Challenges for young anti-malware products today (presentation Virus Bulletin 2019)

Sorin Mustaca (Sorin Mustaca IT Security Consulting)

Download the slides:

There are two categories of anti-malware vendors:

  • Established anti-malware vendors, who are preoccupied with getting the best scores in detection tests and capturing more market share.
  • Emerging anti-malware vendors, who are trying to understand what they need to do in order to enter the market.

This paper is about the second category of companies: those who are trying to enter the market either because they have identified a small market segment which they think they can serve, or simply because they’ve heard they can make some easy money. None of these emergent companies actually know what it takes to make a ‘real’ anti-virus product. They try to enter the market by creating some software that detects malware using a third-party scanning engine and soon realize that things are much more complicated than estimated: they face a multitude of problems they don’t understand and realize that there are more who want to see them fail than who are able and willing to help them.

In this paper I will discuss some of the challenges emergent anti-malware companies face:

  • Technical: how do you create an AV product?
  • Certification: how do you get tested and by whom?
  • Reputation: how do you establish a good reputation and remain unblocked by the ‘big guys’?
  • Blacklisting: what happens if you get flagged by some established companies?
  • Getting along with Microsoft: how do you establish a realistic ‘go-to-market’ plan?
  • Free product: what does it take to make a ‘free’ anti-malware product?