ESET’s Tony Anscombe takes a closer look at the anti-malware industry.

Last week Eugene Kaspersky posted a blog about his company’s – and more importantly the entire industry’s – struggle to ensure consumers have a simple and unhindered method to choose a security product.

As someone who’s been very close to the issues highlighted in Eugene’s blog I agree in principle with the majority of the points mentioned. In fact I could probably add my own list of examples, changes and concerns.

It is not surprising that Microsoft promotes Windows Defender and leverages its position as the operating system provider. Microsoft wants the operating system to be secure and the users’ experience to be free from malicious attacks. Windows 10 comes with Windows Defender switched on, and without any prompting very few people will consider installing an alternative..

An area we should also consider is that if you have a dominant vendor in any particular geography, does it increase or decrease the likelihood of being infected? A group of researchers analyzed data from over a billion machines running Microsoft’s Malicious Software Removal Tool; this runs on nearly every Windows machine to assist in removing specific, prevalent malicious software from computers.

The report was summarized by Neil Rubenking at PCMag. His article states: “Some countries exhibited a dismal diversity rating, with one product protecting the majority of all systems. These countries routinely displayed a higher-than-average infection rate, while those with more diversity had a lower rate.”

Simply put, this means if there is a dominant product in any region, there are more infections.

This is not surprising. Imagine a city where 50% of properties have the same alarm system: the thieves would only need to focus on how to breach one system and then have access to 50% of the properties. Cybercrime is a business and the bad guys know how to focus to make money; I am sure they would welcome a dominant anti-malware product.

Another concerning conclusion in the report is that people continually switch anti-malware vendors, with approximately one third doing so every four months or less. Rubenking states: “Countries with a high rate of infection also showed a high rate of ‘churn’, with many users switching antivirus products.”

The report hypothesizes that the churn is due to dissatisfaction with the anti-malware product. There are no proof points for this but it sounds plausible. Many anti-malware products expire yearly and then many people choose to run free products meaning that some switching is reasonable. I would have expected the rate of churn to be closer to 20% as opposed to the third stated in the data.

Microsoft wants Windows 10 to be a great experience for the user and the drive to make it the most secure Windows version yet is clearly top of the agenda. Taking the data points above that a single anti-malware product’s dominance increases infection and that churn is probably caused by dissatisfaction, then it’s clear that Microsoft needs the independent anti-malware vendors as much as the vendors need Microsoft.

While the industry considers its options, such as Eugene Kaspersky’s implication that his company will make a complaint to the European Commission, it would seem sensible for the industry to engage with Microsoft to explore potential dissatisfaction and assist in delivering the best Windows experience.

However, understanding the pressure that many of the companies have to monetize and return large dividends to their investors, I feel that there could be some resistance to changing the way anti-malware products communicate and behave.