eBook

The Essential Guide to

Licensing Antivirus Technology

Contents
Introduction...............................................................................................................................................3
Chapter 1. How to Devise a Well Thought Out OEM Strategy..............................................3
Chapter 2. How to Properly Evaluate Existing Antivirus Technology...............................4
Chapter 3. How to Choose the Right Antimalware Software Development Kit...........6
Chapter 4. Reasons to Replace Your Antimalware Engine....................................................8
Conclusion.................................................................................................................................................8

eBook

Introduction
If you are looking to develop your own antivirus solution or add malware protection features, but dont have the necessary
resources, then licensing antivirus technology from a third-party vendor might be the solution. Its the fastest way to enter
the antivirus software market, extend your product line, or expand your brand to different markets provided the antimalware
technology you have chosen is strong enough to combat ever-more sophisticated threats.
But how do you go about the licensing process to make sure you are making the right decisions? How do you choose the right
licensing partner? And how can you make sure the solution you are evaluating is as good as the vendor claims it is?
These are just some of the questions this eBook provides answers to. Its purpose is to guide you through the process of
licensing antivirus technology, so that you choose the right solution for long-term success.

Chapter 1.
How to Devise a Well Thought Out OEM Strategy
Are all antimalware companies that license their antivirus technology the same? For the uninformed, the answer may be yes.
However, experienced professionals know that antimalware companies provide different solutions and service levels. Choosing
an antivirus company is a strategic decision and not a short-term goal. Taking the time to license an antimalware engine from the
right company will save you time, money, and resources.
So what exactly should you consider when building your strategy? Here are six imperative OEM elements you need to think
through carefully:
1. Selecting the wrong criteriacan set your company back for years. One company chose to implement an antivirus solution,
but didnt set up the right criteria which lead to the wrong research parameters and the wrong choice. One company
implemented an antivirus scanning engine into their solution, but started to receive customer complaints. The company
chose an antimalware solution provider that was close to their headquarters thinking they would get quick response
from a local company. They did get reasonable support, but the solution was weak on detection, so their customers started
complaining about the malware and false positives, and began leaving.
3

2. Innovation is the keyto minimizing malware threats. Web-based threats are the new medium which malware writers are
using to launch their malicious applications. Antivirus vendors should have strong proactive threat detection. Often times,
users do not update their signature files or corporations disable cloud features. The combination of heuristics and behavior
based detection are key elements to reducing unknown malware in an offline mode. Antimalware providers need to have
excellent antivirus labs that are staffed 24/7 by professional malware researchers. This allows top antimalware companies
to quickly prevent malware variations without incurring a high false positive rate.
3. Choose an antimalware companythat is not actively competing with you. If an antivirus provider is selling a firewall
appliance that competes with your solution, then they can start raising prices of their integrated antimalware solution. If
they acquire companies and diversify their product portfolio, this is a sign that there could be a drastic reduction of support
for their OEM products resulting in providing older technology that has not been updated or raising prices in certain
geographies that are competing directly with the antimalware company.
4. Build your businesswith an organization that has the resources to help you succeed. Some antimalware companies do not
have a dedicated team that is focused on serving OEM customers. Some antivirus companies may provide OEM antimalware
solutions, but have to borrow engineering, technical support, marketing resources from different parts of the company in
order to support your needs. Even making a minor change to the antimalware engine can require significant resources from
an antimalware provider. It is prudent to look for an organization that has a staff of professionals dedicated to OEM products
to help you succeed.
5. Brand is importantbut be careful. Your customers are the lifeblood of the company. If you are rebranding a product or
licensing the technology to use in your own branded product, then this is not an important element. Some companies
choose antimalware technology by brand only, because the decision makers do not want to put an effort into evaluating
other solutions available on the market that would may be a better match to the companys needs. Going by the brand
would minimize the decision makers effort and somehow absorb the responsibility, but this is not what a competent, honest
decision maker should do.
6. Maintaining strong customer service levelsrequires a strong support system. Companies that need immediate resolution
to malware issues should consider implementing service level agreements that meet their minimum service requirements.
Experienced antimalware OEM providers will generally have a process in place to quickly and efficiently resolve your issues.
If your core business is to provide antimalware technology to your customers, then it is important to ensure you understand
the different levels available.
Strategizing is no easy task. You may go back and forth in the decision process several times along the way, but make sure you
have a strong foundation to build your strategy on. The six points above are the pillars of this foundation.

Chapter 2.
How to Properly Evaluate Existing Antivirus Technology
Success starts with building a good product, so be careful what you build into yours. When choosing third-party antimalware
technology, you need to take your time and thoroughly evaluate various options on the market. Make sure technology vendors
claims are substantiated, but do not rely only on the information they give you. It is best you do your own research, and while
doing that, make sure you consult unbiased sources as well.
Here are 3 key factors you need to check when evaluating antivirus technology:
Company background
When analyzing your antivirus technology options, looking at the vendors background can speak volumes about their expertise,
and hence the quality and reliability of their solutions. But what type of information is most relevant? You may look into things
like:

How long has the company been operating in the security business?

Creating effective solutions takes time, effort, and resources. For example, it may take up to 6 months to train a new malware
researcher. For a company that has only been in the industry for a couple of years, its very difficult, close to impossible, to bring
together the necessary number of skilled people to develop a top product. So the longer a company has been in the antivirus
business, the greater its chance to have assembled an experienced team of skilled people who are able to develop the best-ofbreed antimalware solution.
4

eBook

Does the company have a working 24/7 Antimalware Lab?

With over 220,000 new malware1 samples every day and more malware writers testing their malware on existing security
products before releasing them, there is a great chance one of them may require changes to the detection engine. And those
changes are typically urgent. Having a 24/7 anti-malware lab ensures such tweaks are made in due time. You should look at this
piece of information as a warranty for rapid issue solving.

Where does the company get new malware samples?

It is important the vendor obtains new malware samples from several independent sources, such as honeypots and users. If
the vendor purchases the malware feed from another third-party vendor and sticks to this feed only, they will be able to register
the same detection rate as the third-party vendor, but not surpass it. Which is why, it is important to diversify malware sample
sources.

Does the vendor engage in malware exchange?

Some reputable security companies cooperate on malware detection, and exchange new malware samples. However, this group
is rather exclusive and relies on good reputation and trust between the parties. If your chosen vendor participates in sample
exchanges, this means they have been accepted as a professional anti-malware community member in good standing, which
adds to their credibility.
Proven skills, knowledge and expertise should be important elements to evaluate when selecting a reputable antimalware
company.
Industry test results
Industry tests performed by independent testing agencies are, with no doubt, the go-to source for information on strengths and
weaknesses of existing technologies. Just pay extra attention to things like:

Does the vendor appear in industry tests by reputable testing agencies?

Well-known testing bodies such as AV-Test, AV Comparatives and Virus Bulletin publish their testing methodologies, test vendor
solutions, and unbiased results regularly. Expertise and transparency make them trustworthy in the industry. Here is a full list of
antivirus testing labs2 you might want to check out.

Are the vendors test results consistent?

It is not mandatory for a vendor to always rank first in test results, but frequent changes in positions, like jumps from #20 - #1 #4, are signs of instability and technology deficiencies.

Do the results for one particular solution show good detection AND low false positives?

If yes, the solution is worth considering. If the detection rate is good, but the number of false positives is high, then the solution
would be the same as a company reporting no false positives and 40% detection rate.

Is the vendor consistent in submitting their solution to tests?

For example, if the vendor skips every December test it may be because all their employees take days off during that period,
which may result in drops in detection rates. So the company may protect itself against having them made public.
If youre wondering where you can find all these types of information, the answer is: from the testing agencies themselves. They
allow anyone to access test results at any given time, for free. And they even have tools in place to show comparative stats. Virus
Bulletin, for example, makes available on their website several tools that give you free, unbiased information such as:

Vendor test history3 - helps assess the evolution of a particular solution over the years

Compare vendors4 - helps you choose/eliminate possible options based on proven performance

Test results by platform5 - help you narrow down your options, in case you want your solution to work on a particular

1
AV-Test.org malware statistics: http://www.av-test.org/en/statistics/malware/

2
List of AV testing labs published by AV Comparatives at: http://www.av-comparatives.org/list-of-av-testing-labs/

3
Virus Bulletin hosts a list of AV vendor on their website that offers an overview of how each vendors solution performed in tests since
the first time it was submitted: https://www.virusbtn.com/vb100/archive/vendors

4
Virus Bulletin gives users the possibility to compare vendors by manually selecting the vendors you want comparatives on: https://
www.virusbtn.com/vb100/archive/compare?nocache

5
Virus Bulletin offers a history of test results by platform used in tests: https://www.virusbtn.com/vb100/archive/platforms
5

platform.
It may take a while to find the answers to the questions above. But, in the end, it will all be worth it, as you will have gained a more
accurate perspective on the antivirus industry as a whole.
Technology partners
A look at the companies who have already licensed a vendors technology may provide valuable insights into how effective the
licensed technology is. Information about who is licensing what antivirus technology is usually published by antivirus testing
labs6. However, these lists are not comprehensive, as not all the OEM partners of a vendor participate in independent tests.
The best vouchers for a vendors antivirus technology are other antivirus companies for whom security is their core business.
Also, if the vendor you are evaluating has a large number of partners, it means they are not only committed to their partnerships,
but also have the experience needed for a successful collaboration with new partners.
However, also keep in mind that many OEM relationships are covered by the non-disclosure clause, so the companys
unwillingness to disclose all their technology partners in writing may be reasonably justified.

Chapter 3.
How to Choose the Right Antimalware Software Development
Kit
Selecting the right antimalware Software Development Kit is an important task for business decision makers looking to grow
revenue, increase profit, and expand into new markets. But what makes an antimalware SDK the right one?
After prospecting the market and evaluating the available technologies, you need to look at the elements that will help you keep
your business successful in the long run. These elements are the exact set of criteria you need to establish when building up
your long-term strategy to succeed in the security industry. As shown in the previous chapters, not only should you look at how
effective a technology is, but also who is providing it, and what else they are offering.
So here are the eight criteria that will guide you toward selecting the appropriate vendor and, consequently, the right antimalware
technology:
Detecting malwareis one of the primary reasons for choosing the right antimalware SDK. There is so much biased marketing
information within the antimalware industry that it is difficult for researchers to figure out which company is providing accurate
test data. As mentioned in the previous chapter, researchers should look at the major testing organizations like AV-Test, AV
Comparatives, or Virus Bulletin for multi-year test results. Examining at least the last two years of antimalware tests should help
determine whether the antimalware company has a good track record. It also helps determine whether the antivirus company is
committed to investing and improving their antivirus technology rather than just keeping it in auto pilot mode.
Performanceis another criterion for choosing antimalware technology. Antivirus products consume processing and memory
resources which can slow down a computer system, network appliance, or increase latency within a cloud service. For devices
that are limited by their architecture, processing power, and memory, it can be a very big concern. A company that scans tens
of thousands of files daily wants to know the antivirus scanning engine will not significantly slow down the device. No company
wants to invest a lot of money in highly specialized systems or spend a lot of time to re-architect a system. Find out from your
antimalware provider if it has customers scanning thousands of files daily searching for malware. Look at the reports from
testing companies which evaluate the performance of multiple antivirus scanning engines. Test the Antimalware SDK within your
environment as this is the best way to gauge performance of the scanning engine.
Modular SDKsallow you to choose the right solution for your environment. Different business models may require a solution
that meets a specific product gap. A modular system allows you to start with a core antimalware feature and add components
in the future for greater flexibility. If integrating an antimalware SDK is too daunting, then select a security company that offers a
rebrand or white label antivirus solution so you can test the market before integrating an SDK. You may have a different market
segment, customer, product portfolio, selling model, or approach. An antimalware organization that provides modular OEM
solutions allows you to build products to meet your customers future needs.

6
AV Comparatives published a list of AV vendors, mentioning the third-party AV engines used by a vendor, whenever the case: http://
www.av-comparatives.org/av-vendors/

eBook

Integrating antimalwaretechnology into an existing product or service should not be difficult. If you have engineering resources
and are already familiar with integrating a security technology, then implementing an antimalware engine may not be challenging.
Standard C/C++ or Java programming knowledge is required for integrating antimalware technology. Rebranding or private
labeling is another option for those companies that want to market antivirus technology, but do not have the technical resources.
If you believe that the antivirus technology must be integrated within your product or service, then another option is to outsource
the engineering effort to a reputable company.
It is an excellent choice for desktop, mobile, gateway, or cloud environments.Some Antivirus SDKs are only good for desktop
environments. However, using an antivirus SDK designed for the desktop may not be a good approach for a network appliance
vendor or a company that wants to provide a security service in the cloud. You want to consider an Antimalware SDK that is
optimized for your environments or where the antimalware technology vendor offers different Antivirus SDKs with consistent
APIs for diverse environments. The market needs for an endpoint security company are different from the market needs of a
company that provides security services in the cloud.
Support for multiple architectures.Some companies may only provide SDKs that support the newer 64 bit processor, but
what happens to legacy architectures? You may need to support both 32 and 64 bit processing using the same processor
architecture as you may need to transition customers to a different architecture. By making sure your Antimalware SDK supports
a combination of architectures such as: x86 for 32 bit, x86 for 64 bit, or ARM, a company can provide an easy migration path.
Companies can dramatically save engineering time and costs by choosing a system to allow support for different architectures.
If a vendor already supports multiple hardware platforms and operating systems, this shows that their technology is portable,
which allows you to migrate to completely new platforms. Also, mobile device support is important to consider if you want to
explore the mobile security space in the future.
Support for multiple operating systems.Some Antivirus SDKs support Windows operating system only, which can lead to
disappointment. In the future, if your customers want you to support other operating systems such as Mac or UNIX, then you
may have to search for an entirely different antimalware SDK. You may never know when you will need to provide UNIX support. It
is better to hedge your bets and look for a vendor that can provide support for multiple operating systems.
Updates can be disruptive.Most antivirus companies use updates to ensure they are checking for the latest threats, but not all
updating mechanisms are the same. If an antivirus engine receives an update, it may require you to reboot the system in order for
the update to work properly. With the Update On-The-Fly feature, the scanning engine will finish processing the file before loading
the new update. It will not require manual intervention by the user for updating. This can lead to a better customer experience and
minimizes computer system interruption or any downtime needed.
Partnering with an antimalware company can be a very lucrative relationship, but companies should start out with clear
objectives and criteria for choosing an antimalware vendor. Some companies want the best antivirus technology while others
look for a strong brand or a combination of different factors. There is a myriad of criteria to choose, but it should be governed by
a strong opportunity potential, technical product characteristics, antimalware companys ability and track record of supporting
licensing partners and an overall business synergy between the two companies.
7

Chapter 4.
Reasons to Replace Your Antimalware Engine
So far, we have looked at the elements you need to consider when building your licensing strategy, and how to spot strengths and
weaknesses in existing technologies. Now, lets look at some of the common reasons why companies consider replacing their
antimalware engine. If any of the situations below is even remotely familiar, that may be a sign your business is up for a change.
Customersare complaining about your product because it is not catching malware that should have been caught. This is a
prime reason for your customers to stop renewing their license. When your customers start feeling that your product does not
adequately protect their computers from malware, then your renewal rates and customer satisfaction and loyalty go down. It may
be that your customers are complaining about the abnormal number of false positives or about the serious damages caused
by your product when removing, for example, system files it detected erroneously as malware. Or maybe your customers are
dissatisfied with long resolution times for any missed detection or other errors, which you may experience due to lack of timely
support from your antimalware vendor.
Competitionis fierce and you are losing some business deals and contracts. Your existing antivirus provider acquired another
company or changed its strategy and is now competing with you for the same business. The competition is lowering prices and
your profit margin is declining sharply. You are finding that your product is not doing very well in some of the third party tests and
your existing antivirus vendor provides only adequate results.
Brandingand product visibility is very low and your name is not getting on the list of the top 3 vendor choices. Your brand
continues to perform poorly on third party antivirus testing bake-offs. Magazine, blog, forum, and online article writers are not
mentioning your brand or are writing negative reviews which are impacting renewals and new sales. You are feeling that your
brand is starting to form a negative impression in the minds of your prospects.
Innovationis not a strong character of your existing antivirus provider. Your antivirus provider is not developing technology that
is responding to emerging threats or responding to them quickly enough. Web threats are a common method for launching online
threats and your provider may not have strong real-time threat protection capabilities.
Flexiblebusiness/licensing/implementation models are almost non-existent. Lets face it, people own multiple devices including
mobile phones, tablets, internet only notebooks. An antivirus provider that does not have a comprehensive strategy to easily grow
your business in a new direction while providing diverse licensing models to test new channels may not be an ideal match for
your organization.
First and foremost, listen to your customers and find out what they think about your product. Determine exactly what they like
about your product and how to make it better. If the current antivirus provider or your existing in-house antimalware research
team is not keeping up with antivirus threats, then it could be time to look for other ways to supplement your existing capabilities
or replace your existing antimalware provider.

Conclusion

Bitdefender delivers security technology in more than 100 countries through a cutting-edge network of value-added alliances, distributors and reseller
partners. Since 2001, Bitdefender has consistently produced market-leading technologies for businesses and consumers and is one of the top security
providers in virtualization and cloud technologies. Bitdefender has matched its award-winning technologies with sales alliances and partnerships and has
strengthened its global market position through strategic alliances with some of the worlds leading virtualization and cloud technology providers.

All Rights Reserved. 2014 Bitdefender.

All trademarks, trade names, and products referenced herein are property of their respective owners.
FOR MORE INFORMATION VISIT: enterprise.bitdefender.com

22122014-Bitdefender-OEM-eBook-LicenseGuide

If you do not choose the right antimalware company to partner with, you may have wasted a lot of engineering, sales, support,
and marketing resources. In some cases your window of opportunity might be completely closed because of you spinning the
wheel and tarnishing your reputation with the wrong choice. Be smart with your selection criteria and make sure they improve
your relationship with your customers, rather than cause frustration. Look at the companys history of acquiring companies and
expanding into new markets. Do they compete with your business? Have they expanded their product lines to start going after
your customer base? A well thought out strategic decision will be beneficial in the longer term, while a short-term approach will
only satisfy your immediate revenue goals.