved in some other fruitful activity. One dealer

even suggested that if QuickHeal introduces schemes such as 2 packs free

with the purchase of 10 software packs for the dealers, then it will benefit

more than receiving a cutlery set on the attainment of some points during

sales.

• As per the industry expert Mr. Dipak Halwai, Kaspersky AV is planning to

sweep the market in the coming year or two with extensive marketing and

promotions. QuickHeal should not only restrict itself to Radio and TV ads

for promotion, but also, if possible, go mobile with probably a van with

representatives who can go door to door to offices, schools, colleges, etc

and give free demonstrations.

• QuickHeal Antivirus Technologies Pvt. Ltd. also should try to keep a

monthly update of the number of new dealers in the city every 2-3 months

and check the trend of dealership with these new entrants. This will give a

clear picture of what the other brands are planning and how fast they are

trying to capture the Ahmedabad market, thus breaking up QuickHeal’s

market.

• If possible, QuickHeal should reduce the dealer-buying price of the

softwares as this will encourage the dealers to go for QuickHeal more than

Kaspersky AV. At present the only factor which is helping Kaspersky win

over QuickHeal regarding dealer margins is the low price at which the

dealers get the softwares from the company. If QuickHeal is successful in

formulating a new lowered price for the dealers, it can potentially catapult

the sales of QuickHeal AV products.

• The company should constantly\keep vigil on the growth of piracy.

Antivirus software available for Rs. 100-150 in the piracy market can


dampen the overall sales of the original softwares, especially those which

come a bit expensive such as QuickHeal AV and Norton AV.


CHAPTER 11

REFERENCES

• antivirus.about.com

• anti-virus-software-review.toptenreviews.com/

• www.pcantivirusreviews.com/

• reviews.cnet.com/software/

• www.pcworld.com/article/.../top_antivirus_software.html

• www.antivirusware.com/

• www.consumersearch.com/antivirus-software

• www.gartner.com/press_releases/asset_154006_11.html

• www.internetnews.com/xSP/.../Whos-Who-in-Antivirus-Software.htm

• www.articlesbase.com/.../antivirus-market-share-1658507.html

• www.av-comparatives.org/comparativesreviews/main-tests

• www.av-comparatives.info/

• www.av-test.org/

• www.dslreports.com/forum/r24361500-AV-Comparatives-ProActive-Test

• www.infosecurity-magazine.com/

Apart from these, individual official websites of the following Antivirus and software companies

have been referred for secondary help in the compilation of this report:

• QuickHeal Antivirus Technologies Pvt. Ltd.

• Kaspersky Antivirus

• Symantec Norton Antivirus

• K7 Antivirus

• Microsoft

Documents

Quickheal Report Final