http://www.eweek.com/article2/0,1895,1872416,00.asp By Larry Seltzer October 18, 2005 Opinion: If something goes up in price over 650 percent in four years it has to have gotten a whole lot better, right? The industry has shot anti-virus subscription prices up over the last few years hoping to make users pay full price every year. The price of most things in the computer industry is driven down over time, from competition, economies of scale and advances in the technology. But one product is up over 650 percent in the last 4 years: the annual subscription to Norton Antivirus updates. In 2001 Symantec increased the price from $3.95 to $9.95, quite a large increase on its own. Just recently, coincident with the release of the 2006 versions of their security line of products, Symantec once again increased the price of the subscription renewal to $29.99. The new 2006 version of Norton Antivirus, of course including an annual subscription itself, costs $39.99. Symantec's message is clear: you're a sucker if you don't upgrade the program. The only question is whether you're a sucker for getting the new version too. Symantec has absolutely been the leader in this price boom, but most other vendors have happily kept up. Many trail a bit behind. All of them are pricing their products so that you have a strong incentive not to renew your subscription, but to upgrade to the new version. From what I can tell, McAfee has moved completely to a subscription model for the software. The cheapest resubscription I could find was Computer Associates eTrust EZ Antivirus at $19.95. Their new product is only $29.95, so it too is no big savings over a full upgrade. So the point is not to get you to pay more for your signature resubscription; it's to move you to a model where you subscribe at once to software and signature updates, the model to which Symantec has moved with the 2006 products. The annual product version model is dead, more or less. If you were to buy Norton 2006 six months from now, and even if they come out with major updates in another 12 months, you'd get all the updates. I guess if I were an anti-virus company I would do this too; after all, the product actually doesn't change much from year to year, so there's not much point in existing customers upgrading. Symantec does claim advances in their products over the years, including the new 2006 versions - in particular a new Norton Protection Center which attempts to explain complex issues in straightforward language. I haven't tested the new products so I can't say whether they're worth going through the trouble of an upgrade. And installing a new Norton product these days is definitely a process that goes wrong for some [1] (check out this link too [2]). Anyway, with respect to the new features they add each year, so what? They may justify price increases in the new versions, but they don't justify increases in subscription cost for users of old versions who don't get the benefit of new features. Of course there are things that are good for the user about the subscription model. As Symantec pointed out to me, many users are confused about the fact that they pay for the product once, then after a year they have to pay once again for something not exactly the same. Instead, with 2006, they are told from the beginning that they are subscribing to all updates, including new features. Maybe it's clearer, it's hard to say. But it does clarify another problem Symantec has with respect to their copy protection. If the real value is in the subscription and not the initial software—and even the new software is useless if you can't update it—then there's no point in protecting the software through copy protection. They should give their software away and charge whatever they want for their subscriptions. Symantec says that the copy of the new software comes with an annual subscription and that the copy protection therefore protects that, but this just tells me they have an implementation problem. Incidentally, I was curious about how these program updates would be delivered. Right now Symantec has three different mechanisms: Automatic Updates, which happen without user action, deliver only signature updates. Manually running the LiveUpdate program delivers signatures and some program updates, such as bug fixes. And there have been some cases where Symantec has delivered updates as downloaded executables. I asked Symantec how they would deliver new updates including new features, and they got vague on me. It's not clear. If it's through manual downloads and the equivalent of an upgrade process then most users won't do it, although they will have access to it. It's especially galling to see Symantec increase prices for their signatures when they are regularly one of the slowest companies to update those signatures in response to threats. Symantec updates regularly once a week and only goes out of cycle with updates when a category 3 or higher threat comes along. In the last year there have been only a handful of 3+ threats. The signature update process has therefore become well-oiled and as regular as grandma when she takes her Metamucil. In fact, the 2006 versions address this somewhat. If you are running the 2006 or future versions you will get daily updates. If you're running 2005 or earlier versions, you're still on the old schedule. For this they deserve a raise? Other companies release at least once a day, many of them hourly, such as BitDefender and Kaspersky. This usually matters little, but if you're one of the unfortunate few to get one of the very common new threats at level 2 or 1 there could be 6 more days before Norton ponies up with protection for it. And for keeping you at the old, embarrassingly slow schedule, they do you the favor of charging you almost as much as they do for a full new copy. Maybe anti-virus vendors figure that their time is limited and that they better suck whatever money they can from customers before something supplants them. We've been looking at products like Panda TruPrevent that don't rely on signatures for detection; they're not perfect, but they're getting a lot better. One day if they get good enough the great Norton Cash Cow will moo its last. -=- Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. [1] http://blog.ziffdavis.com/seltzer/archive/2004/11/18/3338.aspx [2] http://blog.ziffdavis.com/seltzer/archive/2005/08/28/27160.aspx _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Oct 19 2005 - 00:10:15 PDT