ALWIL CTO speaks of company uptrend

May 1, 2010 04:28 GMT  ·  By

Ever since its inception years, avast! Antivirus has continually grown to its present reputation of reliable antivirus and, more importantly, one of the most complete free security pieces on the market. The differences between the freebie and the paid version of the product are few and, for some users, insignificant.

Working on the improvement of all the products by adding new components and perfecting technology, Avast! has made its way among the top dogs of the industry. Moreover, its user base is on an ascending path, despite the fact that the latest version of the free product has not been adopted by all avast! users just yet.

ALWIL Chief Technology Officer Ondrej Vlcek was kind enough to answer some questions about the company and its most demanded product, the free antivirus. The questions cover product and technology-related issues and are revealing of ALWIL’s constant uptrend and future plans.

Softpedia: avast! offers by far the most complete, feature-wise, free antivirus solution on the market today. Some people question the profitability of this business model, and claim that users of free versions are rarely interested in upgrading. Can you estimate a conversion to paying customers rate for your free product?

Ondrej Vlcek: While we don’t disclose the exact numbers, I can say that the actual percentage of people who upgrade to the paid product is in low single digits. These numbers significantly differ country by country; the conversion rates in the English speaking countries are typically the highest.

Softpedia: To our knowledge, avast! is the only free antivirus product to feature behavior-based detection. From our experience, such a component can be instrumental in catching complex trojans like ZeuS or Clampi, which are constantly modified to evade traditional signature-based or even heuristic detection. Do you think avast!'s Behavior Shield gives it an edge over the competition in this respect?

Ondrej Vlcek: The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.

For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.

Softpedia: Avira recently claimed an over 145 million user base. We know that avast! celebrated reaching 100 million registered users back in December. Can you reveal what the figure is right now and can you estimate how much, percentage-wise, has version 5 of avast! Free Antivirus contributed to your user base growth?

Ondrej Vlcek: First, when talking about the size of the user base, one should make it clear what the numbers actually mean. In avast!, we use two metrics. One is the number of registered users (the free version of avast needs to be registered in order to work) and this number is currently about 110 million. Second is the number of active users. This means the number of machines that actually go out and download a definition update at least once during a given period of time (e.g. one month). In case of avast, this second number is currently something below 100 million. This may not sound so big but if you think about it, this equals to some 15-20% of all consumer PCs in the world (depending on which numbers you believe).

AVG’s numbers are similar. I don’t quite trust the Avira’s numbers as they seem to be inconsistent. In any case, we can assume that the free products are used by some 300-350 million users worldwide, and that’s a huge number. I think the traditional vendors haven’t quite realized yet that the market has really started to lean towards the free products.

But to answer the original question, as of April 2010, about 2/3 of our user base is still running the 4.8 version. Unlike the other vendors, we don’t rush upgrading our users. We expect the upgrade campaign to last at least till autumn.

Softpedia: The difference between the Free and Pro versions of avast! Antivirus, as far as included technologies go, is the Sandbox and the Script Shield components. Can you explain in more detail how these features work and why a user would pay almost 35 Euros ($48) to have them?

Ondrej Vlcek: We recently did a survey among our users who decided to upgrade to the paid product, and the results were quite interesting. About one third of the users upgraded because they just felt like paying us some money (after a year or two of using the free product). And another third upgraded because they were convinced the paid product would provide better protection (without actually studying what were the technical differences).

In any case, we now position the Pro Antivirus as a product for advanced users. The mainstream paid product is now the Internet Security Suite (which also includes a silent firewall and an antispam), and indeed, roughly 75% of our users are now upgrading to the Suite (and only 25% to the Pro AV).

Softpedia: Cloud-computing-assisted malware scanning is a technology some vendors are adopting in order to develop AV applications with improved performance. Is ALWIL considering a similar direction for its future products?

Ondrej Vlcek: Yes, I can confirm that we are working on certain protection features that will actively work with our backend servers (as opposed to passive updates). I’m not a big fan of the term cloud though – I think many people use it in many different contexts, but most users don’t really understand the meaning or the benefits.

Certain problems can be solved more efficiently by means of real-time communication with the backend servers, although by far not all – so we certainly don’t want to use it for things that are better accomplished locally. We will be publishing more details on this in the upcoming months.

Softpedia: We know that users of avast! Antivirus contribute to a community-based malware intelligence gathering effort, called Community IQ. Can you explain what kind of suspicious samples are collected through this component? Is this limited to suspicious PE files or are other potentially malicious files, such as PDFs, also included?

Ondrej Vlcek: In the current implementation, the only files that are gathered are indeed binary/executable (PE) files. These are accompanied by additional context information though, such as the originating URL, parent/child processes etc.

Softpedia: To what extent has the distribution of Google Chrome participated in the development of the free product? Is it a source of steady income that also partially funds the development of your paid products?

Ondrej Vlcek: The main purpose of the Google Chrome distribution deal was not to bring us revenue. As you may remember, avast! is now being distributed as part of the Google Pack (European version only, at least for now) and these two deals were signed at the same time. We’re quite proud of partnering with Google – very few companies managed to establish a similar relationship with them, and there is definitely some potential here.

Softpedia: In our latest testing, we witnessed avast! 5’s amazing scan speed. Could you elaborate on the underpinning leading to such performance?

Ondrej Vlcek: There are many significant changes in the v5 engine, and many of them are performance related. Without going into too much detail, there are two main reasons for the increased performance: we scan fewer files, and those that we scan are processed faster.

Scanning fewer files is accomplished by means of the persistent cache, a feature that allows us to never scan files that are trusted (unless they change, of course). Faster scanning is achieved by a number of optimizations – taking advantage of all CPU cores, for example. As a matter of fact, we partnered with Intel and spent quite some time with their performance engineers, coming up with some neat tricks.

On the other hand, if you’re referring to the recent detection test, I’d say it’s a bit unfair to judge the performance of a product by its scan time on a set of malware. Normally, you only measure scan speeds on the clean sets as that’s what most users actually have (hopefully!). The reason for this is that in case of many AV products, whenever a virus is detected, additional tasks are taking place.

Softpedia: The online scanner has been around for some time now. Would you comment on its popularity among users?

Ondrej Vlcek: The online scanner is outdated now – it was never a full blown scanner, just a handy tool to scan a single file. And with online services like VirusTotal or Jotti available for some time now, we feel that the usefulness of this tool is very limited.

Softpedia: Is ALWIL ready to follow the model of so many antivirus developers and acquire technologies from other security companies?

Ondrej Vlcek: We’ve always considered ourselves as a technology company. We’re proud that over half of our organization is still made up of highly technical people – programmers, virus analysts etc.

To that end, we always felt that developing things in-house will give us ultimate control over the quality of our product. This is not to say that there won’t be any acquisitions, it’s just that so far, in-house development has worked better for us.

Softpedia: Has your company turned down any offers to license avast! Antivirus engine to third parties?

Ondrej Vlcek: Absolutely. We are getting such offers pretty much all the time. We generally turn them down as we don’t feel having even more players on the already crowded battlefield would be a meaningful thing to do. If you look at the latest Virus Bulletin comparative test, you will notice that there were roughly 60 (!) products there… this is ridiculous, given the number of the actual engines.

Softpedia: Every company looks to expand its activity. Is the development of other standalone utilities such as a standalone firewall or system cleaning utilities pinned in ALWIL’s future plans?

Ondrej Vlcek: The primary focus is the anti-virus, and that’s how it’s going to be in the foreseeable future. We’re obviously developing other smaller components but I don’t see them being sold as standalone products.

Antivirus is what we have been doing for the last 20 years, and that’s what we’re focusing on.