Softpedia Exclusive Interview: AVAST Software CEO Vincent Steckler

avast! Free Antivirus is one of the most complete free antivirus solutions on the market today and is backed up by an over one-hundred-million-strong active user base. In turn, this makes it's developer, AVAST Software (formerly known as ALWIL Software), one of the fastest growing firms in the AV industry.

We recently had the opportunity to visit the company's headquarters in Prague and Vincent Steckler, CEO of AVAST Software, was kind enough to answer some questions for us and our readers. Have a nice reading and we hope you will enjoy this interview.

Softpedia: Do you have any plans to extend in other security sectors, like for example identity protection, encryption or secure storage?

Vincent Steckler: We look at it, but what we primarily look at is what's useful to consumers. Providing authenticated identities is a very tough thing and not very well understood by users. So, we're really focused on those things that consumers really need. It's obviously malware protection, things like firewall, anti-spam, anti-spyware.

We're debating about secure online backup. But storage right now, by others who do it, I think is primarily done for customer retention. That is, once subscription to your product expires, you immediately loose everything that you have stored online.

So, if you use a Norton product, you use the online storage. As soon as that Norton expires, you lose all your online storage and the only way of getting your backup back is to renew your Norton product. If we do something it would really be much more customer friendly. Although frankly very few countries have sufficient broadband into the home to really back encryption over the Internet.

Password management could also be very useful to users.

Softpedia: Any other particular service, except secure storage, that you are looking into? Related to security.

Vincent Steckler: Related to security, no. Products, yes. Such as family safety.

Softpedia: As a standalone product or integrated into your existent ones?

Vincent Steckler: Both, integrated and stand alone. In some cases that's a service, in others it's a product. Password management - sometimes a product; but the new way of doing password management is really as an in-the-cloud service, because you want your passwords to follow you, no matter what computer you're using.

Softpedia: What about your plans on the smartphone market, which is seeing a lot of penetration right now? A lot of people buy such devices and more importantly many use them to perform sensitive tasks like online banking. There is already malware for mobiles, such as trojans that steal credit and a lot of people were recently arrested in Romania for installing spyware on their business partners' phones. Are you looking into developing security solutions for smartphones?

Vincent Steckler: Well, we do have a couple of smartphone products already, but the thing with smartphones is that until Andoid, the most popular smartphones were basically locked down. The only way to really get a virus on an iPhone is to digitally sign it and have Apple approve it. This thing here [pointing to a Nokia handset] - I can't put any application on it that is not approved by T-Mobile. So, most smartphones are really locked down by the operator or the manufacturer.

Softpedia: Yes, but there was an iPhone botnet at some point, though, it mostly targeted jailbroken iPhones.

Vincent Steckler: Correct. I think it targeted entirely jailbroken iPhones, because that's the only way you can run a non-signed, non-Apple-approved application on an iPhone – if you jailbreak it. And the market for selling security to people who jailbreak phones isn't really huge. But Android is a different matter, because Android is wide open. It's not locked down by operators; it's not locked down by Google.

Softpedia: But it's not very targeted at this moment.

Vincent Steckler: We think it will be, because what's really required for bad guys to start targeting something is: number one – opportunity, being able to easily get into it. And it's too hard to get into devices that are locked down. And number two – sufficient users, to make it worthwhile. Android last month surpassed iPhone in unit sales in the U.S. and that's expected to continue to increase. So we think Android will be getting a lot of attention. It's the one we'd be concerned of.

Softpedia: I suspect you won't disclose conversion rates for users who convert from the free version to the paid version...

Vincent Steckler: It varies. In some countries it's zero, such as China. In other countries you get up into the mid to high single digits.

Softpedia: So it's into the single digits anyway.

Vincent Steckler: Always - but similar to OEM conversion rates. I would bet most OEM conversion rates these days, like on an Acer with trialware, is in the single digits. It's probably lower, but won't stay lower long term. I think eventually you'd expect free to paid conversion rates to be similar to OEM conversions, because free is really equivalent to OEM trialware.

OEM trialware runs for 60 days and asks for money. If you don't give it money, then Symantec or McAfee or whoever it is, turns off the product and says "Goodbye". The free product runs for a year, asks for money and if the user says "no thanks, I don't want to pay you money" it says "Ok, use me for another year and then I'll ask again". So, it's very similar to an OEM, except we don't take the product away.

Softpedia: Do you see Microsoft Security Essentials (MSE) affect your market share in any way?

Vincent Steckler: We haven't seen any impact whatsoever. We survey users who remove our product and ask them what product they're going to move to next and MSE is in the low single digits. Maybe 2% or 3% of the users who remove our product say that they're going to MSE. It's the same as BitDefender, for example.

Softpedia: A new beta version of MSE was recently released. It features an enhanced protection engine, a new behavioral component. Do you think it will change their market share?

Vincent Steckler: No, I don't think so, because the normal user has no idea what that means. My mother wouldn't know if  she needs a product with behavioral detection or not. What she relies on is what I recommend. I think that's what most average users rely on – a recommendation.

Softpedia: Why do you think Microsoft offers MSE in the first place? Data collection for their Forefront enterprise security solution, maybe?

Vincent Steckler: Data collection for Forefront has always been our suspicion. Microsoft's official reason was, I think, that they thought most users were unprotected. We obviously don't agree with that, but consumer traffic is fantastic for data collection, because consumer traffic is so much dirtier than corporate traffic.

Number one, there's a lot of rules at the workplace, but number two, there's a lot of other layers of protection. I think if you want to have a good corporate product, getting access to a lot of consumer traffic is very important, so, I always thought MSE was their way of collecting data for Forefront. But, there's nothing wrong with that.

Softpedia: Yes, as long as the users get protected.

Vincent Steckler: Right. But, remember, with MSE, the user can not opt out of having their data sent to Microsoft. If they want to use MSE, they have to agree for their data to be sent to Microsoft, which we think is a little unfriendly.

Softpedia: What do you think of "free for businesses"? There's only one player on the market which does this right now. It's Sourcefire with ClamAV for Windows. They're currently using Immunet's cloud-based technology and they're planning to add their own open source heuristics engine to it. It's in beta right now, but they've told us that they intend to keep it free for businesses. Do you think it will have any impact on the market?

Vincent Steckler: The fact that they're doing it, I don't think will impact anyone else's plans.

Softpedia: How about on the long term? If others would also pick up the idea?

Vincent Steckler: I don't think anyone else would do it just because they're doing it. Others may do it for their own reasons, but they are a very, very small player, with very little recognition. I think other companies do think about how they could do a freemium model for businesses.

Softpedia: Have you considered the concept?

Vincent Steckler: Of course we've considered it. It's something we constantly talk about, because we are a freemium company. It's pretty straight-forward on the consumer side to define free offerings and paid offerings, but on the business side it's a lot more difficult. And then, business products are still primarily distributed through big reseller networks.

Smaller businesses don't tend to have their own internal IT expertise, so they rely on local integrators. And a local integrator doesn't want to distribute a free product; a local integrator wants to make some money. That is the fundamental problem with a free product aimed at businesses – how do you distribute it? With free you can't just put it out there and expect all the businesses in the world to know about it.

Softpedia: Have you considered sub-licensing your antivirus engine like other AV companies do, for example BitDefender?

Vincent Steckler: We do it to one - it's an old agreement - to the same one BitDefender does – G Data. It's not our business. We're not interested in doing it. We get that request constantly and we always say no. We just don't believe that we should be licensing something that's very good to a competitor. We'd much rather keep our name on it and sell it ourselves.

Softpedia: How about having it integrated into gateway solutions, appliances or things like that?

Vincent Steckler: There's virtually no money in it. Because if your name is not associated with it, you don't get very much money. It's almost a commodity. Appliance manufacturers send out an email to a dozen mid to small AV firms and ask "Ok, who can give me the cheapest price?". And to us that's just not our business. We don't make a commodity.

Now, if you don't have a way of getting to users yourself, then that could be an interesting business. If you do enough of those deals, it does get you a reasonable revenue, but nothing like what you would get if you'd do it yourself. So, the big guys don't do it. Symantec doesn't do it. McAfee doesn't do it.

Softpedia: But they do build their own appliances.

Vincent Steckler: McAfee does. Symantec doesn't have any appliances anymore, but I've never believed into licensing IP [intellectual property] to competitors or pseudo-competitors.

Softpedia: How about selling access to data feeds, like AVG? Through a software development kit (SDK) they give access to their data on threats and bad URLs to other companies to use in their products. Opera is the latest example.

Vincent Steckler: They do that with a few. Once again, we do not.

Softpedia: And you don't intend to?

Vincent Steckler: There may be some special cases where we would, but we would never do that to a competitor or someone who's even close to a competitor.

Softpedia: So a browser vendor would be acceptable then? Like for example, if Google would like to integrate data from you in Chrome to protect its users?

Vincent Steckler: Possibly, possibly. I mean, it's not a guarantee. Once again, there's not much money in that, because there's no name associated with it.

Softpedia: And one last question. Are you considering going public with the company?

Vincent Steckler: It's premature right now. Long term, that's what we look at. Absolutely.

Softpedia: Thank you for taking the time to answer our questions.

Vincent Steckler: You're welcome.

(Transcribed from audio)


Photo Gallery (2 Images)

Gallery Image
Gallery Image

Hot right now  ·  Latest news