OPSWAT releases periodic market share reports for several sectors of the security industry. This report includes worldwide market share for antivirus and public file sharing (peer-to-peer) applications as well as detected threats and hard drive use. The data used in this report was collected on January 1, 2014. Please note that OPSWAT is not a research institution and makes no claims on accuracy of this data in the real world marketplace; this report aims to distribute the unique data collected to inspire public discussion, not to make any claims as to why changes have occurred. To see a description of the data collection and its limitations, see the data collection section of this report.
OPSWAT is a San Francisco based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against zero day attacks by using multiple antivirus engine scanning and file filtering. OPSWAT’s intuitive applications and comprehensive development kits are deployed by SMB, enterprise and OEM customers to more than 100 million endpoints worldwide. To learn more about OPSWAT’s innovative and unique solutions, please visit www.opswat.com.
In the worldwide market for antivirus vendors, Microsoft leads with a 23% share – a result similar to what was seen in previous reports. Avast follows in the ranking at around 16%, followed by AVG, ESET, and Symantec, each in the 8-9% range. Malwarebytes, which was formerly classified as antispyware software, is now included in the antivirus vendor market share for the first time. With a 4.2% share, this addition may have caused a slight general decrease in the market share of vendors from what was seen in previous reports. These results only include devices with real-time protection (RTP) enabled, indicating that the user’s machine is being actively protected.
In the chart to the left, hover over elements to see vendors, percentages, and individual products within each vendor.
Users with real time protection enabled vs. all users
|Devices with real time protection enabled||
In chart above, hover over elements to see individual vendors and percentages.
While the comparison above only includes data from products with real time protection (RTP) enabled, OPSWAT also looked at data for all installed products, including those that are expired or disabled. The two biggest changes seen in this new data come from Microsoft and Malwarebytes, which become the top two antivirus vendors in the new data. Both of these vendors make products that often have RTP turned off when they are installed on a machine, or in the case of the free version of Malwarebytes, no RTP function at all. These products are shown individually in the next section, and further analysis is included further down in this report. Besides these two vendors, all others show a smaller market share when all devices are compared without regard to RTP status.
Microsoft Security Essentials leads the worldwide market for antivirus products with 16.3%, followed closely by avast! Free Antivirus with 13.2%. The remaining products all occurred at much lower levels. Windows Defender occupies the third position with 6.2%, followed by Avira Free Antivirus and AVG Anti-Virus Free Edition. Compared to past reports, a general decrease in occurrence of the top four products has resulted in a more even distribution of products in the current report. Overall, 15 products show more than two percent market share, and only 62% of all antivirus products detected fall into the top ten products. These results only include devices with RTP enabled.
In the chart below, hover over elements to see products and percentages.
||Microsoft Security Essentials|
||avast! Free Antivirus|
||Avira Free Antivirus|
||AVG Anti-Virus Free Edition|
||ESET Smart Security|
||Malwarebytes Anti-Malware Pro|
||AVG Internet Security|
||Kaspersky Internet Security|
||Norton Internet Security|
||ESET NOD32 Antivirus|
||avast! Internet Security|
||Symantec Endpoint Protection|
Users with real time protection enabled vs. all users
|Devices with real time protection enabled||
In the chart above, hover over elements to see individual products and percentages.
While the comparison above only includes data from products with real time protection (RTP) enabled, OPSWAT also looked at data for all installed products, including those that are expired or disabled. In this set of data, Windows Defender leads the number of occurrences by a wide margin. Primarily used as a supplemental application, Windows Defender comes installed on all Windows 8 machines, and most users have RTP turned off. A deeper analysis of this anomaly is included in the August 2013 report. When RTP is not a factor, the other two products that show a large increase in occurrences are Malwarebytes Anti-Malware (free version) and Malwarebytes Anti-Malware Pro, which occupy the fourth and fifth positions. This is the first market share report that includes these two products in the antivirus section, as they were formerly classified as purely antispyware products. RTP is not available in the free version of Malwarebytes, which is an on-demand product that requires a manual start to run a scan. The use of Malwarewbytes and Malwarebytes Pro as supplemental products is further analyzed in the next section.
Because Malwarebytes and Malwarebytes Pro have have different characteristics from other products in the antivirus market, this section intends to provide further insight into how they are used. The free and paid versions of the product are combined in this analysis because little difference was found between the two in this comparison. Compared to other antivirus products, Malwarebytes users are much more likely to have more than one product installed on their machines. Among Malwarebytes users, more than 93% have another product installed, compared to 23.7% of users of other products. This indicates that Malwarebytes Anti-Malware and Malwarebytes Anti-Malware Pro are largely used as supplemental products to add additional security to a protected device. All devices in this data set have at least one antivirus product installed.
This section compares public file sharing (peer-to-peer) data between corporate users and home users. These categories are defined as devices that run on business-oriented Windows operating systems versus devices that run on home versions of Windows. This classification is only an estimate because home users may have business versions of Windows software and vice-versa. These results found slightly more than half of corporate devices to have public file sharing software installed, compared to only 42.7% of home users. Additionally, corporate users who had a public file sharing application installed were more likely to also have an antivirus product installed, while home users showed little difference in antivirus installation whether or not a public file sharing product was installed (not shown).
The data in this report is collected using GEARS technology, which, in addition to collecting information about installed products, also logs perceived threats that are discovered by each endpoint’s installed antivirus. A perceived threat does not necessarily indicate an infection, but does indicate some sort of activity that generates a response from the antivirus software. Of devices with installed antivirus software, more than 21 percent had a perceived threat detected within the last seven days, while no threats had been detected on about 79 percent of devices. Furthermore, antivirus software on 14.8% of these devices detected two or more perceived threats in the last seven days, and ten or more on 6.1% of devices. While the data does not take into account the action taken by the antivirus after detection (remediation, quarantine, etc.), this data may be included in future reports. Future reports may also include more detailed information about which threats were most frequently detected across all devices. Only devices with an installed antivirus application, which account for 92.4% of all devices, are included in this data set.
In the chart to the left, hover over elements to show percentages. Only antivirus products with available threat information are included in this set of data.
OPSWAT GEARS also detects the amount of hard drive space remaining on individual devices. Few devices have more than 90% of hard drive space remaining due to the large amount of memory used by the operating system and pre-installed applications. Otherwise, the results show a trend of more devices having hard drives with a large amount of free space. Overall, 56.3% of devices have more than half of their hard drive space available.
This report shows comparisons for antivirus applications on Windows systems from data collected from users of OPSWAT’s Security Score and free GEARS tools. These free products use the detection capabilities of OPSWAT GEARS technology to collect information regarding the applications installed on endpoint computers. Security Score is a personal security monitoring tool available at opswat.com/products/security-score and also at various download sites across the web. OPSWAT GEARS is a network monitoring tool available at gears.opswat.com and is free to manage up to 25 devices. Only free GEARS users are included in this report. These tools are used around the world by home and business users, both expert and inexperienced in security software. For the purpose of the report, the sample of more than 5000 users is assumed to be representative of the market, based on the wide accessibility of the tools to a large range of users. However, these results are likely to differ from those in the real world (see below for more details). GEARS and Security Score run continuously in a user’s system as security tools. This allows for continuous reports over time from each user, as long as the application is installed. For this report, the data was collected to show what was on each user’s computer from the most recent data transfer that was sent before the time of collection on 1/1/2014.
Several attributes inherent in way the data is collected may cause the results in this report to differ from what exists in the real world. OPSWAT makes no claims as to the accuracy of the data in the real world market and is continuously working on ways to overcome the following obstacles:
Stay tuned for the next market share report in January, which will feature new comparisons and in-depth comparisons of product usage. OPSWAT is working to increase global usage of Security Score, OPSWAT GEARS, and other free applications. Mac application data will also be added in the future.
Vendors of antivirus, P2P, patch management, backup, encryption, and other applications interested in inclusion in these reports, OPSWAT GEARS, and OESIS Framework are encouraged to contact firstname.lastname@example.org to learn how to partner with OPSWAT.
Disclaimer of Warranty
OPSWAT Inc. makes no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.
OPSWAT, OESIS, Metascan, Metadefender, AppRemover and the OPSWAT logo are trademarks and registered trademarks of OPSWAT, INC. All other trademarks, trade names and images mentioned and/or used herein belong to their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, photocopying, recording or otherwise, without prior written consent of OPSWAT Inc. No patent liability is assumed with respect to the use of the information contained herein. While every precaution has been taken in the preparation of this publication, OPSWAT Inc. assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.