AVG Technologies Proposes Initial Public Offering (IPO) on NYSE

February 2, 2012 Addendum from Reuters - AVG Tech shares fall on market debut

“Shares of AVG Technologies NV (AVG.N), the maker of free PC and mobile anti-virus software, fell 19 percent on their market debut as investors grow wary of high valuations for newly listed technology companies.”

AVG shares closed at $13, which would mean a company valuation of $707 million. Shares had been sold to investors at $16. For the complete article:

www.reuters.com/article/2012/02/02/us-avgtech-idUSTRE8112EZ20120202

If you scroll down further in this blog, my estimated valuation in mid 2010 was about $750 to $800 million. I increased this to over $1.2 billion earlier this year (more recent revenue data).

January 13, 2012 update - AVG Technologies announced on January 13 that it has filed a Registration Statement on Form F-1 with the U.S. Securities and Exchange Commission in connection with the proposed initial public offering (IPO) of its ordinary shares. AVG has applied to list its ordinary shares on the New York Stock Exchange under the symbol "AVG."

http://www.marketwatch.com/story/avg-technologies-announces-filing-for-proposed-initial-public-offering-2012-01-13

This is a change from previously when they were talking about going doing an initial public offering on the London Stock Exchange or Warsaw Stock Exchange. According to Reuters, AVG Technologies has filed for the IPO for up to $125 million. The bookrunning managers for the proposed offering are Morgan Stanley & Co. LLC, J.P. Morgan Securities LLC and Goldman, Sachs & Co. Co-managers for the proposed offering are Allen & Company LLC, Cowen and Company, LLC and JMP Securities LLC. AVG had revenues of $218 million in 2010 and $198 million through Q3 2011.


Original Blog From August 2010

Last week, it was announced that “AVG Technologies has appointed Goldman Sachs, JP Morgan, Morgan Stanley and UBS as bookrunners for its upcoming IPO (initial public offering), with Jefferies acting as co-lead manager. The software firm is understood to be planning a primary listing in London to access institutional investors in the UK, but marketing will focus on American investors as AVG’s brand is strongest in the US”. http://www.ifre.com/equities-avg-appoints-for-uk-ipo/598999.article.

IPO Date?

So when will internet security provider AVG Technologies go public on the London Stock Exchange? – No official date has been announced. Earlier this year the company talked about going public during the latter half of 2010. The Prague Post had a fairly extensive chat with the company in April (Chasing a Billion Dollar Market)about AVG in general, and this was brought up. One question is whether the IPO will occur before or after the next major release of the company’s product lines. Going public before release could allow for a nice uptick, should the new version be favorably reviewed by the marketplace.

IPO activity has been relatively slow during calendar year 2010. Activity for initial public offerings seems to be increasing during the second half of 2010 versus the first half.

A number of competing companies will introduce new versions in the Q3 timeframe. Symantec has Norton Internet Security and Norton Antivirus in beta. Trend Micro’s Virus Scan API is in beta. McAfee Total Protection 4.5 is in beta. BitDefender Total Security 2011 and their Mac security product are in beta. Panda has rolled out their 2011 product line. Webroot has rolled out their consumer Internet Security suite. This isn't a comprehensive list. In order to be part of boxed promotions in the retail channel for their internet security suite, AVG is going to have to release something by early October, at the latest.

Market Capitalization

Valuating a software company for an IPO is always interesting. The market comparison approach was recommended in an article in Corporate Finance Review. In this approach, the company going public is compared to comparable publicly traded companies or recent transactions involving similar private companies.

A second approach they wrote about is using a revenue multiple of similar public software companies.

Potential comparable public traded companies to compare AVG Technologies to could include McAfee, Symantec, and Trend Micro. Potential reasons these aren't perfect: McAfee - Broader product line. They promote that they scale to the enterprise. They sell appliances, SW, and Software as a Service, which makes them a SW and HW company. They are a pure security play, however. Symantec has a broader product line than AVG. They promote that they scale to the enterprise while AVG is an SMB play. Symantec isn’t just a security company (Veritas acquisition, for example. Trend Micro has a broader product line. Their business products scale to the enterprise. Many of AVG Technologies’ competitors are private, so "numbers" are unavailable. So these three companies are probably the best comparable ones.

The author also discussed the asset approach (SW companies don’t possess a lot of physical assets) and the earnings approach. He wasn’t fond of the latter for a variety of reasons, including: the company may have been managed for growth, the company may have been focused on developing the technology, and valuation models based on earnings are highly sensitive to assumptions made. “Valuing Software Companies: One Size Does Not Fit All” Corporate Finance Review September/October 2007. http://www.thevenemareport.com/pdfs/3-Valuing%20Software%20Companies.pdf


Doing a comprehensive discounted cash flow analysis (while fun for quants) can be difficult. For AVG, there’s the free product, where revenue comes from someone other the home user. AVG gets revenue from the toolbar/Yahoo! (no, you’re not forced to use the Yahoo as your search engine). The “consumer paid” product line. Revenue from 3rd party partners who let individuals who want to download AVG Antivirus Free Edition upgrade to a paid product in exchange for purchasing something from the 3rd party. The “business paid” product line. The OEM business (deal with WatchGuard, for example http://www.watchguard.com/news/press-releases/wg438.asp ). There are the antivirus engine and the behavioral engines. Deals with ISPs. The Data Feed Solution (aggregate web activity of over 40mm AVG users marketed to 3rd parties) More detailed descriptions are on http://www.avg.com/us-en/gsa-solutions.

Other methods – Book Value, Internal Rate of Return (IRR) Profit/Sales Multiple, P/E (Price/Earnings ratio), Dunn-Rankin formula, free cash flow.

So what will the market capitalization of AVG Technologies be? (Note that the below uses no proprietary information!)

In October 2009, TA Associates paid more than $200 million for a 25% stake in AVG. “European Private Equity in Review”, full year 2009 edition at www.mergermarket.com. http://www.avg.com/us-en/press-releases-news.ndi-224903. This suggests that at the time of sale, 100% of the equity in AVG had a worth of about $800 million US.

In 2008, Symantec paid a revenue multiple of 5x and 4.8x for PC Tools and Message Labs, respectively. In 2009, McAfee paid a revenue multiple of 4.9x for MX Logic. Using a 5x multiple suggests a market cap of about $750 million US for AVG in early 2009. http://blog.updataadvisors.com/2009/11/05/avg-technologies-rakes-in-big-multiple-on-small-revenue/.

End of year 2009 revenue data? Unavailable. 2010 year to date revenue data? Publicly unavailable. It’s information like this that AVG, and the investment firms and bankers they’re partnering with are probably taking into “the room”, along with business projections for the next several years (with and without acquisitions), in order to arrive at an appropriate capitalization/valuation. Doing the math, and having an initial share price below what the math suggests is a way for a quick rise in price on opening day. An argument could be made that this leaves money on the table, however.

It will be interesting. Conversations may get intense. Beverages of all sorts will be consumed.

September Addendum

According to a Reuters article dated September 15, “Czech AVG's IPO to be worth 400-800 mln EUR” AVG Technologies Initial Public Offering “IPO” may take place in the first quarter of 2011. This is a change from what AVG has been saying. Previously, the London Exchange (UK) was mentioned as to where the company was going to be listed. Now it may be on the Warsaw exchange “and one other”. http://www.reuters.com/article/idUSWSF00947520100915

This differs from a September 12 Financial Times article where “bankers have signaled they are aiming for an autumn listing.” “UK tech sector poised for deal flurry” http://www.ft.com/cms/s/2/eed0f540-be9c-11df-a755-00144feab49a.html

The recent security technology acquisitions in North America may have contributed to the IPO not taking place third quarter

Bitdefender issues ‘H1 2010 E-Threats Landscape Report”

One bad Trojan is all it takes. For the first half of 2010, Trojan.Autoruninf.Gen accounted for over 11% of worldwide malware infections. According to the report’s contributors, the autorun technique is used by worm writers as a means of spreading their evil creation through mapped network drives or removable USB media, for example. Internet security providers had their work cut out for them.

The 33 page report is an interesting look backwards at the first half of the year. It’s vendor neutral. It’s actually a quick read with a number of graphics. For those who want a nice summary (if nice is the word), the report is worth downloading. This report isn't a "how to protect yourself" publication. The report looks at:

• Malware Threats in Review
• Spam and Phishing
• Phishing and Identity Theft
• Vulnerabilities, Exploits and Security Breaches

Other techniques talked about in the white paper besides Trojans that were used heavily included in the first half of the year included instant messaging worms and rogue AV software.

China and the Russian Federation have the negative distinction of being the predominant hosts for malware during the first ½ of 2010, at 31% and 22% respectively.

For Facebook® users, it was Koobface that wormed its way into the 500 million member community. Facebook Friends would find themselves receiving what looked to be a URL to a video page. Instead it would lead to an infected executable file.

Clickjacking was also a source of problems for the Facebook community as was deployment of adware via third-party rogue applications for Facebook®.

The US had its own negative claim to fame in the study. 28% of spam distribution by point of origin came from the US. China was distant second at 5%.

There are a few predictions for the latter half of this year.

• Botnet activity may increase
• Rogue software (particular AV) will trend upward
• Social networking sites such as Facebook will continue to be targeted
• In the Mobile OS world, threats will still be a rarity. However, Symbian, because of its 44% share, is the most likely target

The full report is available at http://www.bitdefender.com/files/News/file/H1_2010_E-Threats_Landscape_Report.pdf

OPSWAT Report on Worldwide Antivirus Application Market Share

On July 7, OPSWAT, Inc. published a report on “Worldwide Antivirus Application Market Share”. The results may not mesh completely with the results published by the vendors themselves (surprise!). The study period was January through May 2010. Note that these are antivirus deployments, not internet security suite deployments.

By product, the top 5 Windows antivirus deployments over the study period, by product were from los Free Amigos (Avast!, Avira, and AVG Technologies) and Microsoft.

• avast! Free Antivirus 11.45%
• Avira AntiVir Personal - Free Antivirus 9.19%
• AVG Anti-Virus Free 8.6%
• Microsoft Security Essentials 7.48%
• avast! Antivirus 5.4%

The order of the top 3 may be surprising to some people since on CNET’s download.com sight the typical weekly download order for the top three is AVG, followed by Avira and Avast. Download.com isn’t the only download site for these vendors.

The top 5 Windows antivirus market share leaders by vendor for the same period were

• AVAST Software 19.14%
• Avira GmbH 11.39%
• Symantec Corp. 10.06%
• Microsoft Corp. 9.29%
• AVG Technologies 9%

A more comprehensive listing can be viewed on the links below.

The vendor share reflects both paid and free AV, business and consumer. So the Symantec data includes both the Norton and Symantec AV brands. It does not include PC Tools, which they own. AVG Technologies drop in ranking from the product deployment table to the vendor deployment table relative to that of Avast! And Avira may signify that a much higher proportion of AVG’s installed base is their free software compared to the other two companies.

European vendors comprised 52% of the deployments, and North America 31%.

The press release for the above can be viewed at http://www.opswat.com/media/news/opswat-issues-groundbreaking-report-on-worldwide-antivirus-application-market-share

The complete report can be viewed at http://www.oesisok.com/news-resources/reports/worldwide-antivirus-market-share-report%202010

Both of these provide additional statistical details and methodology.

Viruses, Internet Security, the First Amendment, Eliott Spitzer, and Escort Services

The alternative headline was going to be “Who Pimped My Internet Security Product Testing?”, but common sense won out.

In 2002, then New York State Attorney General Eliott Spitzer won a case against Network Associates’ McAfee subsidiary regarding a “censorship clause” in some of the company’s Eula’s (End User Licensing Agreements). The clause stated that customers could not publish product reviews or results of benchmark tests without permission from the company.

New York State Supreme Court Justice Marilyn Shafer issued a ruling, prohibiting Network Associates/McAfee from trying to use end-user license agreements to ban product reviews or benchmark tests. http://news.cnet.com/2100-1023-981228.html

Eliott Spitzer became governor of New York State 2007. He resigned in 2008 when his name became affiliated with an investigation being done on a high end escort service. It’d be a cheap shot to mention the v word here! Spitzer will be joining with Pulitzer Prize winning newspaper columnist Kathleen Parker on CNN this fall. Quite a trick on his part. From high end call girls to cable.

If an antivirus and internet security provider is willing to collect revenue from customers for its product, they should be willing to have the product tested, benchmarked, and/or reviewed without making the test organization jump through a lot of hoops or “hinting” that something may happen if the test group vary from what they say on the form. If a vendor is willing to allow customers to download its product for free, the same holds true.

One security vendor’s website and their EULA for testing and benchmarking states in part - “You agree that the testing/benchmarking results will only be used as specified by you in this form and for no other purpose whatsoever. …reserves the right to use its sole discretion in denying your request as a whole or in part.” The EULA requires information about the method and purpose of testing, among other details.

It’s all related to that First Amendment thing on the west side of the pond. Freedom of speech and freedom of the press. Vendors cannot be expected to be able to examine complete test plans in advance. Results could originally be posted on a web site, then appear in a print article, be written about in blogs, etc. This doesn’t waive the requirement that the testers utilize best practices. Vendors should not consider it their right to review results in their entirely before publication and then back out if they don’t like the test results or text of the article. Test organizations and reviewers should be willing to allow vendors to vet feature check lists and pricing if these are part of the article.

Vendors should be able to exert more influence over a test being performed when a product is in beta. If a new version of the product is going to be released before the article is published, discussions would have to take place. These issues with dates cannot be helped sometimes, due to release schedules, and publication deadlines. For example, it may be unfair to the vendor (and the customer), if a group review is published for example and an older version of the product is compared with competitors’ current releases. They can’t use the phrase “we’re in beta” ad nausea, though. When results are online, publications/reviewers should make the effort to footnote the article, should a new version be released.

Virus Bulletin's Latest Reactive and Proactive (RAP)Test Results

Virus Bulletin has published their latest Reactive and Proactive (RAP) test results.

The RAP test measures products' detection rates across four distinct sets of malware samples. The first three test sets comprise malware first seen in each of the three weeks prior to product submission. These measure how quickly product developers and labs react to new malware emerging every day across the world.

A fourth test set consists of malware samples first seen in the week after product submission. This test set gauges products' ability to detect new and unknown samples proactively, using heuristic and generic techniques.

The relative performance of vendors can best be viewed by looking at the RAP Averages Quadrant (December 2009 through June 2010) chart at http://www.virusbtn.com/vb100/rap-index.xml.

Products/Companies with Reactive detection greater than 90% going from lower to higher on the y axis - AVG Technologies, Avira Free, Avira Pro, Kaspersky, ESET, Check Point, Coranti, and GDATA. The third company of los free amigos, AVAST, just missed 90%, it appears.

Products/Companies scoring over > 70% on the proactive portion going from lower to higher on the x axis were -Kaspersky, Ikarus, ESET, GDATA, Trustport, Coranti, and Check Point.

A full description of the RAP testing methodology and explanation of how to interpret the results can be read at http://www.virusbtn.com/vb100/vb200902-RAP-tests

Virus Bulletin is perhaps best known for their VB100 Awards - The basic requirements for this award are that a product detects, both on demand and on access, in its default settings, all malware known to be 'In the Wild' at the time of the review. The product should generate no false positives when scanning a set of clean files. A list of vendors passing/failing the test is available on the Virus Bulletin site http://www.virusbtn.com/vb100/archive/results?display=summary. Viewing some (not all) of Virus Bulletin’s materials requires a free registration (well worth it). Full details require a paid subscription to the magazine (well worth it).

From a marketing/PR perspective, some vendors take it as a point of pride the number of consecutive times they’ve received a VB100 award. From an evaluation perspective for customers, most recent successes (perhaps 2 or 3 years) in the tests is the most useful. To view any particular companys’ history with VB100 testing, go to http://www.virusbtn.com/vb100/archive/results?display=summary

UK based Virus Bulletin started in 1989 They provide PC users with a regular source of intelligence about computer viruses, their prevention, detection and removal, and how to recover programs and data following an attack. VB’s website is at www.virusbtn.com . The site is a great source of information on malware and spam. They are a member of the Anti-Malware Testing Standards Organization, www.AMTSO.org.

AVG LinkScanner for Mac Announced by AVG Technologies - 6/24 addendum

On June 14th, AVG announced AVG LinkScanner for Mac. Like AVG LinkScanner for Windows, it is a free download, designed to protect people in real time from malicious threats as they surf the web. Most of AVG’s security solutions also include AVG LinkScanner for Windows.

*****
June 24th addendum - http://download.cnet.com/mac/security-software/ CNET's top Mac security downloads for the week ending June 20th.

*****

AVG promotes the LinkScanner for Mac as providing real time protection while surfing the web. This should make it attractive to Mac users, even though the world has yet to see a massive virus outbreak among Mac users! AVG CTO Karel Obluk has an informative blog about how LinkScanner works at http://obluk.blog.avg.com/2009/10/index.html. The AVG LinkScanner demo on the LinkScanner download site inaccurately states that LinkScanner “looks at every single website.” That would take awhile!

There is no migration path to a traditional Antivirus or Internet Security suite solution for the Mac. AVG currently doesn’t offer these. Trend Micro, Symantec, McAfee, among others have Mac Antivirus and/or Internet Security solutions. A Mac offering may be in AVG’s future. However, neither Avira nor Avast (the other two of los Free Amigos) offer a Mac solution, either. Those desiring a free Mac AV solution can check out PC Tools iAntiVirus at http://www.iantivirus.com/

AVG LinkScanner for Mac had an impressive number of downloads during its first week of availability. Below are the number of downloads for the product and for other standalones that promote safe surfing. The below is for the week of June 13 and lists downloads, total downloads, and from which date. These figures are from download.cnet.com and reflect downloads of a particular version. It’ll be interesting to see how weekly downloads change over the next month.

AVG LinkScanner for Mac 2094/2094, 6/13/2010
AVG LinkScanner for Windows 504/73k, 11/04/2009
McAfee SiteAdvisor 660/25k, 12/23/2009 (free version)
Web of Trust (IE) 286/45k, 3/07/2010
Web of Trust (Firefox) 301/65k, 5/05/2010

Finjan, now part of M86 Security – offers Finjan SecureBrowsing™ as a free download (IE and Firefox) http://securebrowsing.finjan.com/. They promote this as scanning web pages in real-time, much like AVG LinkScanner.

Solutions that promote “real-time” and then mention accessing a database may be playing fast and free with the phrase “real-time”. People may want to watch for this.

AMTSO Releases Additional Documents on Malware Security Test Design and Testing

The Anti-Malware Testing Standards Organization (www.amtso.org) recently released a pair of documents to assist the anti-malware testing and review community in test design and testing. Members of the AMTSO include both malware/internet security test groups as well as internet security providers such as Symantec, Panda, McAfee, and los free amigos, Avast, Avira, and AVG Technologies. The AMTSO currently has approximately 40 members.

These documents provide great guidelines (in a relatively brief format), for test organizations, publications doing testing, and individuals doing malware/internet security testing and reviews. Individuals and companies who use product reviews and round-ups to make a purchase decision can also benefit from these.

The “Performance Testing Guidelines” document is designed is to provide an overview of the issues involved in the accurate testing security technologies in terms of speed and resource usage.

Some of the closes to twenty factors for measurement discussed in the document include:

• File access time
• Memory usage
• CPU usage
• Network overhead

AMTSO stresses the need to run tests multiple times. Benchmarking a factor just once is inadequate. An average for multiple runs will minimizes the impact of anomalies and provides more accurate results.

The “Whole Product Testing” document discusses factors involved in designing and performing a complete security product test. This is versus isolating components of the product and performing a “Sum of the Parts” testing. They favor whole products tests, pointing out that product capabilities often work together to stop a given threat. This interaction cannot be shown through sum of the parts testing.

Factors they write about that need to be considered in designing and performing a test include:

• Stating the test purpose
• Selecting Samples
• Setting up Tests and Products
• Introducing Samples
• Handling User Interaction
• Capturing Test results
• Interpreting Test Results

While AMTSO designed these documents to assist the test community, the overall beneficiaries are home and business security users.

AVG Technologies Acquires Walling Data Systems

On June 10, security company AVG Technologies announced the acquisition of Walling Data Systems, one of their leading channel partners. This is probably a great move on their part.

• It immediately strengthens their internal North America sales capabilities.
• It immediately strengthens their internal North America support capabilities.

Business/Education/Non-profits pay for their software. Increased revenue is a good thing, and as companies grow, they purchase more licenses! Many of AVG Technologies’ 110 million customers (number on their web site), use AVG Anti-Virus Free Edition. Some portion of these home users migrate to a solution they pay for. As a private company, the breakdown between business and non-business isn't readily available.

The www.antivirus.com website (Walling Data Systems) states that they are now “AVG for Education, Government, and non-profit”. You can’t tell from this whether they’ll be going after various business verticals outside these. Probably, yes. Government/education/non-profit typically requires or obtain a pricing differential. AVG already has a tiered licensing structure in place.

On the support side - home (paying) users will still have to rely on Email support, FAQ’s, and AVG’s Knowledge Base. They have option to pay for premium services, delivered through support.com.

When developing technologies, companies perform a make/buy decision. AVG’s CEO J.R. Smith has discussed this in a blog on AVG’s web site. Inorganic growth is sometimes the best decision. The same holds true for expanding your sales capabilities. It’s sometimes tactically and strategically more expeditious to purchase the channel expertise you need.

http://www.avg.com/us-en/press-releases-news.ndi-230728 to see the press release

AV Comparatives’ Latest Test Results For Anti-Virus Software (Proactive/Retrospective Test)

In May, testing organization AV Comparatives published their latest Proactive/Retrospective test report. This was for the on-demand detection of viruses/malware. This is one of several different tests they perform throughout the year.

Companies receiving “Advanced+ Certification” for their products – Trustport, G DATA, Kaspersky, Microsoft, AVIRA, ESET NOD32, F-Secure, BitDefender,and eScan.

For the proactive detection of new malware, the top ratings were achieved by

1. Trustport, Panda – 63%
2. G Data – 61%
3. Kaspersky, Microsoft – 59%
4. AVIRA – 53%
5. ESET, F-Secure- 52%

The order of the rest of the vendors in the above test – BitDefender, K7, ESET, Symantec (Norton), McAfee, AVG Technologies, Sophos, Avast, Norman, Trend Micro, PC Tools, and Kingsoft

All of the twenty anti-virus products tested were “paid” products with the exception of Avast! Free Anti-Virus 5.0. There was a mix of AV products for the home and business markets (some would say that having a mix like this doesn’t constitute “best practices, and that home should be compared against home, biz to biz, and free to free). Internet Security suites were not tested. The approximately 28k samples in the test were a mix of worms, backdoors, Trojans, and other malware and viruses.

The May (and November) retrospective tests evaluate products against new and unknown malware to measure the proactive detection capabilities (e.g. through heuristics, generic signatures, etc.). False positive rates are also factored into the evaluation. Products also use additional protection features like behavior blockers to protect against completely new/unknown malware.

AV Comparative’s test evaluates only the heuristic/generic detection of the products against unknown/new malware without the need to execute it.

People should go to the AV Comparatives website and download the complete report. http://www.av-comparatives.org/images/stories/test/ondret/avc_report26.pdf .

AV Comparatives recommends that “you visit the vendor’s site and evaluate their software by downloading a trial version, as there are also many other features (e.g. firewall, HIPS, behavior blockers, etc.) and important things (e.g. price, graphical user interface, compatibility, etc.) for an Anti-Virus that you should evaluate by yourself. Even if quite important, the data provided in the test reports on this site are just some aspects that you should consider when buying Anti-Virus software.”

Note that there are other testing organizations as well. Individuals and companies evaluating AV and Internet Security SW should also look the others, at reviews, round-ups, and group tests performed by reputable testing organizations, and technology publications. Note carefully exactly what AV Comparatives tested.

Undoubtedly, companies will put their own spin on the test results.

Power of the Panda - PC Cloud Anti-Virus 1.1 Receives PC Magazine Editor’s Choice Award

Panda Security’s free AV solution, PC Cloud Anti-Virus 1.1, received the PC Magazine Editor’s Choice Award in a review posted June 9. Neil Rubenking gave the product 4 stars (out of 5). The product is free for non-commercial use.

Neil Rubenking gave the product a generally positive review, finding the product “great” at keeping malware from installing on clean computers. He also liked the small download and simple interface.

One con he mentioned was that the product didn’t thoroughly remove what it did detect.

The Free (or is it Three?) “A”migos, Avira, Avast, and AVG Technologies, have some nice competition looking at them from the clouds.

Go to http://www.pcmag.com/article2/0,2817,2364848,00.asp for the complete review.

Security Reviews, Round-ups, and Relevance: Standards & Improved Reviews

Security vendors, from the 3 A’s (Alwil, Avira, AVG Technologies) to the big three in the US (Trend Micro, McAfee, and Symantec) prefer to have their security products perform well in reviews and round-ups. They provide 3rd party validation for their solutions. Security reviews and round-ups, along with tests from valid testing organizations, allow individuals and companies to make informed decisions. The nature of security risks are changing. The AMTSO recognizes this.

It’s worthwhile for reviewers and purchasers, both business and consumers to spend some time on websites such as the Anti-Malware Testing Standards Organization (www.amtso.org) About 40 security vendors and test organizations are members of this organization.

The group’s charter focuses on (from their home page)

1.Providing a forum for discussions related to the testing of anti-malware and related products.
2.Developing and publicizing objective standards and best practices for testing of anti-malware and related products.
3.Promoting education and awareness of issues related to the testing of anti-malware and related products.
4.Providing tools and resources to aid standards-based testing methodologies.
5.Providing analysis and review of current and future testing of anti-malware and related products.

Participants in AMTSO are not trying to shut down or discourage testing. They are trying to raise the standards of testing. They don’t certify any organization’s test. They encourage AMTSO members and others to publicly reference conformity to the guidelines they’ve been developing. Everyone benefits from this.

The AMTSO has a library of documents related to testing, standards, sampling, statistical validity, etc. It’s worthwhile for even the casual blogger or reviewer to look at some of these for guidelines. In particular, they should look at a 5 pager on “The Fundamental Principles of Testing”, http://www.amtso.org/documents.html . Reviewing documents that discuss sampling/sample sizes would also be valuable. All the documents are available to those who agree to the license terms.

Phishing or Phermentation – Santa Cruz Mountains Vintners Festival

On the weekends of June 5,6 and June 12,13, security employees working out of Symantec, McAfee, or Trend Micro corporate headquarters can forget about malware, spyware, and root kits for a couple of weekends. They have the opportunity to enjoy the Santa Cruz Mountains Winegrowers Association Vintners Festival. Approximately 50 wineries participate, with wineries open for tasting on the east side of the mountains the first weekend and on the west side the second. Some wineries group together in local restaurants for this event. Do cybercriminals go wine tasting? The world wonders. Something for amtso.org to discuss at their next meeting.

Wine tasting, barrel tasting, art, appetizers, music, sun, and more! This area is its own distinct appellation. A number of the wineries are open only during these two weekends and during Passport Weekends. http://www.scmwa.com/passport/wineries.htm

See the link below for more information. Tickets are $30 in advance or can be purchased at participating locations.

http://www.scmwa.com/VintnersFestival_000.htm

Avast or AVG Technologies employees can always visit the Moravia or Bohemia regions of the Czech Republic this weekend to sample wine. Or AVG employees can wait until September when Brno has Slavnosti Vina. Should someone meet a potential true love at the festival – Lednice is for lovers!

Facebook - Time for a Sanity Check

It almost seems as if the only people who feel as if it's okay to make all personal information public on a social network reside within the executive team at Facebook. Not everyone who is a member of Facebook counts themselves as being among "the brightest guys on the room".

As previously mentioned elsewhere, "monetization" is the 800 pound gorilla in all this. And Facebook, MySpace, and other social networks aren't public services. This doesn't mean that Facebook can ignore the risks people may put themselves at when they choose to display information.

Facebook has to make it easy for people to select what they want to display and to whom. If not, the government will step in and tell them what to do and how to do it.

So - time for a sanity check. In developing the next privacy settings, is it something your children find easy to use? What about mom and dad? If not, perhaps one more try is in order. Monetization and personal privacy aren't mutually exclusive.

Great article to read on the topic posted was posted on May 21.

"Facebook working on 'simple' privacy settings" by Declan McCullagh

http://news.cnet.com/8301-13578_3-20005686-38.html

When Once Is Not Enough?

Interesting article by GFI software in IT World about why one virus engine is insufficient in today's world.

A number of security appliances have multiple scan engines. Several years ago, Trend Micro had the "named" scan engine in a 3rd party appliance and Kaspersky's scan engine was so far under the head that it did not appear on data sheets.

An issue not really addressed in the article - would you run the engines in parallel? Does everything get tested by both? Is the testing random between the two (or more engines) with an equal or unequal weighting? Microsoft's acquisition a few years ago (I haven't looked what Microsoft does with respect to this with their product(s)) permitted you to tweak the percentages.

And of course - what is the effect of multiple scan engines on performance?

Go to http://www.itworld.com/software/55605/why-one-virus-engine-not-enough for the complete article.

Message in a SaAS Bottle - Symantec Acquires MessageLabs

This acquisition makes sense for Symantec. It increases their share in the SaAS marketplace, MessageLabs has a good name. Symantec customers and prospects will now have another flavor of messaging security that they can chose from. It shouldn't cannibalize their appliance business. Integration into Symantec's management console will probably be a priority.

MessageLabs was also positioned in the leaders quadrant in an E-mail Security Boundary Magic Quadrant by a "leading industry research firm."
http://www.messagelabs.com/gartner

This will increase the heat among the larger security vendors as to who is providing the most comprehensive security solution for their customers. As always, when one of the larger players makes an acquisition, let the spinning begin.

Read more from Tim Wilson at darkREADING

http://www.darkreading.com/document.asp?doc_id=165546

Security ROI - Can It Be Measured

ROI is one of the holy grails of financial analysis. The problem is, the numbers to perform the analysis can be hard to obtain. This can be especially true when performing an ROI analysis on acquiring security technology.

Generating the ROI involves making assumptions, assumptions, assumptions! A lot of ROI models also assume that should there be a security problem, people sit down and do nothing until the problem is fixed (can't get on the PC, pick up the phone, walk down the hall? Sorry, people aren't completely shut down when there's a problem. Assuming they are, this lets the vendor generate a bigger ROI!). Most ROI models also combine hard and soft dollar losses. This weakens the model.

From attending analyst conferences where security ROI is discussed - see if the vendor trying to sell you a security solution can provide you with real a customers' ex post facto analysis to showing what the actual ROI was. A panelist at the conference I attended felt that this analysis was rarely done.

Good article by Computerworld's Bruce Schneier on "Security ROI: Fact or fiction?" at

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9114021

Sophos' Acquisition of Utimaco - DLP Consolidation

AV/Content security has been perceived as a contest dominated by two 800 pound gorillas (Symantec and McAfee) with Trend lagging behind. These three have about 1/2 their revenue coming from the consumer side, which Sophos lacks. Sophos' Utimaco acquisition makes them even a stronger contender in providing a more comprehensive security in the B2B space. This could become more of a four way race (5 if you include Check Point?) It'll be interesting to see if Code Green Networks (another DLP contender) is swallowed next and by whom.

More details by IT Analysis' Nigel Stanley at
http://www.it-analysis.com/business/security/content.php?cid=10667

Symantec's Proposed Acquisition of MessageLabs

Owning the company "formerly known as Brightmail" and now acquiring MessageLabs. Major increase in market share for them. Hopefully, for the investor, Symantec will be able to digest this acquisition more easily than they have Veritas. This acquisition is more in sync with their core offerings, though. Another security vendor on the other side of Silicon Valley will still lay claim as "the world's largest dedicated security technology company" (emphasis on the word dedicated). It's a DNA thing! Nonetheless, SYMC will still be able to talk about being a (the?) overall leader in security revenue.

Read Channel Web's Stephanie Hoffman's article at
http://www.crn.com/security/210800531

Santa Cruz Mountain Wineries (oh nooooooo)

Extremely favorable story written in the September 14 issue of the Wall Street Journal about these wineries. The positive? These wineries are great, the winemakers are friendly. There are only a few places with attitude. The negative? The secret is now out that you can don't need to go to Paso Robles to find great wines south of Napa/Sonoma. A couple of favorites include Woodside and Roudin-Smith. Some of the grapes for Woodside come from former Stanford/49er coach Bill Walsh's yard, in fact!

Allchin Clarifies His Statement on Vista and Antivirus Software

Microsoft's Jim Allchin (co-president of their platform and services division) has wisely backtracked on his earlier comments that Vista's security settings would allow his 7 year old son to run his computer without antivirus running on the machine. Among other things, and without listing them all here, Allchin neglected to consider that viruses are just a subset of the malware that PC's can be subjected to. Not wise.

As mentioned in Information Week, on Friday, Gartner analyst John Pescatore stated that Allchin's PC lockdown was all well and good, but the practice wouldn't cut it in the real world. "The typical way that users get in trouble is when they get an e-mail that says 'click here' and then they click there," he said. "They've just been tricked into loading software." ( http://www.informationweek.com/news/showArticle.jhtml?articleID=194300088 )

Perhaps we'll see an endorsement for a security suite by Allchin's son after Vista is released!