Overview of The Antivirus Industry in India: A Report ON

2010
A REPORT
ON
OVERVIEW OF THE
ANTIVIRUS INDUSTRY IN INDIA
Compiled & submitted by:
DEVASISH SAIKIA
MBA-IB, 2009-11
SIIB, PUNE. QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA
A REPORT ON:
OVERVIEW
OF
THE ANTIVIRUS INDUSTRY IN INDIA
A report submitted in partial fulfillment of the requirements of
MBA Program of SIIB, Pune.
COMPILED AND SUBMITTED BY:
Devasish Saikia
MBA-IB (2009-11)
SUBMITTED TO:
Mr. Pranav Pawar
Assistant Manager (Marketing)
QuickHeal Antivirus Technologies Pvt. Ltd.
DATE OF SUBMISSION:
12/08/2010
QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

ACKNOWLEDGMENT
I hereby admit that my summer internship project with QuickHeal Antivirus Technologies Pvt.
Ltd. has been one of the most rewarding experiences that I have come across till date. I am sure
that the learning that I have had from the on-site field work and interviews and interactions with
the dealers and end-users of antivirus softwares during the course of my summer project would
definitely add value to my future endeavors.
I would like to thank my Project guide from QuickHeal Antivirus Technologies, Mr. Pranav
Pawar, Assistant Manager (Marketing) for being a constant source of guidance and support, for
clearing all my doubts and showing me the direction of approach for the project. Without his
support, the successful completion of this project would not have been possible.
I would also like to thank all the dealers and industry experts who have helped me with valuable
information regarding the antivirus industry in India, especially the Ahmedabad region.
Working with QuickHeal Antivirus Technologies Pvt Ltd. has indeed been a memorable
experience.
Thank You,
Devasish Saikia
(Summer Trainee, SIIB)
QuickHeal Antivirus Technologies Pvt. Ltd., Pune

CHAPTER 1
INTRODUCTION
In today’s connected world, anti-virus software is more than ever a necessity to protect your
computer against viruses, worms and other types of malicious code. It is by far the easiest way to
give your computer a minimal level of protection. Yet, the process of choosing which anti-virus
software is best suited for your protection is not so easy. That task is made challenging by
numerous misconceptions that surround the anti-virus world and some of the questionable claims
made by some vendors. If you surf anti-virus vendors’ web sites, for example, you will soon find
out that many of them are the best, that many have the biggest market share or that many are the
only vendors with a 365x24 support. The marketing war raging among those vendors and
sometimes the lack of knowledge of their own competitors makes it rather difficult for the end-
user to make a knowledgeable choice.
Whether you are a home user or an IT professional in charge of security in a large corporation, it
is easy to be mislead by information provided by the different vendors and sometimes, even by
the press. Therefore it is important that you understand how antivirus software work and what
the important criteria are, when choosing of such a solution. It is also important that you know
how and where to find relevant information when making your decision.
1.1 Understanding how anti-virus software work
The first step to choosing anti-virus software is to understand how they work. That will
give you a better idea of the features they offer and make your way through the technical
terminology used by anti-virus vendors and experts.
Understanding what your anti-virus software can and cannot do will help you have the
right expectations and will help you tell the difference between serious anti-virus
software and the others.
1.2 How does an anti-virus detect viruses?
There are several technologies used to detect viruses. Viruses and malicious code in
general, are nothing more than code. So, if the antivirus companies know what the code
of a virus looks like, they will be able to identify the virus when they see it. That is the
first technology used by anti-virus software. It is called signature matching. The anti-
virus product contains a database of virus signatures and will detect a virus any time
it sees code that matches an entry in the database. That is probably the most efficient
way to detect viruses. The drawback to that technology is that they need to have seen

the virus before and have written a signature for it to be able to detect it. That
requires the user to keep the virus signature database as up to date as possible.
To work around that weakness, anti-virus software can use two other technologies:
Heuristic and Integrity Checksum. The philosophy behind Heuristic technology is to be
able to detect viruses or malicious code for which a signature does not exists yet. That
result is achieved by using a database of virus behavior signatures. If the Heuristic
technology analyzes the code for any routine or subroutine matching a virus behavior
signature, we will call it static heuristic. If the heuristic technology lets the code run into
a virtual machine to analyze the behavior, we will call it dynamic Heuristic. The issue
with Heuristic technologies is that they can trigger false positive, where a clean file is
reported as being infected.
The integrity checksums are based on the assumption that a virus needs to make a
modification to a system in order to infect it. The simplest example is that a virus needs
to modify a file by overwriting or adding its code to the file, so that, when the file is run,
so is the viral code. The integrity checksum method consists of taking a checksum of
clean files or disks. Any change to the checksum indicates that the files or disks have
been modified by what could be a virus. Not only can that method generate false
positives, it is also inefficient against macro viruses or virus like Code Red that can insert
itself into memory and run without being saved to a file.
If the malicious code goes through all the scanners, there is a last line of defense offered
by some anti-virus products: the activity blocker. It will block all activities that could be
caused by a malicious code. The activity blocker will alert you, for example, if a process
is trying to format your hard drive or write to the boot record of your hard drive.
1.3 When does the AV detect a virus?
Usually, anti-virus software has two ways of operating. First, a real-time or on-access
scanner, which is memory resident (or service or daemon), monitors the system activity
at all times for the presence of viruses. A hook to the operating system alerts the real-time
scanner when a file is accessed, allowing the scanner to check the file. It has the
advantage of offering constant protection but it will only check files when they are
accessed. If an infected file resides on the disk and is not accessed, the real-time scanner
will not detect it. Then, an on-demand scanner can be started by the user at any given
time to check a file, folder or the content of the entire hard drive for viruses. The
ondemand scanner can check every single file, but it only offers a good assessment of
your system at a single point in time. On demand scan can be scheduled to check all the
files for viruses on a regular basis.
1.4 What anti-virus software can and cannot do?

• 100% protection
No anti-virus software in the world will provide you 100% protection, no

matter what they claim. Viruses and malicious code are often ahead of
anti-virus researchers. Melissa, FunLove, CodeRed, Nimda and many
other viruses have proven that fact. That is because of the way anti-virus
software work. Remember they need to have the virus signature to be able
to detect it. And most of the time, for new types of viruses, the heuristic
technology does not quite work. That is also the reason why it is vital to be
up to date on the virus definition database. However anti-virus software
will provide a solid protection against all the existing viruses (about 60,
000 to date) and will provide you with a quick fix when a new one comes
in.
• Repair viruses
If a virus is detected will my anti-virus software be able to repair it? Well,

it depends. It depends on the virus that has caused the infection. Some
viruses, especially macro viruses are easy to clean, because they don’t
damage the host file. It is easy for the anti-virus software to remove only
the malicious code and repair the file. Some other viruses overwrite the
content of the host file to replace it with its own code. That is the case of
the Love Letter virus. In such a case, the infected files cannot be repaired.
The only option is to delete the files and restore them from a backup. Last
but not least, some other malicious code, like Nimda, not only infects files,
they also make modification to your system. They replace system files,
and/or make registry changes. To get rid of viruses of that kind, the anti-
virus is not sufficient. You need removal tools, available on most vendors’
web sites, to undo what the virus has done and clean up your system.

CHAPTER 2
THE ANTIVIRUS INDUSTRY
(WORLDWIDE)
2.1 Synopsis:
When we look back on the years 2000-2010 from the perspective of the anti-virus
industry four technology trends were responsible for substantial changes in the
computing environment, which formed a backdrop for the virus problem. They are:
• Pervasive computing devices are now the dominant way that people interact
with the digital world, far outnumbering traditional PCs, and the shift in
architecture was responsible for both new problems and new protections.
• The decline of Moore's Law resulted in dramatically falling chip prices, resulting
both in their commoditization and much more widespread use throughout the
world.
• Broadband access to the Internet from most of the developed world put much of
the Earth's population online all the time.
• The rise of e-commerce has affected every sector of the economy; the digital
economy now rivals its material counterpart.
We review the most significant viral disasters in the past ten years, showing how they
could have been predicted from these technology trends, and usually avoided. To the
contrary, we show how the anti-virus industry actually responded, often after the fact.
While anti-virus technology has evolved significantly since the year 2000, with several
technological marvels to its credit, perhaps the most surprising change is that few end
users are even aware that it exists any more.
A small study about the antivirus industry in the last three decade reveals a series of
related and systematic information, which has been discussed below:
• In 1990, virus incidents were called urban myths, “like rumors of alligators in the
sewers of New York”.
• In 2000, it was so clear that viruses were real, and presented such an immediate
problem, that businesses would close their network connections when they heard
rumors of viruses.

• In 2010, the problem may be under control, at least for the time being.
• In 1990, there were around 50 viruses.

In 2000 there were around 50,000.
In 2010 there are nearly 500,000.
• In 1990, virus defenses consisted of scanning tools that were often unreliable and
hard to use. Anti-virus companies typically took a month or more to react to a
new virus, which was fine because it took the viruses even longer to spread
around the world.
• In 2000, virus defenses had matured to suites of products on multiple platforms
that were deployed around the world. Customers had simple Internet connections
to anti-virus vendors to submit suspicious objects and receive virus definition
updates. Anti-virus companies typically reacted to a new virus in days –
sometimes less if it appeared to be a major customer problem.
• In 2010, virus defense consists of global distributed systems, with components in
nearly every endpoint device and Internet way station in the world. Anti-virus
companies typically react to a new virus in minutes, and it’s a good thing too, as
that’s how fast viruses spread around the world.
In the last decade, there have been a few dramatic virus incidents that, in some way,
affected millions of people. There have been spectacular hoaxes, after which everyone
blamed everyone else for not figuring them out earlier. Viruses moved to new parts of the
computing ecology, almost always festering in these new niches before anti-virus
technology was available to cope with them. Somehow, the world muddled through it all.
In short the last decade was, for the virus problem and the anti-virus industry, much like
the previous one. The anti-virus industry had a tough job in keeping up with the changing
virus problem and the many new niches for viral mischief. In general, they did a great
job. We can breathe the same sigh of relief that we did in 2000 when the Y2K bug did not
destroy the world: through all the virus problems, the vast majority were handled quickly
and efficiently and we are, after all, still here. In the process, the anti-virus industry
created several technological marvels, pioneering vendor-maintained endpoint software
and creating global automated defenses. Anti-virus technology has become like air:
ubiquitous, vital for our survival, and almost completely invisible. Nevertheless, some
people say that the anti-virus industry is still more reactive than proactive, waiting for
problems to occur in a new viral niche before creating a solution for them. They say that
the self-mailing viral epidemics of a decade ago went on far too long before there was an
effective solution, that the Tea Party Virus could have been done years before but the

industry still wasn’t ready for it, that the virus that sank Lixxuid could have been
prevented. Perhaps they’re right. To be fair, it is difficult to anticipate exactly which
niche will become populated with viruses, and users do not often change their behavior in
the absence of a clear and present danger. Still, the stakes are increasing, and it is
becoming more and more problematic to be behind in protecting new areas of the
computing environment.
2.2 The Antivirus companies worldwide:
The major players worldwide in the Antivirus industry in today’s date have been listed
below:
• Agnitum • Ikarus
• AhnLab • Iolo
• Alwil • K7
• Arcabit • Kaspersky
• Authentium • Kingsoft
• Avanquest • Lavasoft
• AVG • McAfee
• Avast • Microsoft
• Avira • Nifty Corp.
• BitDefender • Norman
• Bkis • PC Tools (Internet Security)
• Bullguard • PC Tools (Spyware Doctor)
• CA (ISS) & (Threat Manager) • Preventon
• Central Command • Proland
• Check Point • Qihoo
• Defenx • Quick Heal
• Digital Defender • Rising
• eEye Digital Security • SGA Corp.
• Emsisoft • Sophos
• EScan • SPAM fighter
• ESET • Sunbelt
• Filseclab • Symantec
• Fortinet • Trustport
• Frisk • VirusBuster
• F-Secure • Webroot
• G DATA

2.3 The last decade – an insight
• 2000: The New Millennium
In many ways, the beginning of the New Millennium was surprisingly boring. The
“Y2K Virus”, as it was called all too often, did not cause widespread havoc. Nor
did it fry all of the computers in the world, bankrupt entire countries or lead to the
end of the world. As the wave of midnight spread over the South Pacific and then
on to the rest of the world, the biggest surprise was that almost nothing happened.
The news media, which had spent the previous year focusing on worst-case
scenarios, worked hard to find anything at all, in any country whatsoever that
happened as a result of the Y2K problem. Sure, there were a few minor problems,
but fewer than happened on any normal day due to normal computer problems.
There were, of course, computer virus problems that year, and a couple of them
were quite significant at the time. They largely centered on the fact that the most
popular applications – the mail and document applications from Microsoft Corp. –
were themselves programmable, and were the medium in which viruses spread. It
was the first year in which a self-mailing virus really hit big, becoming the most
rapidly spreading, most widespread virus up to then. And even so, it took 24
hours to spread all around the world (since it still required people to arrive at
work, open their mail and look at what was called an “attachment”). I doubt that
more than a few techies even remember the name of that virus.
What is remembered is that anti-virus companies still weren’t prepared to handle

it. It still took them many hours to make a solution to the new virus widely
available and get it right when the virus itself sprinted around the world with the
speed of the rising sun. And this was after several self-mailing viruses the
previous year made it more than apparent that the problem had reached a critical
point.
There were two other important events that year, though many people
realized how important they were at a much later time. The first thing that
happened was that several anti-virus companies teamed up with mail and other
providers to integrate antivirus products into some of the infrastructure of the
Internet. Some people at the time viewed this as a great marketing move,
capitalizing as it did on the publicity that self mailing viruses had gotten, but
perhaps conferring only a small increment in real virus protection. Those who
have followed this technology realize how wrong they were now.

The second thing that happened is that some very basic immune system
technology was deployed for the first time. A team developed it at IBM Research,
in a joint effort with Symantec Corp. They were pretty proud of it at the time.
It really did find new viruses, analyze them, and distribute cures for them, and
it did it fairly quickly compared to what other companies could do then. Still,
looking back on it, it seems rather primitive. And there were a lot of
skeptics who thought it wouldn’t work as well as what they were already doing,
or wouldn’t work at all.
• 2001: The Zuzu Virus
The Zuzu Virus was a heinous and costly event, of course, but in retrospect it
was probably inevitable. It started on March 22, 2001 with a trickle, and then a
flood of panicky messages posted on various Internet newsgroups from what
appeared to be hundreds of companies around the world. They said that some
new, terrible virus had hit their company, that it was wreaking havoc, and that
they were unable to cope with it.
At the same time, anti-virus companies got copies of a very large, very complex
virus that contained the string “What is Zuzu?” Given the obvious urgency of the
situation, anti-virus gurus started analyzing it right away. It was easy to see that
the virus had all sorts of code related to mail, network-based spread, password
cracking, etc. But its size and complexity meant that no one would understand
what it did for quite a while.
The news media picked up the story. Managers of anti-virus groups were
interviewed, saying that this was the most complex virus ever seen and it could be
capable of just about anything. Security experts were interviewed, saying that this
was just the kind of thing they had feared for years. Could this be the killer virus,
the media asked, and the virus that really does bring down the Internet? Maybe,
they all agreed, maybe it is.
Security teams at hundreds, perhaps thousands of companies, responded quickly.

Not wanting to get hit themselves, they did what they had done in previous
epidemics – they shut down their mail systems, since this was the primary way
that epidemics spread at the time. But, because it was not understood how the
virus was propagating or what affects it had, they did more – they shut down their
Internet connections altogether and disabled their internal networks as well. They
were prepared to wait out the epidemic. Then things started getting odd. News
reporters, eager to do follow-up stories on the initial warnings, sought interviews

with officials from severely affected companies. They found a lot of companies
that had shut down their networks, and these made very effective stories. They
found a few small companies that claimed their computers had crashed because of
the virus. But, and this was the odd part, they found very few companies that
would say they had been hit. And none of them could actually produce a copy of
the virus.
It is a measure of the naiveté of the time that it was not until the next day that the
underlying story emerged. It turned out that the newsgroup postings were almost
all forged. There was a Zuzu Virus – the one that anti-virus companies had – but
it was not spreading wildly around the world. In fact, it was not spreading at all.
In fact, it had never spread anywhere.
The whole thing was a publicity stunt gone horribly wrong. A public relations
firm named MacIntyer Knox Oldsen & Urquhart had the clever idea of generating
buzz for their customer Zuzu Industries, an Internet security start-up, by attaching
its name to a virus scare. Unfortunately for everyone, this worked far too well.
Damages to businesses from cutting off their network access were estimated at
over a billion dollars.
The resulting liability suits sank Zuzu Industries almost immediately. It was
followed into bankruptcy soon thereafter by the ill-considered MacIntyer Knox
Oldsen & Urquhart. The news media concluded that the anti-virus industry had
blown the problem out of all proportion.
There was a trendy term in use around that time: “viral marketing”. Experts
don’t think this is what it meant, but it certainly fell out of use very quickly after
the Zuzu incident.
• 2002: A Little Tea Party
It was the early evening of April 15, the day on which income taxes must be
reported to the U.S. government. The Internal Revenue Service (the “IRS”),
which collects federal taxes in the U.S., had made a big and rather successful
push to get people to file their taxes electronically. So, millions upon millions of
people were typing on their PCs, finishing their electronic tax forms, and
submitting them over the Internet. At the same time, a new virus had been
released and was spreading rapidly via mail. It came as an “attachment” to mail
with the subject line “IRS announces 10% tax break for electronic filing”. It first
appeared on the east coast of the U.S., and was subsequently thought to have

originated in Reston, Virginia. With a subject line like that, and on the very day
when taxes were due, perhaps it is not surprising that it spread like wildfire
across the U.S., infecting a large but still unknown number of home computers.
The Tea Party Virus, as it became known, did three things. Like any self-mailing
virus of the time, it sent itself to everyone in the victim’s address book. That
was typically a few dozen to a few hundred people. Then it looked for files from
a few common tax return programs and, if it found them, changed them so that
more money was owed to the Government. The amount was not so large as to
be obvious, but was large enough to be particularly annoying to the people said
to owe it. The third thing the virus did was to delete itself, and all evidence of
itself except for the changes to the tax files themselves. This turned out to be the
most important characteristic of the virus.
Of course, anti-virus companies got samples of this virus within minutes of its
first appearance. But it was highly polymorphic, using techniques that had been
widely discussed in anti-virus circles but not incorporated into automated
defenses at that time. So, it sat in queues at various companies until human virus
analysts got around to looking at it. By then, it was much too late. The Tea Party
Virus had infected thousands, perhaps millions, of home computers, and
corrupted as many tax returns – returns that had already been submitted to the
IRS. By the next morning, news of the virus was all over the media. It was the
major story of the week. The IRS, seeking to calm worried taxpayers, announced
that they had put their best people on it, that they were working closely with anti-
virus companies, and that the situation was well in hand. As you might recall, it
wasn’t. There was no way of telling which tax returns had been corrupted. Indeed,
if anti-virus software hadn’t caught the virus with heuristic detection in the first
place and the virus had actually activated and had a chance to cover its tracks,
there was no way of knowing if the virus had ever been on a user’s system. And
that was the trick. The IRS didn’t know which returns had been corrupted. The
users didn’t know if the virus had been on their system. There was no way to tell
who owed what the government claimed, and who owed less. Not unless everyone
went through their records in great detail and did their tax calculations again.
After weeks of agonizing denials that they had an intractable problem, the IRS
finally conceded that they could not determine which tax returns were correct and
which were corrupted. Their only recourse was to ask all taxpayers who had
submitted electronic forms (and there were a lot of them!) to file their tax returns
again – on paper. It was the right thing to do, but it caused serious delays in
settling how much money taxpayers owed, and delayed many tax refunds by
months. The resulting public outcry prompted the U.S. Congress to pass
legislation requiring all federal agencies to install and run anti-virus software on
all of their systems, and to filter incoming and outgoing traffic for viruses. They

also banned electronic filing of tax returns, which is why, to this day; we still
submit them on paper every year. Now the clever among you will have noticed
that none of the things the Congress did would have actually prevented the Tea
Party Virus, or in fact diminished it in any way. But the Congress felt they had to
do something. Later that same week in April, a man named Martin Fennig was
arrested and charged with writing the Tea Party virus. He was subsequently
convicted in what appeared to be a fairly straightforward case. The conviction
was overturned on appeal for procedural errors by the investigators and Fennig
was freed. While there are various theories about who might have written the Tea
Party Virus, no one else was ever charged.
• 2003: Pervasive Pervasiveness
In 2003, another seminal event occurred though, again, few people realized how
seminal it would be for the anti-virus industry. For the first time since the early
1980’s, the PC was no longer the most prevalent computing platform in the
world. It had been overtaken, as widely predicted, by what were then called
“pervasive computing devices.” These were Personal Digital Assistants, Web-
Phones, and most devices running the low-end operating systems from The
Windows Company. These devices were aimed at people who used them as
special-purpose artifacts – designed to do a few tasks and nothing else. These
people were not interested in general-purpose computing, and were certainly not
interested in becoming system administrators for a half-dozen such devices. So
the manufacturers did the obvious thing. They relieved their customers of the
responsibility of system administration by doing it for them. Almost all of these
devices had subscription features that allowed the manufacturer to update the
device automatically with bug fixes and feature enhancements. As you know, this
strategy was very successful. Anti-virus companies were working on protection
for these devices, but these were not usually high-priority projects. Sure, viruses
had been written for virtually all of the environments used by these devices, but
no viruses were actually spreading in any significant way. Anti-virus efforts were
not, therefore, fabulously aggressive. There was basic technology to scan some
objects, or to prototype a simple heuristic or two but, with few exceptions, there
was not a concerted effort to protect these platforms against future threats.
• 2004: With Sugar, Please
In July of 2004, the Java 4 standard was announced. It included a new security
model called “Sugar”. The Java Group had focused on security since Java began.
In this release, they focused on enterprise-wide, and even global, administration

of security. Behavior Control Lists (BCLs), which were introduced in Java

3, were greatly extended so that developers and administrators could enforce
very fine-grained restrictions on the operation of a Java applet or application.
Developers could specify the behaviors that needed to be allowed for the program
to run. Administrators could specify policies for what behaviors were
allowed globally, for each software developer, or for each program. Having
extended BCLs, the Java Group also put into place a clever hierarchical
management scheme for it. An enterprise could establish and enforce a global
BCL policy, and each division within the enterprise could add its own local
BCLs. BCLs and their management structure were set up to be dynamic. They
could be modified or updated relatively quickly. A change in the global BCL
policy could be reflected across an enterprise in an hour or so. Anti-virus
companies viewed this as an opportunity to expand their existing services of
examining programs and declaring them to be either viruses or Trojan horses.
They offered services in which they would certify that the BCLs associated with
a given app were correct, that is, both needed by the program and not generally
dangerous if used. Subscribers to the service could get updates to the BCL
certifications and deploy them very quickly to every Java installation they had.
The anti-virus companies offered to certify programs developed by others,
initially for a fee and then, when that proved unpopular with the development
community, for free. Curiously, this was not a commercial success. It seems that
developers felt they could do this better themselves, and companies did not want
to rely on anti-virus vendors to certify the software they used. Ominously, the
Sugar architecture was not adopted by The Windows Company, which continued
to pursue its strategy of promoting a competing active content language that did
not have similar security architecture.
• 2005: The Digital Economy
As quickly as the Web had become a major social force during the 1990s, this last
decade saw the dramatic rise of the global digital economy. First seeking broader
markets for their services and more competition among their suppliers, companies
started finding, contracting with, and doing business with other companies over
the Net. It was clear that these first few sparks would burst into a bonfire as soon
as the number of these businesses reached critical mass. It was clear that it would
transform the global economy. What surprised everyone, as they had been
surprised by the Web a decade earlier, was how quickly it happened. By 2005,
there was no longer any doubt that the world was in the midst of an economic
revolution that would be bigger than the Industrial Revolution. Company after

company rushed to solidify their presence in the digital economy, eventually

automating much of their routine business processes and supplier relationships.
Opportunities for new companies that facilitated business in this new world were
at an all-time high. This was the revolution that carried Lixxuid4 into global
prominence. What started as a small Australian-based Internet bank in late 2000
grew explosively to become the twenty-fifth largest bank in the world by 2005 –
an event unprecedented among financial institutions – by facilitating financial
transactions for businesses in this digital economy. Then, on August 9, 2005,
Lixxuid’s luck ran out. It was mid-morning in Melbourne, and usage of their
primary transaction gateways went through the roof. Almost simultaneously, their
phones filled with customers reporting that their transactions were not being
processed. It took over an hour for worried administrators to confirm what they
feared: they were under attack. At first, they thought it was hackers, since it
looked initially like a common kind of denial of service attack. But, each time
they thought they had a handle on the problem, it grew worse. By the end of the
first day, they were under attack by more computers than they could count. The
attackers turned out not to be hackers, but viruses, using a variant of the VDP
(Viral Distributed Ping) attack.5 The number of attackers kept increasing because
the number of infected systems kept increasing in those first few hours. You may
not remember, but anti-virus companies did pretty well during this incident. They
got copies of the virus right away, and had solutions for the virus available well
before the sun set in Melbourne. (Some companies had a solution much faster
than others, for reasons that modesty forbids me to mention.) What did not go
well was actually eliminating the virus. While almost everyone had the capability
of automatically updating their virus definitions and cleaning any new viruses off
of their systems, very few people had this feature turned on. Indeed, most
corporations still required manual approval to distribute definitions, either
because they had extensive in-house testing procedures or because they didn’t
want to be the first ones to distribute definitions that might cause internal
problems. That was probably a good and conservative choice for their own
companies. But it meant that the VDP-XX virus could gain an early and firm
foothold in hundreds of companies, and tens of thousands of households,
worldwide. And all of them were aimed at Lixxuid. Lixxuid issued a hasty press
release, suggesting that they would take legal action against companies and
individuals who did not take rapid measures to prevent their systems from
attacking their bank. The media picked this up and made it part of almost every
story they ran. This got the attention of lots of people, especially in the more
litigious countries, and lots of people and companies made sure they updated their
anti-virus software to eliminate the virus. The viral population peaked early in the
second day. Lixxuid system administrators worked around the clock, and had

achieved some reduction in the incoming flood of traffic, but not nearly enough to
control the attack. It took another day and a half before a combination of anti-
virus software, media warnings, and hastily-crafted network filters brought the
attacking traffic down enough that Lixxuid could once again process transactions,
and even then only slowly. But the damage had been done. Lixxuid’s doors had
been closed for just over three days, and the world does not appreciate a bank that
closes its doors. On the first day that Lixxuid reopened for business, they bled to
death from customers withdrawing their money and closing their accounts. It is,
by now, the most analyzed bank failure in history. Police and investigatory
agencies from around the world joined in the search for the perpetrator or
perpetrators of this crime. The search went on for many months. Whether it was
because those responsible were crafty or just very, very quiet, no one was ever
arrested. To this day, theories abound. In the following year, over 50 copycat
attacks were stopped before they started by antivirus protection that was already
in place, and several authors of the copycat viruses were arrested and ultimately
convicted. Whether any of these copycat authors was the author of the original
VDP-XX virus is not known.
• 2006: Moore’s Wall
2006 brought a worrisome realization. For decades, Moore’s Law was the
foundation on which progress in computing was built – the nearly unshakable
belief that advances in silicon technology would lead to chips whose performance
doubled every 18 months. A prescient article by an Intel engineer in 1999
suggested that, in the following decade, the chip industry faced a series of very
difficult obstacles. The oxide layer, which allows transistors to be switched on
and off, would become so thin – just a few atoms thick – that it would no longer
be an effective insulator for the switching current. Dopants, which create free
electrons for the switch’s current, would become so sparse that the transistors
themselves would be unreliable. Solutions to these problems, the article pointed
out, were not obvious. Still, people in the chip industry, and throughout the
computing industry, were unfazed. Moore’s Law would continue its inexorable
climb one way or another, they assured each other. It had always been thus, they
reasoned, and thus it would always be. Unfortunately, their optimism was not
borne out. New ways of building transistors on chips to avoid these problems
turned out to be difficult to manufacture. New chip architectures to deal with the
inherent unreliability of the transistors turned out to be more elusive than hoped.
For a few years, everyone watched the performance curve deviate ever so slightly
from Moore’s Law. That had happened before, they said, and it always gotten
back on track. They were sure that someone, somewhere, would find a solution to

these problems. But by 2006 the trend was clear. Chip performance was not
increasing as rapidly as predicted. Despite tremendous efforts, the problems had
not been solved. We now refer to this as “Moore’s Wall” – the wall into which
the chip industry ran, headlong, and with dramatic consequences. The optimists
are with us always. Now they tell us that new technologies are just around the
corner - 3D devices, Molecular computing, Quantum computing. They assure us
that we will soon return to those halcyon days, that Moore’s Law will rise again in
a new realm as it has before, that Moore’s Wall will be known to our children
only as Moore’s Lapse. And experts think they’re right. What is not clear is how
long it will take to perfect these new technologies, to make them manufacturable,
to make them reliable, to make them affordable. What is not clear is how long
Moore’s Lapse will be.
In 2006 Intel, then the world’s pre-eminent maker of microprocessor chips,

introduced the Intel Googlium microprocessor and, at the same time, announced
that Moore’s Law was at an end that decades of easy performance increases were
over, at least for the time being. The Intel Googlium was to represent the last
significant silicon-related performance enhancement of the decade.
• 2007: The Unwiring of India
Moore’s Wall had an interesting effect. As it became harder to compete on raw

chip performance, basic chips became cheaper. And this happened at the same
time as the world piled into the digital economy. Several progressive countries
made big bets on these two trends. India was probably in the forefront. The
“unwiring” of India, started in 2003, was declared complete in 2007. High
bandwidth wired access was available in all major urban areas along with
moderate bandwidth wireless access. This accelerated massive buying of now-
cheap network devices in India, contributing further to their dramatic worldwide
price decline. In the space of a few years, this snowball effect spread devices
throughout the developed world and much of the developing world. Today, the
people at this conference are constantly connected to the Internet through the half-
dozen devices that we carry or wear all the time. This was a big change. The
ubiquity of these new devices was not missed by the virus writers¨. Device viruses
became the dominant virus problem. Anti-virus companies scrambled to update
their device technologies to handle the plethora of new viral carriers, and hook
them into their automated defenses.

• 2008: Nothing Happens
In 2008, nothing happened. Well, nothing directly relevant to the anti-virus

industry, anyhow. I suppose that people in the U.S. would regard the election of
President Clinton as significant.
• 2009: A Solution Emerges
Each decade seems to have brought with it a standard architecture to address the
virus problem of the time, and this decade is no different. As in previous decades,
the solution addresses the new problems that have emerged: Internet-based
spread. Virtually all viruses today spread primarily via the Internet. Naturally,
there are viruses that spread by other means, and the anti-virus industry is always
issuing breathless press releases about some tricky new way a virus spreads. But
nothing even comes close to Internet spread in terms of pervasiveness and speed.
So, most of the virus incidents seen by real people are spread via the Internet.
Fortunately, the Internet is an important part of the solution. Ten years ago, the
idea of integrating anti-virus software with commercial mail services was new.
Now, no one in their right mind would subscribe to a mail service that did not
filter out viruses. (There are people who do, and while they seem to have a kind of
“herd immunity” because almost everyone else has filters, they do get more virus
infections than the rest of us.) As active content became a part of standard XML
business transactions between companies, and after viruses showed up there as
well, nearly every business-to-business transaction facility now includes
integrated virus filters. Similarly, device hubs quietly watch for viruses in
transmissions to and from the many devices we now carry with us or wear. At the
endpoints – the devices we all carry around – manufacturers nearly universally
integrate anti-virus software into these devices before we purchase them.
Administrative overhead. As the demands of anti-virus updates on system
administrators, and particularly end users, became more severe, the industry took
that burden upon itself. Just as other kinds of software are updated automatically
by the company that develops them – correcting bugs or adding features –
antivirus software is largely updated automatically. Anti-virus software was one
of the first kinds of software to need continuous updates, and anti-virus
companies were among the first to pioneer the subscription models that have
become common throughout the software industry. Coupled with network-based
virus filtering and nearly universal integration of anti-virus software into devices
before they are purchased, automated updates mean that most users are blissfully
unaware that they even have anti-virus software. It has become part of the
firmament of nature in cyberspace - Rapid epidemics. Back in the late 1980’s,

when personal computer viruses were just beginning, those viruses spread on
floppy diskettes, that is, on physical media that one person would hand to another
person. This was really slow! It took a typical virus months or even years to
become prevalent around the world, if it ever did. These days, viruses sweep
around the word in hours or minutes. The anti-virus industry has responded with
technology for rapid, network-based response to epidemics. The goal of this
technology is the same as for the early immune system in 2000 – find new
viruses, craft cures for them, distribute and install the cure everywhere, and do
this faster than the viruses themselves can spread. But we must admit that the
solution that has evolved is quite a bit faster and more comprehensive than
what we put together in 2000. It would have been hard to imagine back then.
Complex viruses: The virus writers didn’t go to sleep during the last decade -
unfortunately. They have continued to develop techniques that tax even our
current, very impressive, anti-virus technology. A decade ago, industry pundits
predicted that scanning – looking for strings within a file that would indicate a
virus – would fall by the wayside, to be replaced by <insert pundit’s favorite
alternative technology here>. That didn’t happen, but viral defense did evolve to
blunt the tactics of the virus writers. One virus writing tactic that emerged – at
first by accident and later, I think, on purpose – was Lurking, making it hard to
find a virus via simple scanning technology that performed only a very simple
examination of certain parts of certain objects in the system. The antivirus
industry was forced to move to more comprehensive scanning – scanning all parts
of all objects, and doing some fairly sophisticated analysis during the scan. This
all took time, and a naive implementation would have been very, very slow. The
anti-virus industry came up with a clever solution – use various heuristics, long
relegated to second-class status as virus detectors – as filters in front of scanners.
That is, heuristics are now used as a first check for whether an object might be
infected. The front-line heuristics are very fast, and eliminate most objects as not
being infected. Any remaining objects are passed to second-line heuristics that are
a bit slower and a bit more precise. And down the line until the object is passed to
scanners, and then verifiers, to determine with great precision and certainty that it
is infected, and with which virus it is infected.6 Among these front-line heuristics
are the nearly abandoned change detectors of twenty years ago, which can tell
quickly if an object has changed since it was last checked for viruses; if it has not,
if it was not previously infected, and if the virus detector has not been updated,
it’s not necessary to check it again.
Small devices: Earlier in the decade, it was widely believed that devices – the
computing devices we carry and wear – would require radically different anti-

virus technology, at least to protect their internal environment. They were, it was
argued, so small – with hardly any memory at all - so small that it would not be
possible to fit the ever-growing PC-based anti-virus products into them.
Interestingly, this turned out to be right – and wrong. It was right in that the
monolithic, stand-alone applications that were typical of anti-virus protection then
would not fit. Nor would the ever-growing scanner-based virus definition files –
certainly not with as many viruses as we have cataloged today. But it was also
wrong; it was not necessary to stuff old programs into new devices. In retrospect,
the solution was obvious. The heuristic hierarchy that solved the speed problem
for complex viruses is the first half of the solution. Most of the time, it’s not
necessary to have anything running in the devices except the first-level, or maybe
the second-level, heuristics. And those are typically small and fast. The second
half of the solution is the Internet. If it’s ever necessary to actually scan an object
inside a device, it’s not necessary to scan it for all 500,000 known viruses.
Intermediate heuristics can easily cut the search down to a few hundred viruses at
most. These devices can easily cache virus definitions for the viruses you’re
actually likely to see. For all the rest, the definitions can simply be paged in from
the next level up in the network. In fact, the networks of anti-virus vendors are
now all hierarchical, caching the least information possible in the customer
devices and systems, staging the less-used information in intermediate servers and
gateways, and connecting them to the automated analysis facilities and human
analysts that are at the pinnacle of the pyramid. The Internet makes it all one
global system.
• 2010: Hello? Hello?
Here it is, 2010. The anti-virus industry has been working on the virus problem
for over twenty years. All in all, things seem to be going pretty well this year.
There have been no major virus incidents, no overblown virus hoaxes. The
nearly seven billion residents of the planet have gone about their daily routines
– shopping, gossiping, composing symphonies, and waging war – all without
thinking very much about computer viruses. And that’s how it should be. There
is one thing that’s just a little bit odd recently. In the past few days, the phones
have been acting up. It seemed to happen at the same time as an automated update
of the operating system from The Windows Company for the phone component
of devices. At first, everything other than the audio channel was fine. Then the
ear-ring too, and then the sketchpad. Many people might have had the same
experience. There was a news alert a few minutes later. This has never happened
before, at least not this widespread. It’s still not clear what’s going on. The media

are saying it’s a virus, however nothing is sure yet. Hopefully we will know more
during VB 2010 itself and be able to tell a more complete story.

CHAPTER 3
(INDIA)
India is a fast growing country in all segments – especially the IT sector. Starting from internet
savvy youth, to necessities in education, social networking generation to IT career seeking chunk
of the Indians and from outsourcing businesses to data security conscious Corporates, everyone
is in search for the best and suitable antivirus for the protection of their data and machines. And
this has created a luring market for antivirus companies all over the world to venture into the
Indian market to reap benefits for both themselves as well the over a 120 crore population.
In recent times, the anti-virus market in India has opened up and global players are now eying
the Indian market, especially the retail, SOHO and SMB segments as they offer huge
opportunities for penetration. While the vendors such as ACI Infocom, Unistal, ESET and AVG
have already entered the Indian market with a host of new products, others are preparing to enter
the rat race. Sources within the industry say that Kingsoft (China) is another vendor that is
watching the Indian anti-virus industry closely and evaluating its options here, while Panda from
Spain has plans to re-enter the country.
While vendor competition becomes tougher, customers are rejoicing as this has given rise to
genuine anti-virus products becoming increasingly affordable. Channel partners are watching
this space closely as it is proving to be a lucrative business area.
According to a Gartner prediction dated Saturday, 29th August 2009, the Asia-Pacific security
market was expected to be growing at an average of 28 percent, even as the worldwide market
for anti-virus solutions at large is growing at 12 percent.
The advent of a host of anti-virus and Internet security vendors has opened up the market for
customers in the retail, SOHO and SMB domain. Many of these vendors have introduced anti-
virus at a price range of Rs 300-400, thereby giving customers the option of buying genuine
software at an affordable price.
3.1 Expert’s voice:
MH Noble, MD, Zoom Technologies, distributors of Kaspersky range of solutions in

India said, “Anti- virus only sells when the product cures and removes virus and does not
slow down the computer/system. No small, local or foreign player can threaten the
business of an established player, as it requires a big team carrying out research in several
different regions and analyzing the samples in all regions of the world for the product to
be effective. However, the product has to be affordable.”
Peter Baxter, VP-Business Development, AVG Technologies explained, “No company

is secure and competition-proof in today's age especially with so many anti-virus

software solution providers (SPs) entering the Indian market. However, regardless of the
technological superiority of any company, without adequate support one can quickly lose
customers. Pricing, coupled with consistency and value for money, plays an important
role when it comes to grabbing the market share. While many brands decide on a low-
entry point and increase price over time, we believe that the Indian consumer is now
savvy to this and looks for consistency and support as opposed to short-term pricing
reductions.”
The established players and the ones who have been around in the market for decades,
however are of the opinion those competitions only toughen them up. These vendors are
of the view that having several options will give customers an ability to get more
discerning and enable differentiation between anti-viruses that can give them just
protection and the ones that can provide them greater protection.
Sharing his views on rising competition, Jaganath Patnaik, former VP-Sales and
Marketing, QuickHeal who is now with Kaspersky AV pointed out, “Pricing has never
played that important a role as far as anti-virus solutions are concerned as one needs to
offer value for money to the customers.”
Pointing out that anti-virus as a product is very similar to an operating system software,
and like a user, who needs only one operating system to run the machine, he only needs
one anti-virus solutions to fight viruses, Karthik Shahney, Regional Director, McAfee
stated, “When it comes to buying an anti-virus, price does play a deciding role for the
customer but he also seeks quality. Anti-virus, as software, is getting commoditized and
the new entrants are lowering prices to penetrate the market further. However, security
market is not only about anti-virus. The customer needs to bear in mind whether he needs
simple protection or great protection for their machines and in case of latter, only that
vendor who can provide 24x7 support and has an effective R&D in place can meet their
requirements.”
Echoing similar sentiments, Amit Nath, Country Manager India & SAARC, Trend
Micro shared, “Vendors who understand the anti-virus market are going to remain
unaffected by the fact that competition is on the rise. Throwing rock bottom prices at the
market will not really help the new entrants grow as vendors. One needs to have a road
map of three/four years, visualize the growth of the industry and have a strong R&D set-
up in place.” Nath further mentioned that 'price vs value' phenomenon will not work for
too long.
Hence, buying an anti-virus is more or less like purchasing a mobile phone. There are numerous
options available and one needs to keep the desired features and price of the product in mind,
before they select the best possible option. With the influx of a host of antivirus vendors, the
customers will be in a better position to discern the quality of the product which will happen only
when they have experienced the product. Hence the vendor who develops closeness with the
channel partner community and offers good quality product backed by effective R&D set-up will
continue to survive and grow in the market.

The antivirus industry in India started quite late compared to its foreign counterparts, but has
been doing serious business thereafter. One of the major and pioneer players in the market was
Symantec’s Norton antivirus. However, the main problem that these companies faced that time
were the lack of awareness among the people, and the very high price at which these softwares
were pitched in the market. Along with these, the low usage of internet and poor marketing and
advertisement campaigns also contributed towards the late spreading of the antivirus network in
India.
Now, the market has changed a lot with highly efficient yet affordable antivirus products
flooding the market. Perhaps this has come across probably due to the do-or-die competition that
the antivirus companies have entered into in this sub-continent. And with the customers growing
smarter by the day, these companies have to put their think tanks to the best use to capture new
segments of the untapped market and even to retain their existing clients.
3.2 Antivirus products operating in India:
An attempt to list the antivirus companies’ products operating in India has been given
below:
• Avira Antivirus
• Avast Antivirus
• AVG Antivirus
• BitDefender Antivirus
• EScan Antivirus
• ESET NOD32 Antivirus
• F-Secure Antivirus
• G-Data Antivirus
• K7 Antivirus
• Kaspersky Antivirus
• Kingsoft Antivirus
• McAfee Antivirus
• Microsoft Security Essentials
• Norman Antivirus and Anti-Spyware
• Net Protector Antivirus
• Panda Antivirus
• PC Tools Spyware Doctor with Antivirus
• QuickHeal Antivirus
• Sophos Antivirus
• Symantec Norton Antivirus
• Trend Micro Antivirus and Anti-Spyware
• Trustport Antivirus

CHAPTER 4
(AHMEDABAD REGION)
Ahmedabad, the economic capital of the prosperous state of Gujarat has been a battlefield for the
antivirus companies lately. With QuickHeal Antivirus products leading the way in the region at
present, the competitors such as Kaspersky, Symantec, EScan, K7, etc are trying hard to reduce
the gap and grow in publicity and sales.
The study and survey conducted over a period of six weeks in Ahmedabad region has helped
conclude that QuickHeal Antivirus Technologies Pvt. Ltd’s product “Total Security 2010” has
been the antivirus software with the highest demand followed closely by Kaspersky’s 2010
edition of the antivirus.
Though the residents of this city have not been counted among the tech-savvy population of the
country for long, yet the present scenario reveals a latent market for the antivirus companies to
venture into. The Government’s initiatives to uplift the technological side of the individuals of
the state has led to the extensive usage of computers and other electronic media of education and
this in turn has increased the chances of the growth of internet-bourne viruses. Just 3-4 years
back the state didn’t find a good reason to go after antivirus security as there was a pretty less
habit of referring the internet among the laymen for knowledge and information. Now, with the
increasing introduction of Wi-Fi networks all across the city (in malls, colleges, schools, Offices,
etc), along with the inseparable usage of the carrier of malware – USB devices, the proximity of
the laptops and computers being infected with viruses has become a major threat. Moreover, the
awareness about data theft and its security among the common men has led to everyone going for
an antivirus right at the time of purchasing the machines.
Earlier antivirus software was more of a product which used to give mental peace to the tech-
savvy person that his machine and data are safe. But now, the technical know-how has expanded
so like a forest fire that people are not just contended with the mental security that they have an
antivirus installed on the laptops or desktops. They have started demanding extended features
which give them not only maximum possible protection from malware and data theft but those
which also helps them work efficiently on the systems, without slowing down or interfering in
the work that they are doing.
The major factors influencing the antivirus softwares which are playing each other in the
Ahmedabad market are:
• Quality
• Price

However there exists one superior factor which influences both of the above mentioned aspects
and that is ‘Brand image’. For example: Symantec Norton antivirus has been an old and quality
player in Ahmedabad, and people still remember this brand whenever antivirus is talked about.
With the advent of other softwares entering the Ahmedabad market Norton has no doubt lost
some ground but it still is a brand to compete with. Norton antivirus is expensive as well, but it
has built its image in such a way over a period of time that people who prefer quality will go for
Norton AV. A comparatively newer brand Kaspersky AV has gained ground and recognition
within a very short span of time. A factor which has boosted the sales of Kaspersky is its low
cost. Basically speaking, the business-minded mentality of the Ahmedabad crowd brings in a
tendency in them to go for products which give them quality and which comes cheap as well. At
present, QuickHeal Antivirus Technologies Pvt. Ltd.’s products are in demand despite a higher
price range. Discussions with some of the end-users have revealed that the advertisements that
QuickHeal has aired on the radio and television have helped in increasing its brand value among
the people who already were using some brand of antivirus as well as spreading news about its
presence in Ahmedabad among the first timers.
Another key factor which encourages an end-user to go for a particular brand is the realization of
value. In the case of an antivirus software, local on-site technical support along with 24x7
operating toll-free number are best suited for delivering the basic value that a customer may
expect. QuickHeal Antivirus Technologies is the only company which offers technical support
home-to-home for the customers in Ahmedabad at present. So it shows in the sales of its
products. Net Protector Antivirus, which is an upcoming brand in the city, is following in
QuickHeal’s footsteps and is trying to give technical support through the dealers to all the
customers. Further details about the Ahmedabad antivirus market have been given in the Key
Findings section in the later part of this report.
The major Antivirus companies operating in Ahmedabad are:
• QuickHeal AV
• Kaspersky AV
• K7 AV
• Symantec Norton AV
• Net Protector AV
• EScan Internet Security and AV
• McAfee AV
• Trend Micro AV
• G-Data AV
• AVG Antivirus

Some other brands which exist in the end-users catalogue apart from the above mentioned
antiviruses are:
• Avast AV/ Avira AV

• Panda AV and some others.
These other brands have probably been introduced through the internet downloads as free
versions or pirated softwares.
Piracy had been actively involved in the Ahmedabad antivirus market about 2-3 years back. And
it used to pull away an alarming chunk of the customers. But frequent crackdowns by legal
authorities have shrunk the piracy market considerably. Genuine softwares which have a market
price of around Rs. 1000-1300 were sold for just Rs. 100-150 in the pirated version. It is this
reason because of which the dealers as well as the end-users frequently took refuge in this market
so religiously. However, the low cost genuine antivirus softwares which have been introduced
lately have added to the decline of the piracy market.
Moreover regular and automatic update facilities in most of the new antivirus softwares over the
internet have helped promote the cause of genuine softwares greatly.
Added to these, recently Microsoft had initiated raids with the help of police authorities at major
centers which used to deal in pirated software business and taken necessary legal action which
has dampened the piracy market to a large extent. Such measures on a repetitive basis can
expectedly increase the sale of genuine software, be it antivirus or operating system or other
software products.

CHAPTER 5
QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.
5.1 An insight:
• Incepted in 1993 by the Katkar Brothers it started with a product idea in the
security and Anti- Virus domain. It successfully developed an Anti-Virus product
and christened it Quick Heal.
• In 1995 was incorporated to form CAT LABS PVT LTD to make Brand Quick
Heal a strong brand in the IT security field. In an industry, which has seen very
few success stories and overwhelmed by the technical challenges posed by new
viruses’ every day Quick Heal has grown exponentially in the past 13 years. This
is evident by its presence in more than 50 countries worldwide and its listing on
more than 400 shareware sites and with a growth rate of nearly 100% year on
year. Over the years they have moved from a simple Antivirus Company, to a
comprehensive Security Products Company.
• Certification, Independent Software vendor certification from Microsoft

Corporation, Major shareware sites top accreditation, MOU with CERT_IN a
Government of India venture into cyber security and top reviews in major
industry magazines. We are also among the top 100 emerging companies as rated
by Red Herring.
• Quick Heal strength lies in its exceptional team of software and management
professionals. Having a strong software engineering discipline derived out of
Quick Heal product culture and having worked with emerging technologies for
the past twelve years. Quick Heal has developed an excellent learning and
adaptation capability. This unique capability has been instrumental in Quick Heal
success in taking on development of the product to its present stage.
• Quick Heal on numerous occasions has been the first to come out with the fastest
virus solutions in a record time ahead of any of its foreign counterparts.

5.2 Awards and recognitions:
• Virus Bulletin award:
Quick Heal till date is the only Indian Antivirus using indigenous Antivirus
engine to achieve this award. They have in all 22 Vb-100% awards as on date.
The company has received the prestigious VB 100% award, on all platforms
(Windows, Novell, Linux, XP, 2000, 2003, Vista etc.) the most prestigious of
awards in the Anti-Virus Industry. It is the only Anti-Virus software from Asia to
get VB 100% certification for its Linux based Anti- Virus.
• Checkmark Level 2 certification:
Quick Heal has become one of the first Anti-Virus software’s from Asian
Subcontinent to bag the prestigious “Checkmark Certification Level 2” by West
Coast Labs U.K.
• Microsoft ISV Certification:
Quick Heal has been recognized by Microsoft as a Security / Anti-Virus partner.

Microsoft certified Quick Heal Technologies Pvt Ltd as its Independent Software
Vendor (ISV) for providing antivirus solution for Microsoft operating systems
and generic mail protection service. Quick Heal has been already associated with
Microsoft by offering Antivirus Quick Heal to the Genuine Microsoft Windows
users at a discounted price under Microsoft Windows Genuine Advantage. With

this ISV certification Quick Heal will be able to get to work with Microsoft on
Security issues for Microsoft operating systems. This certification will benefit
customers through Microsoft OS compatible security solutions.
• MoU with CERT In:
Quick Heal has signed a Memorandum of Understanding with Indian Computer

Emergency Response Team (CERT-In) for security co-operation. Under this
terms of the agreement Quick Heal and CERT-In will initiate co-operative
activities in the areas like Mal ware analysis and incidents on Internet Security.
• Red Herring Finalist:
Red Herring Magazine had short listed CAT LABS PVT LTD for Red Herring 100
Asia 2007 awards.
• Compass 2007 Exhibition Award:
Recently Computer association of Eastern India has awarded Quick Heal as the
best product in the Antivirus segment in the Compass 2007 Exhibition.
5.3 Advantages of Quick Heal Antivirus:
• Quick Heal offers lethal combines of Reactive and Proactive technologies to keep
viruses band other malware out from the systems.
• It provides e-mail, Network, Intranet and other online protection services.
Needless to say, its Virus Bulletin (VB100) award winning and Check Mark

certified virus scan engine eliminates 100% In - the - Wild viruses in all types of
files, compressed archives, and mailboxes both Online and Off-line.
• What distinguishes Quick Heal from its peers is its design philosophy, which is
user friendly, futuristic in nature to counter the most dangerous malwares. This
ensures that the users get a stable, reliable and consistent protection of the highest
standard while exploring every corner of the cyber world not only from the
known virus but also against unknown threats.
• Quick Heal Antivirus Technologies Pvt. Ltd. is the leader in providing prompt
and easily accessible technical support through email, telephonic and chat.
• Regarding technical intricacy they are rated as best for unknown malwares (DNA,
sensor, heuristic), real time protection for unknown viruses, low on system
resource, optimum balance between performance and security.
• Moreover they have small and incremental updates (2-6 times per day), free
upgrade policy, and flexible licensing policy. Their user friendly interface makes
easy for customers to operate.
5.4 Features of Quick Heal Antivirus:
• DNA Scan Technology

• QuickHeal Active Sensor
• QuickHeal Messenger
• Smart E-mail protection
• Smart Memory Scanning
• Emergency Bootable CD
• Native Boot Scan
• QuickHeal Firewall Protection
• Content Filter
• MS-Office protection
• Complete and small upgrades
• Anti Root-kit
• PC to Mobile scan
• Antimalware support
• Advanced System Explorer
• Window Spy
• Data Theft Protection
• System Hijack Restore
• Privacy Track Cleaner
• Drag ‘N’ Drop Scanning
• Multiple Scanning

• Control Scanning
• Automatic Hourly Update System
• Multiple Scheduling of Scanning
• Powerful Quarantine Tool
These features are the combined overall features available in the entire range of
QuickHeal antivirus softwares.

CHAPTER 6
COMAPARATIVE STUDY – QUICKHEAL V/S OTHERS
A detailed comparative study conducted by VIRUS BULLETIN in April 2010 revealed the
performance and feature results of the above mentioned antivirus companies’ products. The
results have been categorized and shown below:
• On demand tests:
Polymorphic
On-demand WildList Worms & bots Trojans Clean sets
viruses
tests
Missed % Missed % Missed % Missed % FP Susp.
Agnitum 0 100 105 97.96 191 89.11 1255 89.39 1
AhnLab 0 100 424 91.75 8 99.59 5703 51.78 2
Alwil 0 100 28 99.46 507 93.28 197 98.33
Arcabit 0 100 747 85.47 1319 79.03 5781 51.12 6
Authentium 0 100 140 97.28 3 99.85 1759 85.13 4
Avanquest 0 100 46 99.11 1989 65.32 446 96.23 1
AVG 0 100 17 99.67 26 98.79 284 97.60
Avira
0 100 11 99.79 0 100 148 98.75
(Personal)
Avira
0 100 11 99.79 0 100 148 98.75
(Professional)
BitDefender 0 100 24 99.53 0 100 618 94.78
Bkis
(Gateway 3 99.58 807 84.31 2773 51.85 6551 44.61
Scan)
Bkis
(Home 18 97.50 847 83.53 2776 51.20 6551 44.61
edition)
100
Bullguard 0 100 18 99.65 0 316 97.33
CA (ISS) 0 100 432 91.60 958 92.06 5184 56.17

CA (Threat
0 100 430 91.64 958 92.06 5063 57.19
Manager)
Central
0 100 109 97.88 191 89.11 1229 89.61 1
Command
Check Point 1 99.99 56 98.91 9 99.91 379 96.80 5
Defenx 0 100 109 97.88 191 89.11 1251 89.42 1
Digital
0 100 135 97.37 191 89.11 1338 88.69 1
Defender
eEye Digital
104 99.99 282 94.52 288 83.47 2764 76.63 3
Security
Emsisoft 974 99.95 10 99.81 1285 78.59 202 98.29 1 1
EScan 0 100 18 99.65 0 100 320 97.29 3
ESET 0 100 23 99.55 0 100 172 98.55
Filseclab 1548 97.97 310 93.97 9913 41.20 1881 84.10 5 1
Fortinet 0 100 330 93.58 30 99.09 3099 73.80 1

Frisk 0 100 185 99.40 0 100 1997 83.12 1

F-Secure
(Client 0 100 18 99.65 0 100 532 95.50
Security)
F-Secure (PSB
0 100 18 99.65 0 100 532 95.50
Workstation)
G-Data 0 100 4 99.92 0 100 11 99.91
Ikarus 973 99.95 3 99.94 1285 78.59 142 98.80 1
iolo 0 100 186 96.38 3 99.85 1984 83.23 1
K7 0 100 56 98.91 0 100 463 96.09 1
Kaspersky
(Antivirus 0 100 45 99.12 0 100 255 97.84
2010)
Kaspersky
1 99.99 74 98.56 1 99.99 545 95.39
(Antivirus 6)
Kingsoft
0 100 1008 80.40 2382 56.61 10525 11.02
(Advanced)
Kingsoft
0 100 934 81.84 2382 56.61 9352 20.93
(Standard)
Kingsoft
6 99.17 659 87.18 3350 47.72 6625 43.99 1
(Swinstar)
Lavasoft 0 100 15 99.71 1994 65.16 107 99.10 2
McAfee Total
0 100 31 99.40 4 99.99 484 95.91
Protection
McAfee Total
0 100 46 99.11 1 99.99 786 93.35
Protection
Microsoft 1 99.99 30 99.42 0 100 543 95.41
Nifty Corp. 1 99.99 71 98.62 1 99.99 673 94.31 5
Norman 104 99.99 284 94.48 293 82.92 2789 76.42 3
PC Tools
(Internet 0 100 25 99.51 0 100 243 97.95
Security)
PC Tools
(Spyware 0 100 25 99.51 0 100 245 97.93
Doctor)
Preventon 0 100 135 97.37 191 89.11 1338 88.69 1
Proland 0 100 111 97.84 191 89.11 1308 88.94 1
Qihoo 0 100 23 99.55 11 99.98 354 97.01
Quick Heal 0 100 188 96.34 5 99.51 1955 83.47
Rising 0 100 620 87.94 1130 70.02 5435 54.05
SGA Corp. 0 100 26 99.49 0 100 364 96.92
Sophos 0 100 44 99.14 0 100 554 95.32 3
SPAMfighter
(VIRUS 0 100 136 97.36 191 89.11 1360 88.50
fighter Plus)
SPAMfighter
(VIRUS 0 100 135 97.37 191 89.11 1338 88.69
fighter Pro)
Sunbelt 0 100 15 99.71 1994 65.19 121 98.98 2
Symantec
(Endpoint 0 100 38 99.26 0 100 324 97.26
Protection)
Symantec
(Norton 0 100 21 99.59 0 100 392 96.69
Antivirus)

Trustport 0 100 3 99.94 0 100 23 99.81

VirusBuster 0 100 109 97.87 191 89.11 1229 89.61
Webroot 0 100 36 99.30 0 100 483 95.92
• On-access tests:
Polymorphic
On-access WildList Worms & bots Trojans
viruses
tests
Missed % Missed % Missed % Missed %
Agnitum 0 100.00% 115 97.76% 191 89.11% 1373 88.39%
AhnLab 0 100.00% 424 91.75% 8 99.59% 5713 51.70%
Alwil 0 100.00% 20 99.61% 507 93.28% 172 98.55%
Arcabit 1 99.86% 751 85.39% 1319 79.03% 5811 50.87%
Authentium 0 100.00% 193 96.25% 3 99.85% 2061 82.58%
Avanquest - - - - - - - -
AVG 0 100.00% 30 99.42% 26 98.79% 421 96.44%
Avira
0 100.00% 15 99.71% 41 100.00% 169 98.57%
(Personal)
Avira
0 100.00% 12 99.77% 0 100.00% 165 98.61%
(Professional)
BitDefender 0 100.00% 30 99.42% 0 100.00% 651 94.50%
Bkis
(Gateway 3 99.58% 807 84.31% 2773 51.85% 6551 44.61%
Scan)
Bkis (Home
18 97.50% 847 83.53% 2776 51.20% 6551 44.61%
Edition)
Bullguard 0 100.00% 18 99.65% 0 100.00% 316 97.33%
CA (ISS) 0 100.00% 432 91.60% 958 92.06% 5184 56.17%
CA (Threat
0 100.00% 430 91.64% 958 92.06% 5063 57.19%
Manager)
Central
0 100.00% 113 97.80% 191 89.11% 1319 88.85%
Command
Check Point 1 99.9999% 99 98.07% 9 99.91% 858 92.75%
Defenx 0 100.00% 115 97.76% 191 89.11% 1373 88.39%
Digital
0 100.00% 140 97.28% 191 89.11% 1421 87.99%
Defender
eEye Digital
123 99.99% 284 94.48% 338 81.83% 2960 74.97%
Security
Emsisoft - - - - - - - -
EScan 0 100.00% 24 99.53% 0 100.00% 346 97.07%
ESET 0 100.00% 71 98.62% 0 100.00% 392 96.69%
Filseclab 2595 97.91% 295 94.26% 11413 37.25% 1718 85.48%
Fortinet 0 100.00% 330 93.58% 30 99.09% 3171 73.19%
Frisk 0 100.00% 192 96.27% 0 100.00% 2070 82.50%
F-Secure
(Client 0 100.00% 22 99.57% 0 100.00% 541 95.43%
Security)
F-Secure (PSB
0 100.00% 22 99.57% 0 100.00% 541 95.43%
Workstation)
G DATA 0 100.00% 6 99.88% 0 100.00% 26 99.78%
Ikarus 973 99.95% 3 99.94% 1285 78.59% 142 98.80%
iolo 0 100.00% 186 96.38% 3 99.85% 1984 83.23%

K7 0 100.00% 61 98.81% 0 100.00% 730 93.83%

Kaspersky
(Anti-Virus 0 100.00% 79 98.46% 0 100.00% 376 96.82%
2010)
Kaspersky
1 99.9999% 94 98.17% 1 99.999% 590 95.01%
(Anti-Virus 6)
Kingsoft
0 100.00% 1011 80.34% 2382 56.61% 10549 10.81%
(Advanced)
Kingsoft
0 100.00% 937 81.78% 2382 56.61% 9375 20.74%
(Standard)
Kingsoft
- - - - - - - -
(Swinstar)
Lavasoft 2 99.72% 25 99.51% 2004 65.03% 257 97.83%
McAfee Total
0 100.00% 36 99.30% 0 100.00% 601 94.92%
Protection
McAfee Virus
0 100.00% 49 99.05% 1 99.999% 788 93.34%
Scan
Microsoft 1 99.99% 64 98.76% 0 100.00% 764 93.54%
Nifty Corp. 1 99.9999% 56 98.91% 1 99.999% 348 97.06%
Norman 110 99.99% 285 94.46% 338 81.83% 2944 75.11%
PC Tools
(Internet 0 100.00% 27 99.47% 0 100.00% 271 97.71%
Security)
PC Tools
(Spyware 0 100.00% 27 99.47% 0 100.00% 260 97.80%
Doctor)
Preventon 0 100.00% 140 97.28% 191 89.11% 1421 87.99%
Proland 0 100.00% 112 97.82% 191 89.11% 1310 88.92%
Qihoo 0 100.00% 23 99.55% 42 99.79% 409 96.54%
Quick Heal 0 100.00% 351 93.17% 42 96.49% 5274 55.41%
Rising 0 100.00% 620 87.94% 1130 70.02% 8376 29.18%
SGA Corp. 0 100.00% 31 99.40% 0 100.00% 397 96.64%
Sophos 0 100.00% 23 99.55% 0 100.00% 392 96.69%
SPAM fighter
(VIRUS 0 100.00% 427 91.70% 191 89.11% 1384 88.30%
fighter Plus)
SPAM fighter
(VIRUS 0 100.00% 140 97.28% 191 89.11% 1421 87.99%
fighter Pro)
Sunbelt - - - - - - - -
Symantec
(Endpoint 0 100.00% 26 99.49% 0 100.00% 309 97.39%
Protection)
Symantec
(Norton 0 100.00% 17 99.67% 0 100.00% 209 98.23%
Antivirus)
Trustport 0 100.00% 6 99.88% 16 100.00% 34 99.71%
VirusBuster 0 100.00% 113 97.80% 191 89.11% 1319 88.85%
Webroot 0 100.00% 58 98.87% 0 100.00% 539 95.44%

• System resource usage statistics:
• Reactive and Proactive (RAP) detection scores:
RAP Reactive Proactive Overall average

Reactive
detection
Week 3 Week 2 Week 1 average Week +1 Missed
scores
Agnitum
Outpost
87.61% 75.41% 70.84% 77.95% 47.75% 70.40%
Security Suite
Pro
AhnLab V3
Internet 68.25% 50.57% 36.40% 51.74% 21.65% 44.22%
Security
Alwil Avast!
96.55% 94.69% 89.78% 93.67% 52.72% 83.44%
free antivirus

Arcabit
67.58% 57.78% 57.51% 60.96% 23.43% 51.58%
ArcaVir 2010
Authentium
Command 81.41% 75.54% 57.85% 71.60% 51.55% 66.59%
Anti-Malware
Avanquest
Double Anti-
93.63% 91.68% 78.21% 87.84% 42.19% 76.43%
Spy
Professional
AVG Internet
Security
93.55% 91.35% 81.26% 88.72% 49.28% 78.86%
Network
Edition
Avira AntiVir
92.28% 96.19% 90.32% 92.93% 61.59% 85.10%
Personal
Avira AntiVir
92.28% 96.19% 90.32% 92.93% 61.59% 85.10%
Professional
BitDefender
Antivirus 89.03% 70.53% 63.31% 74.29% 51.85% 68.68%
2010
Bkis Bkav
Gateway 47.93% 43.70% 32.05% 41.23% 21.96% 36.41%
Scan
Bkis Bkav
47.93% 43.70% 32.05% 41.23% 21.96% 36.41%
Home Edition
Bullguard
94.55% 86.08% 82.11% 87.58% 63.16% 81.47%
Antivirus
CA Internet
Security Suite 67.23% 59.42% 64.28% 63.65% 53.20% 61.04%
Plus
CA Threat
68.69% 60.56% 65.78% 65.01% 55.35% 62.59%
Manager
Central
Command
Vexira 88.47% 77.32% 71.10% 78.96% 48.28% 71.29%
Antivirus
Professional
Check Point
Zone Alarm 94.45% 95.52% 92.35% 94.11% 78.15% 90.12%
Suite
Defenx
Security Suite 88.26% 77.26% 71.14% 78.89% 48.34% 71.25%
2010
Digital
Defender 87.42% 76.03% 69.06% 77.50% 47.64% 70.04%
Antivirus
eEye Digital
Security Blink 66.47% 57.84% 50.75% 58.35% 45.70% 55.19%
Professional
Emsisoft a-
squared Anti- 99.13% 99.42% 97.62% 98.72% 71.30% 91.87%
Malware
EScan
Internet
94.42% 85.75% 80.46% 86.88% 62.60% 80.81%
Security for
Windows

ESET NOD32
94.08% 94.11% 89.18% 92.46% 78.04% 88.85%
Antivirus
Filseclab
Twister Anti- 82.74% 76.74% 67.69% 75.72% 67.66% 73.71%
Trojan Virus
Fortinet
72.87% 69.75% 64.54% 69.05% 23.15% 57.58%
FortiClient
Frisk F-PROT 79.34% 72.52% 56.15% 69.34% 49.92% 64.48%
F-Secure
Client 91.22% 83.97% 66.53% 80.57% 55.26% 74.24%
Security
F-Secure PSB
Workstation 91.22% 83.97% 66.53% 80.57% 55.26% 74.24%
Security
G DATA
Antivirus 99.09% 98.86% 91.14% 96.37% 65.25% 88.59%
2010
Ikarus virus.
98.93% 99.29% 94.64% 97.62% 68.42% 90.32%
Utilities
iolo System
Mechanic 79.28% 72.47% 56.15% 69.30% 49.95% 64.46%
Professional
K7 Total
90.85% 85.44% 58.94% 78.41% 50.14% 71.34%
Security
Kaspersky
Anti-Virus 93.55% 96.03% 93.23% 94.27% 77.36% 90.04%
2010
Kaspersky
Anti-Virus 6
93.24% 95.79% 92.38% 93.80% 76.47% 89.47%
for Windows
Workstations
Kingsoft
Internet
Security 2010 32.16% 24.31% 21.93% 26.13% 17.61% 24.00%
Advanced
Edition
Kingsoft
Internet
Security 2010 37.64% 36.53% 26.45% 33.54% 21.88% 30.63%
Standard
Edition
Kingsoft
Internet
Security 2010 42.62% 38.34% 28.81% 36.59% 22.34% 33.03%
Swinstar
Edition
Lavasoft Ad-
Aware
Professional 96.96% 96.35% 82.57% 91.96% 62.12% 84.50%
Internet
Security
McAfee Total
94.64% 92.87% 84.84% 90.78% 66.01% 84.59%
Protection
McAfee Virus
Scan 90.83% 89.17% 82.72% 87.57% 63.61% 81.58%
Enterprise

Microsoft
Security 91.14% 93.06% 74.15% 86.12% 55.52% 78.47%
Essentials
Nifty Corp.
93.45% 94.31% 85.59% 91.12% 62.36% 83.93%
Security 24
Norman
66.36% 57.81% 50.30% 58.16% 45.75% 55.06%
Security Suite
PC Tools
Internet 93.21% 92.55% 76.19% 87.32% 34.49% 74.11%
Security 2010
PC Tools
Spyware 93.22% 92.58% 76.20% 87.34% 34.53% 74.13%
Doctor
Preventon
87.42% 76.03% 69.06% 77.50% 47.64% 70.04%
Antivirus
Proland
Protector
87.71% 76.26% 70.82% 78.26% 48.13% 70.73%
Plus
Professional
Qihoo 360
93.88% 84.32% 73.68% 83.96% 56.51% 77.10%
Security
Quick Heal
Antivirus 78.68% 69.61% 63.17% 70.49% 44.58% 64.01%
2010
Rising
Internet 59.40% 42.67% 34.77% 45.62% 25.07% 40.48%
Security 2010
SGA Corp.
94.36% 85.88% 79.65% 86.63% 62.08% 80.49%
SGA-VC
Sophos
Endpoint
95.90% 93.43% 90.74% 93.36% 75.43% 88.88%
Security and
Control
SPAM fighter
VIRUS fighter 87.43% 76.03% 69.06% 77.51% 47.59% 70.03%
Plus
SPAM fighter
VIRUS fighter 87.25% 75.84% 68.98% 77.36% 47.61% 69.92%
Pro
Sunbelt
VIPRE
96.97% 96.45% 83.53% 92.31% 66.10% 85.76%
Antivirus
Premium
Symantec
Endpoint 91.37% 90.35% 65.00% 82.24% 31.15% 69.47%
Protection
Symantec
Norton 91.77% 90.76% 66.49% 83.00% 33.24% 70.56%
Antivirus
Trustport
Antivirus 98.67% 96.09% 96.74% 97.17% 79.66% 92.79%
2010
VirusBuster
88.47% 77.32% 71.10% 78.96% 48.28% 71.29%
Professional
Webroot
96.48% 94.12% 89.90% 93.50% 74.40% 88.72%
Antivirus with

Spy Sweeper
• On-demand throughput (MB/s):
Binaries and system Media and

Archive files Other file types
On demand files documents
throughput
Default Default Default Default All Default Default All Default Default All
(MB/s) (cold) (warm)
All files
(cold) (warm) files (cold) (warm) files (cold) (warm) files
Agnitum 2.29 18.00 2.29 8.81 391.41 8.81 12.81 76.44 12.81 128.99 343.96 128.99
AhnLab 11.13 11.18 11.13 25.39 25.95 25.39 10.38 10.47 10.38 9.64 9.38 9.64
Alwil 213.25 277.23 7.57 40.49 49.44 37.58 29.03 30.99 29.78 43.00 43.00 24.00
Arcabit 7.02 6.98 7.02 14.86 14.68 14.86 24.14 26.36 24.14 14.95 15.40 14.95
Authentium 5.56 5.61 5.56 12.33 12.26 12.33 18.80 19.60 18.80 11.73 12.14 11.73
Avanquest 0.61 0.61 0.61 4.12 4.60 4.12 1.09 1.53 1.09 2.15 1.56 2.15
AVG 0.68 0.68 0.47 11.74 11.71 2.32 6.82 6.61 6.71 4.98 4.61 4.65
Avira
4.34 4.27 4.34 33.55 33.55 33.55 19.43 18.20 19.43 9.64 15.40 9.64
(Personal)
Avira
4.09 4.20 4.09 39.80 38.50 39.80 20.66 18.80 20.66 19.84 15.88 19.84
Professional
BitDefender 24.98 26.66 24.98 16.37 17.14 16.37 5.45 5.59 5.45 3.45 3.79 3.45
Bkis
(Gateway 99.01 77.01 N/A 3.34 3.34 3.34 4.99 4.90 4.99 4.30 4.06 4.30
Scan)
Bkis (Home
99.01 99.01 1.05 3.17 3.17 3.03 4.99 4.93 4.25 4.30 4.11 2.90
Edition)
Bullguard 4.10 4.09 4.10 26.39 28.90 26.39 11.08 10.42 11.08 8.82 9.38 8.82
CA (ISS) 2.80 2.81 2.80 31.31 29.54 31.31 25.48 25.20 25.48 21.50 20.64 21.50
CA (Threat
1.27 1 386.14 1.27 23.60 117.42 23.60 10.97 55.93 55.93 9.21 33.29 9.21
Manager)
Central
7.81 7.90 2.39 20.69 20.78 20.51 17.50 16.50 12.40 13.76 12.90 10.53
Command
Check Point 1.94 1.95 1.94 16.37 16.25 16.25 6.10 6.27 6.10 6.18 6.45 6.18
Defenx 1.12 14.99 1.12 15.01 391.41 15.01 6.23 22.48 6.23 4.76 51.59 4.76
Digital
3.24 3.24 0.66 10.48 10.63 2.50 13.03 12.26 2.91 12.43 10.32 2.81
Defender
eEye Digital
1.49 1.50 1.49 1.80 1.77 1.80 0.80 0.80 0.80 0.59 0.58 0.58
Security
Emsisoft 5.48 5.58 N/A 6.33 6.62 6.33 7.85 8.75 7.85 6.66 7.82 6.66
EScan 126.01 126.01 N/A 3.46 3.46 N/A 0.84 0.84 N/A 0.62 0.62 N/A
ESET 3.62 3.62 3.62 12.90 12.83 12.90 13.33 13.98 13.33 12.58 12.74 12.58
Filseclab 1.24 1.23 1.22 19.99 19.25 19.17 5.73 5.54 5.49 5.32 4.80 5.32
Fortinet 3.90 4.52 3.90 7.26 8.37 7.26 19.94 21.63 19.94 9.38 10.02 9.38
Frisk 7.30 7.33 7.30 11.10 11.32 11.10 26.66 31.41 26.66 18.76 19.47 18.76
F-Secure
(Client 6.68 2772.27 6.68 16.77 1565.63 60.22 10.28 114.66 29.40 49.14 343.96 27.15
Security)
F-Secure
(PSB 6.66 2772.27 6.66 361.30 2348.44 64.34 13.49 327.59 36.40 93.81 343.96 28.66
Workstation)
G DATA 2.52 2772.27 2.52 18.06 1174.22 18.06 10.42 229.31 10.42 8.97 343.96 8.97
Ikarus 23.69 23.69 N/A 11.32 11.32 11.32 13.18 12.13 13.18 14.95 10.86 14.95

iolo 6.58 6.60 N/A 11.32 11.24 N/A 14.89 12.07 N/A 8.53 12.43 N/A
K7 7.24 7.30 7.24 9.66 9.74 9.66 29.78 29.03 29.78 20.23 19.11 20.23
Kaspersky
(Anti-Virus 4.11 1386.14 4.11 30.70 391.41 30.70 16.38 48.79 16.38 11.86 79.38 11.86
2010)
Kaspersky
4.68 1386.14 4.68 37.28 587.11 37.28 11.47 69.49 11.47 13.23 147.41 13.23
(Anti-Virus 6)
Kingsoft
1.55 1.55 1.55 24.46 25.67 24.46 5.49 5.28 5.49 22.93 14.74 22.93
(Advanced)
Kingsoft
1.52 1.53 1.52 23.02 23.14 23.02 5.32 5.24 5.32 16.64 12.74 16.64
(Standard)
Kingsoft
5.25 5.21 N/A 37.28 40.14 N/A 32.76 30.17 N/A 25.17 24.57 N/A
(Swinstar)
Lavasoft 63.01 72.95 N/A 12.17 12.30 12.17 2.46 2.57 2.46 3.50 3.34 3.50
McAfee Total
1.66 2.03 1.66 9.87 50.50 9.87 5.15 15.81 5.15 8.32 36.85 8.32
Protection
McAfee Virus
86.63 89.43 1.97 13.05 13.08 11.98 7.62 7.10 7.62 6.11 4.37 4.30
Scan
Microsoft 2.61 2.52 2.61 13.31 13.27 13.31 19.60 19.60 19.60 10.12 12.14 10.12
Nifty Corp. 2.38 924.09 2.38 17.33 195.70 17.33 6.48 34.23 6.48 6.25 26.46 6.25
Norman 1.12 1.13 1.12 2.47 2.47 2.47 2.33 3.45 2.33 1.59 2.45 1.59
PC Tools
(Internet 1.42 1.47 0.51 6.02 25.39 6.02 6.35 6.20 6.35 5.37 5.29 5.37
Security)
PC Tools
(Spyware 2.13 2.22 0.69 31.74 23.48 31.74 8.19 8.25 8.19 7.82 7.48 7.82
Doctor)
Preventon 3.23 3.22 N/A 10.04 10.06 10.04 13.03 12.20 13.03 12.28 10.22 12.28
Proland 7.05 7.04 7.05 19.73 20.16 19.73 7.77 7.67 7.77 5.93 5.49 5.93
Qihoo 1.52 1.52 1.52 5.21 4.99 5.21 1.15 1.03 1.15 0.75 0.84 0.75
Quick Heal 3.57 3.58 2.58 38.50 37.58 38.50 9.93 9.72 9.40 3.75 9.92 8.74
Rising 1.43 1.45 1.43 6.97 7.07 6.97 3.49 3.51 3.49 5.76 5.86 5.76
SGA Corp. 2772.27 2772.27 N/A 24.85 27.15 N/A 15.60 17.24 N/A 85.99 515.94 N/A
Sophos 252.02 277.23 2.48 15.55 15.71 14.45 21.43 23.16 17.11 12.43 11.47 9.05
SPAM fighter
(VIRUS
3.11 3.07 3.11 8.68 9.68 8.68 10.42 9.28 10.42 11.59 6.88 6.88
fighter Plus)
SPAM fighter
(VIRUS
56.58 53.31 56.58 10.12 10.12 10.12 16.62 17.11 16.62 10.32 10.32 10.32
fighter Pro)
Sunbelt 102.68 102.68 2.21 13.77 13.73 13.50 2.40 2.39 2.39 3.39 3.12 3.10
Symantec
(Endpoint
2.35 2.24 2.35 14.41 15.71 14.41 8.79 8.92 8.79 6.11 6.22 6.11
Protection)
Symantec
(Norton 4.93 693.07 693.07 29.17 260.94 29.17 13.57 55.93 55.93 13.58 43.00 13.58
Antivirus)
Trustport 1.25 1.27 1.25 7.03 7.40 7.03 5.10 4.87 5.10 3.30 3.36 3.30
VirusBuster 7.72 7.77 7.74 20.16 20.25 20.16 15.92 15.29 11.52 79.38 206.38 79.38
Webroot 2.56 2.53 2.56 11.65 11.65 11.65 10.38 9.10 10.38 8.53 5.73 8.53

• File access lag time (s/MB):

Binaries and system Media and
Archive files Other file types
On demand files documents
throughput
(MB/s) Default Default All Default Default All Default Default All Default Default All
(cold) (warm) files (cold) (warm) files (cold) (warm) files (cold) (warm) files
Agnitum 0.01 0.00 0.00 0.10 0.00 0.00 0.16 0.04 0.04 0.19 0.04 0.04
AhnLab 0.02 0.02 NA 0.04 0.03 0.04 0.09 0.08 0.09 0.09 0.09 0.09
Alwil 0.03 0.00 0.15 0.04 0.00 0.05 0.11 0.00 0.22 0.19 0.00 0.33
Arcabit 0.00 0.00 0.14 0.05 0.05 0.05 0.03 0.03 0.03 0.02 0.02 0.05
Authentium 0.04 0.04 0.07 0.12 0.10 0.08 0.19 0.17 0.05 0.22 0.22 0.08
Avanquest 0.01 0.00 NA 0.07 0.01 NA 0.36 0.05 NA 0.27 0.07 NA
AVG 0.00 0.00 0.02 0.08 0.07 0.07 0.12 0.11 0.12 0.17 0.16 0.19
Avira
0.01 0.00 0.05 0.03 0.00 0.03 0.05 0.03 0.05 0.06 0.05 0.06
(Personal)
Avira
0.01 0.00 0.04 0.02 0.00 0.03 0.05 0.04 0.06 0.06 0.06 0.06
(Professional)
BitDefender 0.01 0.00 0.45 0.04 0.00 0.04 0.14 0.01 0.14 0.18 0.01 0.18
Bkis
(Gateway 0.01 0.01 NA 0.23 0.22 0.23 0.12 0.12 0.12 0.17 0.16 0.17
Scan)
Bkis (Home
0.01 0.01 NA 0.23 0.23 0.23 0.12 0.13 0.12 0.17 0.17 0.17
Edition)
Bullguard 0.25 0.25 0.25 0.05 0.04 0.05 0.14 0.14 0.14 0.18 0.18 0.18
CA (ISS) 0.01 0.01 0.15 0.03 0.02 0.05 0.04 0.03 0.22 0.04 0.03 0.33
CA (Threat
0.01 0.01 NA 0.03 0.03 0.03 0.09 0.08 0.09 0.06 0.05 0.06
Manager)
Central
0.00 0.00 NA 0.04 0.04 0.04 0.02 0.02 0.04 0.08 0.09 0.10
Command
Check Point 0.01 0.01 NA 0.04 0.02 0.04 0.12 0.11 0.12 0.12 0.12 0.12
Defenx 0.01 0.00 NA 0.06 0.00 0.06 0.13 0.02 0.13 0.20 0.02 0.20
Digital
0.00 0.01 0.09 0.09 0.09 0.09 0.01 0.01 0.05 0.02 0.01 0.09
Defender
eEye Digital
0.00 0.00 NA 0.00 0.00 0.00 0.01 0.01 0.01 0.01 0.01 0.01
Security
Emsisoft NA NA NA NA NA NA NA NA NA NA NA NA
EScan 0.00 0.00 0.17 0.05 0.01 0.01 0.06 0.00 0.02 0.04 0.00 0.06
ESET 0.00 0.00 NA 0.01 0.01 0.01 0.07 0.07 0.07 0.05 0.05 0.05
Filseclab 0.00 0.01 NA 0.02 0.02 0.02 0.11 0.11 0.11 0.01 0.01 0.01
Fortinet 0.20 0.00 0.20 0.13 0.01 0.13 0.07 0.00 0.07 0.14 0.01 0.14
Frisk 0.01 0.01 NA 0.08 0.08 0.08 0.02 0.02 0.02 0.03 0.03 0.03
F-Secure
(Client 0.01 0.01 NA 0.07 0.00 NA 0.15 0.03 NA 0.06 0.03 NA
Security)
F-Secure
(PSB 0.01 0.01 NA 0.07 0.00 NA 0.12 0.00 NA 0.03 0.01 NA
Workstation)
G DATA 0.08 0.00 0.54 0.07 0.00 0.08 0.18 0.02 0.18 0.24 0.02 0.24
Ikarus 0.04 0.04 NA 0.08 0.08 0.08 0.06 0.06 0.06 0.07 0.07 0.07
iolo 0.04 0.04 NA 0.10 0.10 NA 0.16 0.15 NA 0.18 0.17 NA
K7 0.02 0.00 NA 0.09 0.00 0.09 0.03 0.01 0.03 0.05 0.01 0.05
Kaspersky
(Anti-Virus 0.01 0.01 0.03 0.05 0.00 0.05 0.13 0.04 0.13 0.14 0.04 0.15
2010)

Kaspersky
0.01 0.00 0.39 0.05 0.00 0.04 0.13 0.04 0.14 0.14 0.04 0.15
(Anti-Virus 6)
Kingsoft
0.00 0.00 NA 0.03 0.00 0.03 0.18 0.00 0.18 0.05 0.00 0.05
(Advanced)
Kingsoft
0.00 0.00 NA 0.03 0.00 0.03 0.18 0.00 0.18 0.05 0.00 0.05
(Standard)
Kingsoft
NA NA NA NA NA NA NA NA NA NA NA NA
(Swinstar)
Lavasoft 0.00 0.00 NA 0.07 0.02 NA 0.01 0.00 NA 0.30 0.07 NA
McAfee Total
0.01 0.00 NA 0.08 0.01 0.08 0.13 0.00 0.13 0.21 0.01 0.21
Protection
McAfee Virus
0.01 0.01 0.44 0.08 0.04 0.07 0.16 0.08 0.15 0.24 0.13 0.23
Scan
Microsoft 0.01 0.00 NA 0.07 0.00 0.07 0.05 0.00 0.05 0.08 0.00 0.08
Nifty Corp. 0.01 0.00 NA 0.05 0.01 0.05 0.13 0.02 0.13 0.14 0.02 0.14
Norman 0.01 0.01 NA 0.09 0.09 0.09 0.29 0.28 0.29 0.34 0.34 0.34
PC Tools
(Internet 0.01 0.00 NA 0.15 0.01 NA 0.03 0.02 NA 0.03 0.02 NA
Security)
PC Tools
(Spyware 0.01 0.00 NA 0.12 0.04 NA 0.19 0.20 NA 0.25 0.23 NA
Doctor)
Preventon 0.00 0.00 NA 0.09 0.09 0.09 0.01 0.00 0.05 0.02 0.01 0.09
Proland 0.00 0.00 NA 0.04 0.01 0.04 0.02 0.01 0.05 0.00 0.00 0.12
Qihoo 0.00 0.01 NA 0.01 0.00 0.00 0.04 0.03 0.04 0.04 0.03 0.04
Quick Heal 0.04 0.04 NA 0.02 0.02 0.02 0.10 0.09 0.10 0.10 0.10 0.10
Rising 0.02 0.02 NA 0.14 0.13 0.14 0.18 0.17 0.18 0.15 0.19 0.15
SGA Corp. 0.00 0.00 NA 0.04 0.00 NA 0.12 0.01 NA 0.02 0.02 NA
Sophos 0.00 0.00 0.34 0.06 0.06 0.06 0.04 0.03 0.04 0.08 0.08 0.09
SPAM fighter
(VIRUS
0.01 0.01 NA 0.10 0.10 0.10 0.03 0.03 0.08 0.06 0.06 0.13
fighter Plus)
SPAM fighter
(VIRUS
0.00 0.00 NA 0.09 0.09 0.09 0.01 0.00 0.01 0.02 0.01 0.02
fighter Pro)
Sunbelt 0.01 0.00 NA 0.06 0.01 0.06 0.38 0.04 0.38 0.27 0.05 0.27
Symantec
(Endpoint
0.01 0.01 NA 0.06 0.06 0.06 0.09 0.08 0.09 0.11 0.10 0.11
Protection)
Symantec
(Norton 0.01 0.01 NA 0.05 0.06 0.05 0.08 0.08 0.08 0.09 0.08 0.09
Antivirus)
Trustport 0.04 0.01 1.35 0.20 0.02 0.22 0.30 0.09 0.32 0.44 0.06 0.47
VirusBuster 0.00 0.00 NA 0.04 0.04 0.04 0.03 0.02 0.04 0.09 0.09 0.10
Webroot 0.01 0.01 NA 0.09 0.08 0.09 0.08 0.08 0.08 0.17 0.14 0.17

CHAPTER 7
TRENDS OVER THE YEARS
Over the past few years, the antivirus industry has undergone some major changes. The market
leader has changed (McAfee has lost ground to Symantec and Kaspersky is growing fast too),
some independent antivirus companies have either disappeared from the market or have been
taken over (the Romanian company RAV and the Australian company VET), and new players
(BitDefender, ClamAV) have appeared.
Here, we will deal with ‘standard’ antivirus solutions: for home computers, workstations,
corporate file and mail servers. Arguably, antivirus solutions for smart-phones could be included
in this list examine. Virus attacks targeting mobile phones may not be particularly common at the
moment but the situation is likely to change radically - for the worse, naturally - in the next few
years. This section does not focus on hardware solutions (such as gateways, routers with
integrated virus scanning capability), or solutions for large UNIX systems. Moreover ‘standard’
antivirus solutions will continue to evolve. In order to understand the nature of such solutions
and to identify trends, we need to determine the main factors currently influencing the antivirus
industry.
Factor 1: Continuing criminalization of the Internet
Any society of a certain size (such as a town or a country) includes criminal

elements. Crime levels are determined by the following factors:
the size of the community (the bigger it is, the higher the number of
potential and actual criminals)
the level of economic development (it's easier to earn a living by honest
means in more developed countries)
the ability of law enforcement bodies (e.g. the police) to investigate crimes
and imprison the perpetrators
The Internet is no exception. Its size is immense, and many of the different
countries which make up part of this community are economically undeveloped.
A particular cause for concern is programs which advocate ‘cheap computers for
poor third world countries’) - these further encourage criminal activity on the
Internet. Statistics on the number of malicious programs originating from specific
countries confirm this: the world leader in virus writing is China, followed by
Latin America, with Russia and Eastern European countries not far behind.

In terms of law enforcement, in the vast majority of cases investigating

cybercrime is a complex task, particularly taking into account the fact that the
Internet has no physical borders.
Data which falls into the three categories listed above clearly indicate that not
only is the level of criminal activity on the Internet already high, but that it will
also continue to increase. One piece of evidence for this statement is that the
amount of crimeware has increased twofold over the past year; this indicates that
criminal activity on the Internet has doubled in the same space of time. There is
no reason to suppose that this growth rate will slow in the future.
The conclusion: pressure on antivirus companies will increase as they will have
to analyze more and more malicious code. Companies that fail to detect new
malicious programs quickly and thus leave their customers unprotected will suffer
a decrease in their market share, and will not be capable of competing in this
professional arms race.
Factor 2: Increased variety of malware and attack methods
Fourteen years ago, back in 1996, malicious programs fell into two categories:
viruses and primitive Trojans. At that time, there was no such thing as malware
which could be used for criminal ends. However, in the intervening decade,
malware has become far more complex and varied:
network worms
a wide range of Trojan programs, including Spyware
AdWare
malicious application of legitimate programs (such as keyloggers and
remote administration utilities)
a wide range of spam, from begging emails to blackmail
phishing - a clearly differentiated type of financial scam
network attacks and rackets, etc
The vast majority of malicious programs are written for Win32 systems. The
number of malicious programs targeting Linux, MacOs, and smartphones
(running under a variety of operating systems) is still, as yet, insignificant. There
have also been a handful of PoC viruses for 64 bit systems.
The conclusion: antivirus companies have to be prepared to work with a wide

variety of malware. This means not only releasing products but providing

continued support: testing them, and releasing updates for the whole product
range. Companies that cannot keep up with the very latest technological
developments will not be able to break into new industry segments. Moreover,
they will start to lose ground on their own territory, and current competitors or
completely new players will take advantage of new market opportunities.
Factor 3: Microsoft
Microsoft is going to be seriously focusing on the security solutions market; this

will include developing antivirus solutions. The antivirus industry is in a state of
shock - everyone remembers Netscape and other independent projects, which
either significantly lost market share or disappeared altogether after Microsoft
produced similar products. Microsoft is planning to bring the following to the
market:
antivirus for home PCs

antivirus for workstations (planned for the future)
solutions for MS Exchange (using the multi-engine Antigen from Sybari)
Of course, the appearance of this commercial giant will be a heavy blow to other
manufacturers. But just how heavy will the blow be is hard to predict.
Users come in a range of shapes and sizes. So what factors influence them when
buying an antivirus solution?
Commodity: the user buys the cheapest antivirus, or the most attractively
packaged.
Branding: The user buys either a brand to which s/he has loyalty. or a
branded product which has been successfully marketed.
Branding: the user is determined not to buy a Microsoft product. Such
consumers will not trust antivirus solutions produced by this manufacturer.
Performance characteristics: the overall quality of the product.
It’s clear that these factors, and the types of user described, don’t exist in any pure
form. The factors which influence consumer chose will be a combination of
A+B+C+D in varying degrees. If we’re talking about the home user market,
factor B will have a significant influence. For example, as Antigen uses several
antivirus engines (including some very good ones), the corporate market will be
influenced by B+D. In order to estimate Microsoft's future market share, and the
losses which other antivirus companies will correspondingly suffer, the value of

A, B, C, and D needs to be determined. This is a simple task which can be

fulfilled via consumer surveys.
Conclusions
As shown above, there are three deciding factors which affect the condition of the
antivirus industry:
The criminalization of the Internet

Various types of criminal activity
Antivirus protection from Microsoft
The antivirus market of the future will be heavily influenced by these three factors
and to a certain extent it has already started influencing the consumers and the
market as a whole.
So is it time to throw in the towel?
The answer to this question is unclear. We should remember Microsoft’s first

attempt to create an integrated antivirus solution, MSAV for MS-DOS in 1994.
This attempt was unsuccessful. It’s rare to make the same mistake twice. 12 years
have passed since 1994, and a lot has changed during that time. The most
important thing is that consumer demand for quality has increased: detection
rates, speed of reaction to the dramatically increased number of attacks, frequency
of updates, proactive technologies.
If a product is technically sound but does not offer better antivirus protection than
Microsoft’s solution, it will more than likely be bought mainly by consumers
influenced by factor C. If a product offers better protection than Microsoft’s
antivirus together with a lower price, then it will appeal to buyers of all
categories. Furthermore, if an antivirus developer’s engine is integrated into
Antigen, then there is no need to worry about the future (as long as the engine
continues to be used). Microsoft will not be selling the product itself, but taking a
percentage from the vendor. And for Microsoft, that is the beauty of it: it can sit
back and enjoy the profits (and the ideology of a “multi-engine solution" will
transform the antivirus business into a trade in engines rather than products).
It will be a different, rather sorry, story for those vendors whose antivirus engines
are not integrated into Antigen. On the other hand, such companies should not,
perhaps, be written off; as there's no solution which can provide 100% protection
against all threats, the IT market (including the antivirus market) is extremely
crowded. The more troublesome a disease, the more medicines will be taken to
combat it: in a similar way, users plagued by computer viruses are ready to

embrace new technologies to rid themselves of the problem, and this means they
will be ready to embrace a variety of solutions, not only those from the software
giant. The message to antivirus companies is clear: if the company is not only to
survive, but to survive profitably, compatibility issues have to be solved. Engines
from different developers have to be developed with peaceful coexistence in mind
(as is the case with Antigen) Another alternative is to develop double or triple
layer protection against Internet threats.
The conclusion: It’s likely that things won’t turn out that badly. However, some
antivirus companies will have to start cutting their budgets and thinning the ranks
of their employees. Public companies will find that Microsoft’s entry to the
antivirus market will impact the value of shares, and a fall in value will have the
following negative consequences
It will be harder to attract investment

Employees share options will be devalued
One consequence will be that middle and senior management will desert the
company.
Summary of trend analysis:
Changes are underway in the antivirus industry and will continue for some time to
come. It’s not unlikely that Microsoft’s entry to the IT security market will be a
decisive factor which affects the changing situation. The software giant’s entry
will undoubtedly have an impact on the best-known industry players and the
current market share of antivirus companies is likely to change radically.
Naturally, each company will be affected in a different way. For some, it will
come as a heavy blow, while others will barely be affected and yet others will
welcome Microsoft’s arrival on the market. The only factor which will be a
watch-out for all is whether Microsoft makes the product available ata consumer-
friendly price or not.
The most negative consequences will be felt by:
Publicly held companies

Businesses which rely on income from the market sector which Microsoft
is entering
Manufacturers with engines which are inferior in quality to Microsoft’s
Manufacturers whose engines aren't used in Antigen
The brightest future awaits:

Privately held companies

Manufacturers with a broad product range
Manufacturers with a high-quality engine
Manufacturers whose engines are used in Antigen
Hopefully, the arrival of the software giant on the IT security market will have a
positive impact on future developments in this field and will raise the quality of
security solutions, if not then atleast increase the competition among the existing
big players for the benefit of the organisations and the consumers. It is to be
hoped that the Internet will become a safer place as a result - every desk will not
only have a computer on it, but a secure computer.
CHAPTER 8
MARKET VIEWS & INTERVIEWS
Dipen Halwai (Candid Magazine Management, Gujarat Region)
About Dipen Halwai: Mr. Dipen is in charge of Candid magazine in the entire
state of Gujarat. Candid is the most referred magazine by the Computer and
software dealers for knowledge and details about various IT products existing or
being newly launched in the market. He has been working with the magazine
for many years now. He is also a key distributor for Kaspersky Antivirus in
Ahmedabad.
The following information came into light from the interview conducted:
What is your opinion about the antivirus market in

Ahmedabad as well as Gujarat as a whole?
Ans: We will discuss about the brands which have somewhat a

considerable impact on the market. These brands are – Kaspersky,
QuickHeal, AVG, Norton AV, Net Protector and EScan.
QuickHeal has a very good track record in Ahmedabad as of now,

Kaspersky is growing as a brand which offers good performance
and is cheap as well, Norton is preferred by Corporates as it has a

good image since a long time and the clients have developed a
sense of trust in the brand, Net Protector is a comparatively newer
brand which has found ground in Ahmedabad and they are
approaching and spreading in the market fast with strategies
imitated from QuickHeal, Norton and Kaspersky, EScan is also
becoming a preferred brand for those clients whose work rotates
around internet usage and added to it is cheap and gives good
scanning support.
Which are the other brands which exist in the market?
Ans: K7, iolo, G-Data, Trend Micro, Trust port and McAfee.
Can you throw some light on the margins for dealers on these
softwares? (approximately)
Ans: QuickHeal Products:
Total Security: End-user price - Rs.1650

Dealer price - Rs. 900
Guardian: End-user price - Rs. 600-700
Dealer price - Rs. 280-300
Internet Security: End-User price - Rs. 1000
Quick Heal AV 2010 End-User price - Rs. 650
Further discussions with Mr. Halwai revealed the following facts:
• One major differentiating factor in the two major competing brands

of Ahmedabad viz. Quick Heal and Kaspersky is that while the
former needs a system formatting before updating or installation of
newer version, which runs the risk of releasing viruses from the
virus chest, the latter presents no such problem.
• Kaspersky AV needs no specific renewal action.
• In Gujarat, Quick Heal AV is dominant in the Ahmedabad market

due to its on-site local support, however some other brands which
are doing pretty well are Trend Micro in Surat and South Gujarat
districts, Norton AV in Banks and other financial institutions and

Kaspersky among students of various disciplines (because of its

low price).
• Net Protector is a good AV software, but its market hasn’t the

required boost due to less awareness among the consumers.\
• Kaspersky’s performance in comparison with QuickHeal I regards

with encryption protection is far superior which also helps in
making the software faster, lighter and better when downloading
updates is the context.
• K7 had a good Brand image but they stopped their core product
and started Total Security. This created a doubt in the mind of the
customers that K7 was not competent enough and moreover it
failed to instill confidence in the mind of the customer about the
new product.
• Iolo had also introduced System Shield in the Indian market some
time back, but due to inadequate advertising and less promotional
activities by Mediaman Distribution (its main distributor in India),
it failed to capture the customers even after keeping a low market
price of Rs. 390 for a 3-user pack.
• As a changing trend, awareness has increased among the IT

customers in the last 3 years. Earlier virus definition was not that
clear and hence people were not aware of data theft through spam
mails, etc. But now data theft has increased and with the customers
becoming smarter, they don’t mind going for an expensive
software if it serves the purpose of data protection properly.
• McAfee used to follow the PULL strategy in the sales of its

products but now they have shifted to a PUSH strategy with the
market being increasingly flooded by more and more competitor
companies.
• TAG Computek Pvt. Ltd. is the national distributor for TrustPort

in India now. Earlier this distributor used to deal in Kaspersky AV,
but now they have shifted their operations to TrustPort. This
distributor is trying hard to promote the brand name of TrustPort
AV and has fairly succeeded in doing so in Mumbai.

• Kaspersky’s appointment of Mr. J. Tripathi, former Marketing head

of QuickHeal has helped the former a lot in recent times and
competition is expected to grow in the near future.
• The expected approximate budget for the top three antivirus players
in the Indian market for this year for promotional activities has
been given below:
Norton: Rs. 2-3 crores

Kaspersky: Rs. 4-5 crores
QuickHeal: Rs. 1 crore.
• Mr. Dipen Halwai also suggested that there are some companies
which are there to remain in the market for some timeand
QuickHeal is one of them.
• In Gujarat, the monthly share of sales approximately has been

given below:
QuickHeal: Rs. 3.5-4 crores

Kaspersky: Rs. 1-1.5 crores
Norton: Rs. 1.5-2 crores
Trend Micro: Rs. 25-30 lakhs
EScan: Rs. 50 lakhs
• Another surprising fact revealed by Mr. Halwai is that there are

often hidden sales in the market which deceive the companies of
the actual sales of their software products. To support this he said
that most of the distributors suggest upcoming dealers and
distributors to deal in QuickHeal just because that will reduce any
unwanted competition in the market among the dealers. The main
fact underlying this behavior is safeguarding their margins and
customer base. But at the same time they suggest the customers to
buy Kaspersky instead of QuickHeal citing the reason that
Kaspersky comes cheap and it also gives them better margins than
QuickHeal. This is actually an alarming case for QuickHeal
Technologies.
• A small analysis of the sales trends of the AV softwares in the

market has been given below:

2 years back, Bit Defender’s sales was better than

Kaspersky in India, now it’s the opposite
G-Data is doing good promotion through engineers and
technical people in Gujarat, but has failed to increase sales.
Trend Micro has not succeeded in improving sales either
QuickHeal, Norton and Kaspersky’s sales have increased
gradually over a period of time now.
K7’s sales fluctuate from time to time
EScan’s sales have increased in Gujarat, but the increment
has been on a slow basis.They are now targeting new and
prospect dealers.
McAfee’s sales have declined over the years.
Candid magazine has approximately Rs. 2.5-3 yearly budget for

Kaspersky’s promotional activities.
Mr. Halwai suggested that now that QuickHeal has started

promoting the brand in local Television media and Radio, other
brand will also follow suit soon. So QuickHeal should start
thinking about alternative options for promotion which will project
the company name and its product in a different and more effective
way.
Mr. Anil Gupta (National Sales Head, EScan)
An online interview of Mr. Anil Gupta, national Sales Head, EScan (secondary
data) is given below:
• What is your present focus of operations in India?
We are working to strengthen our market presence in the East and North
region by adding more channel partners to our network focusing on more
penetration in the B & C class cities.
• Information security solutions are considered to be a lucrative
opportunity in India. What are your comments on this?
Security as Industry is growing very rapidly, Antivirus and Internet

security market has been growing at rate of 28% YOY, and with onslaught
of PC penetration in B & C Class cities the Market opportunity and growth
will definitely remain in double digits. Opportunity for partners is
immense for right solution provider who can deliver product and help

client secured his operation. The anti-virus industry is growing extensively

and the market opportunity in the SOHO and retail segment alone is US
$40 million (nearly Rs 200 Crore). The SMB enterprises again are looking
beyond end-point security and they want a total solution, ranging from e-
mail security, gateway-level specialized security and spam control, among
others. Growth will largely be fuelled by PC penetration and SME/SMB
segment which is growing exponential.
• How do you plan to tap the solution providers which are working on
this segment? Do you have any partnerships with systems integrators?
We have been talking to Solution providers about the advantages of

working with EScan in terms of ease, better product portfolio and Features
software, higher margins, better incentives and good support and above all
customized product offering, where we are already working with some of
the big SI like HCL/CMS/ALLIED.
• What is your channel policy in India? What kind of channel expansion

are you looking for in the near future - both in resellers as well as
solution providers?
We plan to introduce this year a special program for the resellers to

proactively sell EScan, thus looking for an additional 5-7% increase on our
present market share to capture approximately 15% of market in consumer
segment, primarily with the packaged software in the SOHO segment.
This will also be driven by our plans of consumer awareness and
activation program across India.
• What is your growth strategy here? What are the engines of growth
for EScan in India?
Our previous channel programs has been accepted very well by the
channel continuing that we want to add the "Authorized EScan Resellers"
nos to atleast by 400 no.s through our new partner Development program.
This encompasses and rewards the channel for their contribution to the
mutual growth. In order to achieve our objective the key initiatives are
partner enablement and training on our existing solutions. Identifying new
partners in territories where we have traditionally not been present, thereby
achieving 200-250 thousand users during the year. We are constantly

evaluating and appointing new channel partners to further our growth.

Ideally, we like to identify new markets for our channel expansion.
• How do you look at the competition from other vendors operating in

the similar segment? How do you differentiate and win over the
competition?
EScan provides its partners with the latest update on its competition
through our partner portal. That would help our partners to position us
much more aggressively against competitive technology or vendors. EScan
sells its products in the Indian market. We also have a Development
Center in India which helps us to identify and develop some key features
and probably tailor them more to requirements from Indian customers.
Source: http://cellit.co.in/Interviews_Inner.aspx?ID=38
CHAPTER 9
FINDINGS
9.1 MARKET DYNAMICS
The market dynamics of the Antivirus industry can be studied in view of four
major segments, viz:
Market size:
According to US-based research firm Forrester, this market was
just about $35 million last year in India. This fiscal, it is projected
to grow at a robust 37.6%.
Market trend:
This topic has been discussed earlier under heading.
Drivers (Growth and Technology):

With more than 400 viruses said to be doing the rounds over the
internet at any given point, the threat of security breaches is
driving the market for antivirus products.

IDC, a US-based technology research firm, expects the number of

devices connected to the global network to double to 3 billion by
2011.
With newer and newer electronic products being introduced in the
market today, starting from laptops to mobile phones with multi
functions and the extent to which they are involved in data transfer
and internet usage, the risk of new viruses is on the rise with the
day.
Strengths and weaknesses:

The major strength of this industry is that there is no other way to
tackle viruses and protect the data of the people worldwide other
than through the softwares provided by the various brands
available. And with a gradual increase in the affordability of these
softwares, the market and the customers have witnessed a fast
change in the ways available to protect their data and systems from
hostile factors.
The major weakness of this industry is the constant attack of piracy

and to a large extent, the industry’s inability to prevent the
duplicacy of the softwares, which become available to the
customers through torrents sites.
9.2 MAJOR FINDINGS
Dealers/ Distributors/ Retailers approached:
• Personal interviews: 85
• Telephonic interviews: 33
Industry experts: 02
Total: 120 respondents
From the surveys and interviews conducted in Ahmedabad among various

dealers, retailers and distributors of antivirus softwares, the following have been
found out:
• In terms of availability, (in descending order)

QuickHeal AV products: 96 dealers / 118 dealers

Kaspersky AV products: 91 dealers / 118 dealers
K7 AV products: 63 dealers / 118 dealers
Symantec (Norton) AV: 55 dealers / 118 dealers
Net Protector AV products: 39 dealers / 118 dealers
EScan AV products: 29 dealers / 118 dealers
AVG products: 17 dealers / 118 dealers
Trend Micro AV products: 09 dealers / 118 dealers
Mc Afee AV products: 08 dealers / 118 dealers
Bit Defender AV products: 02 dealers / 118 dealers
G-Data AV products: 02 sealers / 118 dealers
Doctor Spyware products: 01 dealers / 118 dealers
Therefore, in terms of availability, QuickHeal Antivirus products are the

most available in the antivirus software market of Ahmedabad, Gujarat.
• In terms of product performance, ranks of the antivirus software brands

operating in Ahmedabad have been given below: (from the charts)
1. QuickHeal AV
2. Kaspersky AV
3. Symantec (Norton) AV
4. Net Protector AV
5. K7 AV
6. EScan AV
7. Trend Micro AV
8. AVG
9. Others are insignificant
Therefore, QuickHeal antivirus leads the rank list for the best performing
antivirus software, followed closely by Kaspersky and Symantec (Norton)
antivirus.
• In terms of pricing and dealer margin, (top 5 antivirus softwares)
1. Kaspersky AV
2. Net Protector AV
3. K7 AV
4. EScan AV
5. AVG Antivirus

The dealer margin list is headed by Kaspersky antivirus, followed by Net

Protector and K7 antivirus. QuickHeal and Norton antivirus don’t feature
in this list due to their comparatively higher price range for the end-user as
well as a higher dealer-buying price.
• In terms of company support such as advertisement, promotions, freebies

and discounts for dealers, etc,
1. QuickHeal AV
2. Net Protector AV
3. Kaspersky AV
4. EScan AV
5. Others are insignificant
• In terms of post sales services such as after sales technical support and
assistance, toll-free number help, etc,
1. QuickHeal AV
2. Net Protector AV
3. Others are almost same i.e toll free help numbers are available and the
end-users have to call at these numbers whenever they need any
technical assistance.
For QuickHeal and Net Protector, local technical support is available.

EScan is also planning to come up with a technical team to support the
customer base during technical problems such as installation,
upgradation, etc.
• In terms of customer demand, (top 5 brands)
1. QuickHeal AV
2. Kaspersky AV
3. Net Protector AV
4. Symantec (Norton) AV
5. K7 Antivirus
Thus we see that the customer demand for QuickHeal Antivirus in

Ahmedabad is much more than the other competing brands. The second

ranked brand is Kaspersky and is closely followed by Net Protector, an

upcoming brand and then Symantec’s Norton Antivirus.
• POSITIVES
The positive facts learnt from the survey have been listed below:
Products of QuickHeal Antivirus Technologies Pvt. Ltd. are the best

selling antivirus products in the city of Ahmedabad with almost every 3
out of 5 customers desiring to avail the brand.
The customers prefer and opt to purchase QuickHeal antivirus, Internet
Security and Total Security for their laptops and computers (depending on
the level of usage) more than any other brand despite of the comparatively
higher price of QuickHeal products.
The advertisements in Radio and television media have helped spread
news and awareness about the products and people who earlier did not
have much knowledge about the importance of an antivirus software have
turned to QuickHeal Antivirus products as their first trials.
• NEGATIVES
Grownak Enterprise located at Paldi area of Ahmedabad is the first

enterprise/ dealer to feature in the list of www.justdial.com when a
prospect customer searches for QuickHeal Antivirus dealers. But this
dealer is now pushing the sales of Net Protector Antivirus. This is a threat
to QuickHeal Antivirus Technologies Pvt. Ltd. as it faces the risk of losing
a bulk of potential customers to Net Protector and also a diminishing
demand of its products due to availability of such dealers in the market.
Lesser visits and supervision by the QuickHeal staff, as stated by the
dealers. This is hampering further growth of QuickHeal and allowing
other brands to rise because the staff and representatives of other brands
such as EScan and Net Protector are spread wide in the market in search of
potential dealers who are willing to shift brands and deal in newer
products which give them more profits and margins.

CHAPTER 10
CONCLUSION
13.1 RECOMMENDATIONS
• QuickHeal AV Tech. Pvt. Ltd. should step up dealer satisfaction strategies

to an extended level because as per most of the dealers, QuickHeal gives
benefits and special gifts on the achievement of a certain level of points in
the sales. And this actually doesn’t benefit the dealers much. Like Net
Protector and other brands who follow such schemes, if QuickHeal too
emphasizes on giving discounts on the purchase of software packs by the
dealer from the company or distributors, it will help the dealers more as
they can utilize the money saved in some other fruitful activity. One dealer
even suggested that if QuickHeal introduces schemes such as 2 packs free
with the purchase of 10 software packs for the dealers, then it will benefit
more than receiving a cutlery set on the attainment of some points during
sales.
• As per the industry expert Mr. Dipak Halwai, Kaspersky AV is planning to
sweep the market in the coming year or two with extensive marketing and
promotions. QuickHeal should not only restrict itself to Radio and TV ads
for promotion, but also, if possible, go mobile with probably a van with
representatives who can go door to door to offices, schools, colleges, etc
and give free demonstrations.
• QuickHeal Antivirus Technologies Pvt. Ltd. also should try to keep a
monthly update of the number of new dealers in the city every 2-3 months
and check the trend of dealership with these new entrants. This will give a
clear picture of what the other brands are planning and how fast they are
trying to capture the Ahmedabad market, thus breaking up QuickHeal’s
market.
• If possible, QuickHeal should reduce the dealer-buying price of the
softwares as this will encourage the dealers to go for QuickHeal more than
Kaspersky AV. At present the only factor which is helping Kaspersky win
over QuickHeal regarding dealer margins is the low price at which the
dealers get the softwares from the company. If QuickHeal is successful in
formulating a new lowered price for the dealers, it can potentially catapult
the sales of QuickHeal AV products.
• The company should constantly\keep vigil on the growth of piracy.
Antivirus software available for Rs. 100-150 in the piracy market can

dampen the overall sales of the original softwares, especially those which
come a bit expensive such as QuickHeal AV and Norton AV.

CHAPTER 11
REFERENCES
• antivirus.about.com
• anti-virus-software-review.toptenreviews.com/
• www.pcantivirusreviews.com/
• reviews.cnet.com/software/
• www.pcworld.com/article/.../top_antivirus_software.html
• www.antivirusware.com/
• www.consumersearch.com/antivirus-software
• www.gartner.com/press_releases/asset_154006_11.html
• www.internetnews.com/xSP/.../Whos-Who-in-Antivirus-Software.htm
• www.articlesbase.com/.../antivirus-market-share-1658507.html
• www.av-comparatives.org/comparativesreviews/main-tests
• www.av-comparatives.info/
• www.av-test.org/
• www.dslreports.com/forum/r24361500-AV-Comparatives-ProActive-Test
• www.infosecurity-magazine.com/
Apart from these, individual official websites of the following Antivirus and software companies
have been referred for secondary help in the compilation of this report:
• QuickHeal Antivirus Technologies Pvt. Ltd.

• Kaspersky Antivirus
• Symantec Norton Antivirus
• K7 Antivirus
• Microsoft

Overview of The Antivirus Industry in India: A Report ON

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Overview of The Antivirus Industry in India: A Report ON

Uploaded by

Copyright:

Available Formats

2010

Compiled & submitted by:

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

A report submitted in partial fulfillment of the requirements of

MBA Program of SIIB, Pune.

COMPILED AND SUBMITTED BY:

Mr. Pranav Pawar

Assistant Manager (Marketing)

QuickHeal Antivirus Technologies Pvt. Ltd.

QUICKHEAL ANTIVIRUS TECHNOLOGIES PVT. LTD.

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

(Summer Trainee, SIIB)

QuickHeal Antivirus Technologies Pvt. Ltd., Pune

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

1.1 Understanding how anti-virus software work

1.2 How does an anti-virus detect viruses?

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

1.3 When does the AV detect a virus?

1.4 What anti-virus software can and cannot do?

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

No anti-virus software in the world will provide you 100% protection, no

If a virus is detected will my anti-virus software be able to repair it? Well,

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• In 1990, there were around 50 viruses.

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

2.2 The Antivirus companies worldwide:

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

2.3 The last decade – an insight

• 2000: The New Millennium

What is remembered is that anti-virus companies still weren’t prepared to handle

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2001: The Zuzu Virus

Security teams at hundreds, perhaps thousands of companies, responded quickly.

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2002: A Little Tea Party

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2003: Pervasive Pervasiveness

• 2004: With Sugar, Please

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

of security. Behavior Control Lists (BCLs), which were introduced in Java

• 2005: The Digital Economy

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

company rushed to solidify their presence in the digital economy, eventually

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2006: Moore’s Wall

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

In 2006 Intel, then the world’s pre-eminent maker of microprocessor chips,

• 2007: The Unwiring of India

Moore’s Wall had an interesting effect. As it became harder to compete on raw

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2008: Nothing Happens

In 2008, nothing happened. Well, nothing directly relevant to the anti-virus

• 2009: A Solution Emerges

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

• 2010: Hello? Hello?

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

: OVERVIEW OF THE ANTIVIRUS INDUSTRY IN INDIA

3.1 Expert’s voice:

MH Noble, MD, Zoom Technologies, distributors of Kaspersky range of solutions in

Peter Baxter, VP-Business Development, AVG Technologies explained, “No company