Of course there are things that are good for the user about the subscription model. As Symantec pointed out to me, many users are confused about the fact that they pay for the product once, then after a year they have to pay once again for something not exactly the same. Instead, with 2006, they are told from the beginning that they are subscribing to all updates, including new features. Maybe its clearer, its hard to say.
But it does clarify another problem Symantec has with respect to their copy protection. If the real value is in the subscription and not the initial software—and even the new software is useless if you cant update it—then theres no point in protecting the software through copy protection. They should give their software away and charge whatever they want for their subscriptions. Symantec says that the copy of the new software comes with an annual subscription and that the copy protection therefore protects that, but this just tells me they have an implementation problem.
Incidentally, I was curious about how these program updates would be delivered. Right now Symantec has three different mechanisms: Automatic Updates, which happen without user action, deliver only signature updates. Manually running the LiveUpdate program delivers signatures and some program updates, such as bug fixes. And there have been some cases where Symantec has delivered updates as downloaded executables. I asked Symantec how they would deliver new updates including new features, and they got vague on me. Its not clear. If its through manual downloads and the equivalent of an upgrade process then most users wont do it, although they will have access to it.
Its especially galling to see Symantec increase prices for their signatures when they are regularly one of the slowest companies to update those signatures in response to threats. Symantec updates regularly once a week and only goes out of cycle with updates when a category 3 or higher threat comes along. In the last year there have been only a handful of 3+ threats. The signature update process has therefore become well-oiled and as regular as grandma when she takes her Metamucil.
In fact, the 2006 versions address this somewhat. If you are running the 2006 or future versions you will get daily updates. If youre running 2005 or earlier versions, youre still on the old schedule.
For this they deserve a raise? Other companies release at least once a day, many of them hourly, such as BitDefender and Kaspersky. This usually matters little, but if youre one of the unfortunate few to get one of the very common new threats at level 2 or 1 there could be 6 more days before Norton ponies up with protection for it. And for keeping you at the old, embarrassingly slow schedule, they do you the favor of charging you almost as much as they do for a full new copy.
Maybe anti-virus vendors figure that their time is limited and that they better suck whatever money they can from customers before something supplants them. Weve been looking at products like Panda TruPrevent that dont rely on signatures for detection; theyre not perfect, but theyre getting a lot better. One day if they get good enough the great Norton Cash Cow will moo its last.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer