Antivirus and Threat Report: January 2014


OPSWAT releases periodic market share reports for several sectors of the security industry. This report includes worldwide market share for antivirus and public file sharing (peer-to-peer) applications as well as detected threats and hard drive use. The data used in this report was collected on January 1, 2014. Please note that OPSWAT is not a research institution and makes no claims on accuracy of this data in the real world marketplace; this report aims to distribute the unique data collected to inspire public discussion, not to make any claims as to why changes have occurred. To see a description of the data collection and its limitations, see the data collection section of this report.


OPSWAT is a San Francisco based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against zero day attacks by using multiple antivirus engine scanning and file filtering. OPSWAT’s intuitive applications and comprehensive development kits are deployed by SMB, enterprise and OEM customers to more than 100 million endpoints worldwide. To learn more about OPSWAT’s innovative and unique solutions, please visit

Worldwide Antivirus Vendor Market Share

In the worldwide market for antivirus vendors, Microsoft leads with a 23% share – a result similar to what was seen in previous reports. Avast follows in the ranking at around 16%, followed by AVG, ESET, and Symantec, each in the 8-9% range. Malwarebytes, which was formerly classified as antispyware software, is now included in the antivirus vendor market share for the first time. With a 4.2% share, this addition may have caused a slight general decrease in the market share of vendors from what was seen in previous reports. These results only include devices with real-time protection (RTP) enabled, indicating that the user’s machine is being actively protected.

Market Share   Vendor
Kaspersky Lab

In the chart to the left, hover over elements to see vendors, percentages, and individual products within each vendor.

Antivirus vendors worldwide - January 2014

Users with real time protection enabled vs. all users

Devices with real time protection enabled
All devices

In chart above, hover over elements to see individual vendors and percentages.

While the comparison above only includes data from products with real time protection (RTP) enabled, OPSWAT also looked at data for all installed products, including those that are expired or disabled. The two biggest changes seen in this new data come from Microsoft and Malwarebytes, which become the top two antivirus vendors in the new data. Both of these vendors make products that often have RTP turned off when they are installed on a machine, or in the case of the free version of Malwarebytes, no RTP function at all. These products are shown individually in the next section, and further analysis is included further down in this report. Besides these two vendors, all others show a smaller market share when all devices are compared without regard to RTP status.

Worldwide Antivirus Product Market Share

Microsoft Security Essentials leads the worldwide market for antivirus products with 16.3%, followed closely by avast! Free Antivirus with 13.2%. The remaining products all occurred at much lower levels. Windows Defender occupies the third position with 6.2%, followed by Avira Free Antivirus and AVG Anti-Virus Free Edition. Compared to past reports, a general decrease in occurrence of the top four products has resulted in a more even distribution of products in the current report. Overall, 15 products show more than two percent market share, and only 62% of all antivirus products detected fall into the top ten products. These results only include devices with RTP enabled.

In the chart below, hover over elements to see products and percentages.

Microsoft Security Essentials
avast! Free Antivirus
Windows Defender
Avira Free Antivirus
AVG Anti-Virus Free Edition
ESET Smart Security
Malwarebytes Anti-Malware Pro
AVG Internet Security
Kaspersky Internet Security
Norton Internet Security
ESET NOD32 Antivirus
COMODO Antivirus
McAfee VirusScan
Norton 360
avast! Internet Security
Symantec Endpoint Protection

Antivirus products worldwide - January 2014

Users with real time protection enabled vs. all users

Devices with real time protection enabled
All devices

In the chart above, hover over elements to see individual products and percentages.

While the comparison above only includes data from products with real time protection (RTP) enabled, OPSWAT also looked at data for all installed products, including those that are expired or disabled. In this set of data, Windows Defender leads the number of occurrences by a wide margin. Primarily used as a supplemental application, Windows Defender comes installed on all Windows 8 machines, and most users have RTP turned off. A deeper analysis of this anomaly is included in the August 2013 report. When RTP is not a factor, the other two products that show a large increase in occurrences are Malwarebytes Anti-Malware (free version) and Malwarebytes Anti-Malware Pro, which occupy the fourth and fifth positions. This is the first market share report that includes these two products in the antivirus section, as they were formerly classified as purely antispyware products. RTP is not available in the free version of Malwarebytes, which is an on-demand product that requires a manual start to run a scan. The use of Malwarewbytes and Malwarebytes Pro as supplemental products is further analyzed in the next section.

Malwarebytes Anti-Malware and Malwarebytes Anti-Malware Pro

Because Malwarebytes and Malwarebytes Pro have have different characteristics from other products in the antivirus market, this section intends to provide further insight into how they are used. The free and paid versions of the product are combined in this analysis because little difference was found between the two in this comparison. Compared to other antivirus products, Malwarebytes users are much more likely to have more than one product installed on their machines. Among Malwarebytes users, more than 93% have another product installed, compared to 23.7% of users of other products. This indicates that Malwarebytes Anti-Malware and Malwarebytes Anti-Malware Pro are largely used as supplemental products to add additional security to a protected device. All devices in this data set have at least one antivirus product installed.

Public File Sharing Installations

This section compares public file sharing (peer-to-peer) data between corporate users and home users. These categories are defined as devices that run on business-oriented Windows operating systems versus devices that run on home versions of Windows. This classification is only an estimate because home users may have business versions of Windows software and vice-versa. These results found slightly more than half of corporate devices to have public file sharing software installed, compared to only 42.7% of home users. Additionally, corporate users who had a public file sharing application installed were more likely to also have an antivirus product installed, while home users showed little difference in antivirus installation whether or not a public file sharing product was installed (not shown).

Detected Threats

The data in this report is collected using GEARS technology, which, in addition to collecting information about installed products, also logs perceived threats that are discovered by each endpoint’s installed antivirus. A perceived threat does not necessarily indicate an infection, but does indicate some sort of activity that generates a response from the antivirus software. Of devices with installed antivirus software, more than 21 percent had a perceived threat detected within the last seven days, while no threats had been detected on about 79 percent of devices. Furthermore, antivirus software on 14.8% of these devices detected two or more perceived threats in the last seven days, and ten or more on 6.1% of devices. While the data does not take into account the action taken by the antivirus after detection (remediation, quarantine, etc.), this data may be included in future reports. Future reports may also include more detailed information about which threats were most frequently detected across all devices. Only devices with an installed antivirus application, which account for 92.4% of all devices, are included in this data set.

In the chart to the left, hover over elements to show percentages. Only antivirus products with available threat information are included in this set of data.


Hard Drive Usage

OPSWAT GEARS also detects the amount of hard drive space remaining on individual devices. Few devices have more than 90% of hard drive space remaining due to the large amount of memory used by the operating system and pre-installed applications. Otherwise, the results show a trend of more devices having hard drives with a large amount of free space. Overall, 56.3% of devices have more than half of their hard drive space available.

Data Collection

This report shows comparisons for antivirus applications on Windows systems from data collected from users of OPSWAT’s Security Score and free GEARS tools. These free products use the detection capabilities of OPSWAT GEARS technology to collect information regarding the applications installed on endpoint computers. Security Score is a personal security monitoring tool available at and also at various download sites across the web. OPSWAT GEARS is a network monitoring tool available at and is free to manage up to 25 devices. Only free GEARS users are included in this report. These tools are used around the world by home and business users, both expert and inexperienced in security software. For the purpose of the report, the sample of more than 5000 users is assumed to be representative of the market, based on the wide accessibility of the tools to a large range of users. However, these results are likely to differ from those in the real world (see below for more details). GEARS and Security Score run continuously in a user’s system as security tools. This allows for continuous reports over time from each user, as long as the application is installed. For this report, the data was collected to show what was on each user’s computer from the most recent data transfer that was sent before the time of collection on 1/1/2014.

Several attributes inherent in way the data is collected may cause the results in this report to differ from what exists in the real world. OPSWAT makes no claims as to the accuracy of the data in the real world market and is continuously working on ways to overcome the following obstacles:

  • On average, GEARS and Security Score users are more likely to have high-functioning security on their computers than would be seen in the market as a whole. Security Score continuously provides information to its users about the strength of their security measures, and GEARS allows IT administrators to monitor users who are not security compliant. In both cases, the act of gathering OPSWAT’s market share data also serves to remind users to increase their security capabilities.
  • Though the sample size is large enough to give reliable data, some cross-comparisons and more detailed comparisons result in lower confidence levels. The sample size will continue to increase in each report since the data is collected from every current user of these products. More data in the future will allow for several new in-depth comparisons that have not been included in past reports.
  • This report includes a comparison of home vs. corporate users, classified by the Windows operating system that is used on the device. Because of the nature of the products used to collect the data, the data sample may contain a higher percentage of corporate users than what exists in the real world.

  • These applications are marketed in OPSWAT’s own channels. Users sampled may not be representative of the general population. For example, this report may contain a different distribution of Windows operating systems and device types compared to what exists in the real world. While this report contains more than 20% Windows 8 users, Net Applications reports that around 10.5% of all Windows users currently operate under Windows 8.
  • Although the free version of Security Score is only available for Windows users, GEARS is available for both Windows and Mac. However, Mac applications are not included in this report, and products that are available on both Mac and Windows would presumably have different market shares in the real world. Market share for Mac users is expected to be added in future reports.
  • While Security Score and GEARS are used on devices around the world, their use is not commensurate with worldwide population distribution. Only English-language versions of these tools are available, so countries that have higher numbers of English speakers are expected to use these applications at higher rates, as well as countries that have been exposed to more coverage of these tools by press and partners. For example, the Chinese antivirus vendor Qihoo 360 recently reported that it had 440 million users of its internet security products, but it did not make the list of top vendors in this set of data.

worldwide data distribution

Stay tuned for the next market share report in January, which will feature new comparisons and in-depth comparisons of product usage. OPSWAT is working to increase global usage of Security Score, OPSWAT GEARS, and other free applications. Mac application data will also be added in the future.

Vendors of antivirus, P2P, patch management, backup, encryption, and other applications interested in inclusion in these reports, OPSWAT GEARS, and OESIS Framework are encouraged to contact to learn how to partner with OPSWAT.

OPSWAT Products and Services

GEARS is the only cloud-based network security and manageability solution for IT professionals that provides visibility and management for many application types from antivirus to hard disk encryption and public file sharing, as well as the ability to remove non-compliant applications. Monitor up to 25 devices for free! Visit to learn more and sign up.

Security Score
OPSWAT Security Score is a free tool that scans your computer for the status of your installed security applications and provides a score along with recommendations on how to improve both the score and the security of your device. Download and install it now to find out your security score at

OESIS Framework is a cross platform, open development framework that enables software engineers and technology vendors to develop products that detect, classify and manage thousands of third-party software applications. OESIS is perfect for SSL VPN, network access control (NAC) and other manageability solutions, and is already deployed on an estimated 100 million endpoints worldwide. To learn more, visit

OPSWAT Certification
The OPSWAT Certification Program is a free interoperability program designed to enable technology partnerships between independent software vendors and leading network and technology solution vendors, by verifying that their security applications will work seamlessly with solutions employing the OESIS Framework. Additional information is available at

opswat certification badges

OPSWAT offers several multi-scanning solutions to enable fast, powerful content scanning. Because no single antivirus engine is perfect, using multiple engines significantly improves the likelihood of detecting malware.

Metascan technology powers each of OPSWAT’s multi-scanning solutions, enabling IT professionals and software engineers to enhance network security by scanning with up to 30 built-in antivirus engines from market leaders such as ESET, Norman, AVG and many others. Metascan allows for custom implementations, such as integration with other engines of your choice, and can be used for rapid malware analysis and to implement sophisticated data loss prevention systems.

For specific multi-scanning needs, OPSWAT also offers Metascan Client, which quickly scans endpoints’ running processes and memory for key loggers, viruses and other malware, and Metadefender, which scans removable media such as USB drives, CDs, DVDs, and memory cards.

A free demo of Metascan technology is available at

The free AppRemover utility enables the thorough uninstallation of security applications like antivirus and antispyware from your computer. AppRemover is available for commercial licensing if you wish to deploy multiple copies of AppRemover within an organization or entity, or if you wish to bundle AppRemover with hardware, software or other services. More information is available at

Disclaimer of Warranty

OPSWAT Inc. makes no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for any implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.

Copyright Notice

OPSWAT, OESIS, Metascan, Metadefender, AppRemover and the OPSWAT logo are trademarks and registered trademarks of OPSWAT, INC. All other trademarks, trade names and images mentioned and/or used herein belong to their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, photocopying, recording or otherwise, without prior written consent of OPSWAT Inc. No patent liability is assumed with respect to the use of the information contained herein. While every precaution has been taken in the preparation of this publication, OPSWAT Inc. assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.