Some people have asked me why when they buy a new computer our avast! product is not already installed. They complain that they have to remove the anti-virus product that is on the computer, download avast!, and then install it. And of course, they ask why we don’t get the computer manufacturers (HP, Dell, Acer, Sony, etc.) to just install avast!.
This article from the New York Times talks a bit about the business but in much smaller terms than it actually is. As the article states, getting security software on new computers can be very valuable. It is a business I knew quite well from my time at Symantec. We would love to do this as the time when most people need a security product is when they buy a new computer. The reason we don’t do it is that it is that putting software on new computers is a very big and very expensive business. Manufacturers (OEMs) make a lot of money from the software that is provided on the computer. The OEM security business is what I call one of the “dirty little secrets of the PC security business.”
The article states that last year McAfee spent $55M in payments to computer manufacturers (OEMs)—the most of security vendor. While I do not know if McAfee did spend $55M, public information tells us that the total amount paid to OEMs is many, many times bigger. As the author of the article points out, it can be difficult to find the costs on the books of the security vendors. Now, I have to be careful here as I do have knowledge of a lot of data from manufacturers and others that is probably not public. So, we will do a simple analysis using public data and some basic rough assumptions.
If we go to a recent Symantec 10K (page 37 of the June 1, 2009 10K), there is a statement that the extra $150M in cost between 2007 and 2008 is as a result of higher OEM placement fees. And in the earnings transcript call for that same time, the Symantec CFO states that the higher fees will impact earnings by 1.5 cents a share—or about $156 million. Now this $150 million is just an increase—meaning the total amount spent is higher than that. If we assume that this increase was a 100% increase (that is their costs doubled), then they spend over $300M a year. If we assume that the increase was a 50% increase, then they spend $450M a year. And that is just with Symantec. Putting similar amounts in for the other big security providers and you can see how the total given to computer manufacturers can easily top $500 million a year—in the range of $600M to $900M. Other data shows that there are about 100M consumer PCs sold a year so this equates to $6 - $9 per machine. To make calculations easier and since we are just dealing with approximations, let’s assume this is $5 - $10 per machine. Now of course these are all rough estimates but they should be good enough to get us into the ballpark.
Let’s take a couple of examples and you will see we cannot afford to have our software installed on new computers. First, most of the security software on new computers is what we call “Trialware”—a product that works for 30 – 90 days, begs the customer for money during this period, and then stops working if the user does not pay. The user is typically charged about $50/year for the software. And in almost all cases this is done as an “autorenewal”—that is the consumer’s credit card gets charged automatically again a year later, two years later, three years later, etc.
OEM agreements are usually structured as bounty contracts or as revenue sharing contracts (or a combination of the two). A bounty is just that—the security company pays the manufacturer a certain amount for every computer on which the manufacturer installs the software. A revenue share contract is where the OEM gets a percentage of the sales from users paying for the trialware.
Let’s say that a computer manufacturer makes 20 million consumer computers a year. If a security company pays that manufacturer $10 for each computer, it is a $200M payment. If they pay $5.00, it is a $100M payment. Then if 10% of the users decide to pay, the security company makes:
- $100 million in the first year
- $75 million in the second year if 75% of the customers continue their subscription (McAfee in many places has claimed their autorenewal rate is over 80% so this seems a nice estimate)
- $56 million in the 3rd year
So, over three years the security company can make $231 million—but they have paid the computer manufacturer between $100 million and $200 million upfront. That means that 40% to 80% of what the consumer pays goes to the OEM and not the security software company.
In a revenue sharing agreement, the OEM is not paid upfront but gets a percentage of each year’s sales. As the OEM is now taking a bit of the risk, one would expect that over a 3-year period, they would make a bit more than on the pure bounty agreement. That is over a 3-year period, it is reasonable to assume the OEM would get at least 50% of the total value. And of course it is also possible to blend these approaches a bit—a smaller bounty payment coupled with a smaller revenue share.
So, in OEM agreements, security companies pay the OEMs a tremendous amount of money for the right to try to sell their products to the new computer buyers. The OEMs don’t provide anything except access to a customer—very expensive access. So, without a high-priced product it is just not possible to pay the OEMs the amount of money that they want.
So it is clear that the OEM business is a big business. And remember, the money paid to the OEMs comes directly from the consumer. If the security companies did not have to pay these monies, they could cut the price of their product by 50% - 75% and still make the same profit.
Instead of enriching a middleman, we believe in the free distribution. We make our home product free—if the user decides they need the additional protection in the paid product, they can then upgrade. So, if you have a new computer or know someone that does, simply download our free antivirus, install it, and then remove the trial ware that came with the computer. You should be able to install avast ontop of whatever security product your computer has. If that does not work, then after you download avast, disconnect from the internet, remove the old OEM security, and the install the avast product.
If you wish to contact me or comment, please do so here. You can also find me on linkedin, facebook, or YIM. I am sure you can figure out how to contact me....