Earlier this week, Microsoft announced that they're going to stop selling their consumer security product OneCare, and instead they're going to give away for free an AV product based on the same technology.
I've had several people ask me questions about this move including, "why would they do that?", and "do you think McAfee and Symantec are scared?" I also read an article yesterday that said:
With traditional antivirus protection perhaps becoming obsolete, maybe it's time that Symantec and McAfee start offering free versions of their own antivirus products--something that I've said for years.
Anti-virus vendors certainly were worried stiff when Microsoft entered the AV market in the first place. They assumed that Microsoft would do the same thing it does in every other market, dominate it and drive everyone else out.
The big vendors started focusing on how they could make up for the revenue loss that they considered inevitable. They felt that, while Microsoft would trounce their consumer business, they would not be in a good position to meet enterprise needs any time soon (and there is some truth to that).
Starting with the Veritas acquisition, Symantec began acquiring its way into adjacent markets to diversify where its revenue comes from, and beef up its enterprise business. While McAfee already had a strong enterprise offering, it focused on protecting its consumer market share by striking big OEM pre-install deals with major PC manufacturers like Dell, where McAfee paid a lot of money up front for this positioning, in the hopes of retaining market share, and making the money back on the back-end.
Yes, the AV industry was running scared for a long time. But what happened? Quite simply, Microsoft's entry into the AV market fizzled.
It's not for lack of trying on Microsoft's part. While they started out not doing well in competitive testing, they did spend an awful lot of money beefing up their signature writing capabilities by hiring the best and the brightest. They hired key people from major competitors. They spent tons of money on marketing.
And at the end of the day, the threat never materialized. While I haven't seen recent market share data, in January of 2007, they were struggling to claim just 1% of the market (.08% according to analyst firm Piper Jaffray). I see no evidence that Microsoft has made any strides since then--the business has been a resounding failure.
In short, Microsoft spent the money, and in relatively short order had a product that was just as good as any of their competitors (not significantly better or revolutionary, just competitive). They built a large team. They spent a lot on marketing. But the people never came.
What went wrong?
First, the world has long held the perception that Microsoft is bad at security. They've been trying hard for most of this decade to change that perception, investing billions in product security. And, I'm sure that they hoped if they could field a competitive AV product, it would help that perception. They certainly didn't make the heavy investment in AV for the money... it was a small market opportunity by their standards, not enough to be worth the large investment just for a business that would have taken at least a decade to grow to be even 1% of their (current) revenue. Yes, the $6Bn AV market is tiny when you compare it to, say, the video game market.
I expect the primary reason why they'd want to keep a scaled down business and give away a free version is for community goodwill, to slowly and steadily continue to build the perception that they are at least competent at security, and not actively bad at it.
But, let's assume for a moment that the end user stops thinking Microsoft actively sucks at security. They still won't positively associate Microsoft with security. Most people won't ever know that Microsoft's anti-virus is on par with most of the big players, and even better than some.
That will always be true, because Microsoft isn't a security vendor. People (particularly consumers) tend to think that dedicated security vendors are going to do a better job than a company whose primary function isn't security. Vendors that do lots of different things are rarely the best at anything, and people tend to know this.
Even when Microsoft came in at low price points, people still thought that security was important enough that they should go with a more trusted name. For those people that were really concerned by price, they started moving to other cheap options, but ones offered by dedicated security companies, like AVG.
It's not that people don't trust Microsoft specifically to do a good job at security. It's that they don't trust anybody to do security well, unless it is their primary business. Even if they go out and buy a bunch of small security companies with good technology, nobody will change their perception, and few people will use their technology.
I think Microsoft never had a chance. And, I think the core objection will hold true when their free product comes out late next year. I certainly wouldn't be quaking in my boots if I were McAfee or Symantec. People who want free AV already have free options (and they have one more coming... today, my company is going into limited beta for its AV product, which takes a far more effective technical approach to the problem, visit our web site to sign up to be a beta tester).
I find the suggestion that big guys like McAfee and Symantec will have to give up on consumer revenue and give away their consumer AV for free to be absurd. If I were those companies, would I want to jump off a cliff by volunteering to cut 40%+ of revenue by giving away something that plenty of people are always going to be happy to pay for? Absolutely not.
Yes, price sensitive people will continue to take customers away from the big vendors, and free AV might start to see enough growth that consumer revenue will shrink for the big companies. I don't see that day as close, however. The growth rate of new PCs is far outpacing the growth of Free AV converts, which means the paid consumer market is still growing.
I do think people will want free AV, even though I believe they'll want it from security vendors. I expect that free AV users will continue to double every year. There will even be some people who would indeed rather get it from Microsoft. But I don't see this as a game changer. Certainly, I don't expect big vendors to respond with something so drastic as eliminating their consumer business before there is proof of a threat.
If I were a big vendor, I'd even be worried about giving away a free, "lite" version of my product. I think people would assume that, since a well-known security vendor produces the product, it must provide them with the core protection they need, and that everything in the paid versions is just bells and whistles. Until the free AV market poses some kind of significant threat, they shouldn't risk giving away money. Instead, they should continue to do exactly what they've been doing since Microsoft's original wake-up call - invest in moving into adjacent growth areas.