The price of most things in the computer industry is driven down over time, from competition, economies of scale and advances in the technology. But one product is up over 650 percent in the last 4 years: the annual subscription to Norton Antivirus updates.
In 2001 Symantec increased the price from $3.95 to $9.95, quite a large increase on its own. Just recently, coincident with the release of the 2006 versions of their security line of products, Symantec once again increased the price of the subscription renewal to $29.99. The new 2006 version of Norton Antivirus, of course including an annual subscription itself, costs $39.99. Symantecs message is clear: youre a sucker if you dont upgrade the program. The only question is whether youre a sucker for getting the new version too.
Symantec has absolutely been the leader in this price boom, but most other vendors have happily kept up. Many trail a bit behind. All of them are pricing their products so that you have a strong incentive not to renew your subscription, but to upgrade to the new version. From what I can tell, McAfee has moved completely to a subscription model for the software. The cheapest resubscription I could find was Computer Associates eTrust EZ Antivirus at $19.95. Their new product is only $29.95, so it too is no big savings over a full upgrade.
So the point is not to get you to pay more for your signature resubscription; its to move you to a model where you subscribe at once to software and signature updates, the model to which Symantec has moved with the 2006 products. The annual product version model is dead, more or less. If you were to buy Norton 2006 six months from now, and even if they come out with major updates in another 12 months, youd get all the updates.
I guess if I were an anti-virus company I would do this too; after all, the product actually doesnt change much from year to year, so theres not much point in existing customers upgrading. Symantec does claim advances in their products over the years, including the new 2006 versions—in particular a new Norton Protection Center which attempts to explain complex issues in straightforward language. I havent tested the new products so I cant say whether theyre worth going through the trouble of an upgrade. And installing a new Norton product these days is definitely a process that goes wrong for some (check out this link too). Anyway, with respect to the new features they add each year, so what? They may justify price increases in the new versions, but they dont justify increases in subscription cost for users of old versions who dont get the benefit of new features.
The Good and Bad
Of course there are things that are good for the user about the subscription model. As Symantec pointed out to me, many users are confused about the fact that they pay for the product once, then after a year they have to pay once again for something not exactly the same. Instead, with 2006, they are told from the beginning that they are subscribing to all updates, including new features. Maybe its clearer, its hard to say.
But it does clarify another problem Symantec has with respect to their copy protection. If the real value is in the subscription and not the initial software—and even the new software is useless if you cant update it—then theres no point in protecting the software through copy protection. They should give their software away and charge whatever they want for their subscriptions. Symantec says that the copy of the new software comes with an annual subscription and that the copy protection therefore protects that, but this just tells me they have an implementation problem.
Incidentally, I was curious about how these program updates would be delivered. Right now Symantec has three different mechanisms: Automatic Updates, which happen without user action, deliver only signature updates. Manually running the LiveUpdate program delivers signatures and some program updates, such as bug fixes. And there have been some cases where Symantec has delivered updates as downloaded executables. I asked Symantec how they would deliver new updates including new features, and they got vague on me. Its not clear. If its through manual downloads and the equivalent of an upgrade process then most users wont do it, although they will have access to it.
Its especially galling to see Symantec increase prices for their signatures when they are regularly one of the slowest companies to update those signatures in response to threats. Symantec updates regularly once a week and only goes out of cycle with updates when a category 3 or higher threat comes along. In the last year there have been only a handful of 3+ threats. The signature update process has therefore become well-oiled and as regular as grandma when she takes her Metamucil.
In fact, the 2006 versions address this somewhat. If you are running the 2006 or future versions you will get daily updates. If youre running 2005 or earlier versions, youre still on the old schedule.
For this they deserve a raise? Other companies release at least once a day, many of them hourly, such as BitDefender and Kaspersky. This usually matters little, but if youre one of the unfortunate few to get one of the very common new threats at level 2 or 1 there could be 6 more days before Norton ponies up with protection for it. And for keeping you at the old, embarrassingly slow schedule, they do you the favor of charging you almost as much as they do for a full new copy.
Maybe anti-virus vendors figure that their time is limited and that they better suck whatever money they can from customers before something supplants them. Weve been looking at products like Panda TruPrevent that dont rely on signatures for detection; theyre not perfect, but theyre getting a lot better. One day if they get good enough the great Norton Cash Cow will moo its last.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer