AV-Comparatives Explains the Implications of Takeovers in the IT-Security Industry
In recent years, there have been many acquisitions of security software manufacturers. This article considers the implications of such takeovers, with regard to cybersecurity, consumer choice and other factors. AV-Comparatives notes that their test results can help uncover any technical changes resulting from AV-vendor acquisitions.
McAfee’s consumer division has just been purchased by investors. NortonLifeLock, which produces the Norton Security consumer AV product, is taking over Avast. This means that the Norton, BullGuard, Avast, AVG, and Avira security products will be under the same ownership.
Are takeovers of antivirus vendors a good or a bad thing?
When one antivirus vendor buys another, it is arguable that combining the best protection technologies of the two products can bring about an improvement in security. Balanced against this is the fact that the market will take a step in the direction of a monopoly when a competing vendor disappears. As a general rule, monopolies are a bad thing and competition is a good thing. Where a monopoly exists, there is no consumer choice, and the vendor has no incentive to improve its product or service, or to lower its prices. In the specific case of antivirus programs, a monopoly would be especially bad, because malware authors would only have one type of defence to bypass in order to infect computers. However, it’s also true that investment in an antivirus vendor will allow that company to improve its research and development facilities, thus improving its product’s protection against malware.
So, the answer to the question above is that it depends very much on what the new owner does with the acquired company and its existing product. When an AV vendor is bought up, there are various possible scenarios.
Purchased company and product continue exactly as before
A possible example of this is the acquisition of Avira by NortonLifeLock. At the time of writing (October 2021), Avira continues to exist as a separate company, producing the same product under the Avira name. In AV-Comparatives’ Consumer Main Test Series of 2021, test results for Norton and Avira products have been clearly different from each other. It is therefore evident that two products have not been combined so far, although it is unclear what will happen in the future.
Purchased company and product cease to exist
The takeover of PC Tools by Symantec in 2008 is an example of this. Whilst PC Tools products continued for some time after the takeover, Symantec eventually abandoned the brand and products completely. It is not known which elements, if any, of PC Tools technology were incorporated into Symantec. In any event, there was a reduction in consumer choice when PC Tools disappeared from the market.
One product, two brands
An example of this arose from the takeover of AVG by Avast in 2016. This has had no effect on the AVG brand, which continues today with its own website and AVG-branded products. However, it is known that AVG products use exactly the same technology as Avast products. This is illustrated by AV-Comparatives’ test results. Avast Free Antivirus and AVG Free Antivirus have had virtually identical results in all AV-Comparatives’ Main Test Series tests since the start of 2017. It is thus apparent that they are technically identical, despite having different names and user interfaces. Avast stated at the time that combining the technologies, threat intelligence and research facilities of the two companies allowed Avast to provide better protection against cyberthreats. Certainly, this models allows customers to stick with their preferred brand and user interface.
Third-party antivirus engines
Related to this discussion is the use of third-party protection “engines”, i.e. major protection components in security products. Some AV vendors license other companies to use one or more of their protection engines. This allows new AV vendors to develop their product around proven protection technologies, but of course does little for diversity. However, there are also some AV products that use two engines of the same type, of which one is from a third party. In theory, this can provide the best of both worlds, assuming the third-party engine is well implemented, configured and up to date. It might however increase the likelihood of false positives and a performance hit.
A lot of companies that own AV brands are now based in just a few countries. This means that any political developments in these countries, such as trade embargoes, will affect multiple products all at once. Clearly, this does not help to promote competition and user choice. There is also the possibility that state control could lead to state-sponsored spy programs not being detected by any AVs owned by companies in the applicable country.
Other economic factors affecting AV vendors
Aside from mergers and acquisitions, there is another business decision that can affect AV vendors, namely going public. If a security company starts selling shares on the stock exchange, it will benefit from the investment. However, this may leave it open to pressure from new shareholders to make money rather than producing a good product or service.
Below you can see an overview of selected IT-security acquisitions: