Monday, March 26, 2007
Interview with Gary Guseinov, CEO of CyberDefender
Gary Guseinov is CEO of CyberDefender, a venture-backed Los Angeles-based firm that develops Internet security software. CyberDefender has an interesting way of distributing its software--it gives it away for free, by offering advertising in the software, along with offering ad-free versions of its product for a yearly fee. Ben Kuo spoke with Gary about the firm and where it fits into the Internet security landscape.
Tell us about your products, and where you fit into Internet security space?
Gary Guseinov: CyberDefender offers consumers an Internet security suite that protects against viruses, spam, and phishing attacks. We recently launched our products in late 2006, in November, called CyberDefender Free 2.0, which is completely free to the consumer, and bundled with a security toolbar. Revenue is generated from banners inserted in our graphical user interface -- with no adware, or popups -- and also from revenue share on people who use the search toolbar. People who don't want to see the advertising can upgrade to a non-ad supported product, which is $11.99 a year, and a family pack version which is $39.99. The only difference from the paid product is it doesn't contain ads.
What makes us different, fundamentally, from all the other Internet security firms is that we use a secure, client-to-client (peer-to-peer) network that allows us to send updates to the software and signature updates--threat definitions, which are referred to as signatures--through the peer-to-peer network. That allows us to update as frequently as several times a day, without incurring expenses. The network does the updating, rather than us updating clients. To put that in perspective, free virus software typically limits the updating features, and they are truly not protecting you out there. While they claim to be free, you don't get full security, only a fractional sense of security to test out the product. If you continue to use it, you're not really protecting yourself. We looked at that, and said--why would you offer something free, and not give a full security solution? The network that we built on the back end of the product is what makes us different. We have patents filed on it, and that will allows us to scale into small and medium business and enterprise solutions in 2008. We've had lots of success, with hundreds of thousands of new users. We have thousands of new users a day, and expect to have more than 5 million by the end of 2007.
How'd you decide to make your software a free offering, and run advertising?
Gary Guseinov: There's a couple of reasons. We think the advertising model is a growing model, and significant revenues can be generated. To give away a free product, you have to support it with marginal revenue from the user, through advertising. That allows us to maintain the development of the software, and add more features. It's impossible to give away software for free in the security industry. The amount of money that goes into threat research and staying on top of new technologies and new threats is impossible to do if you give it all away for free.
We decided to give them everything you need, with no limitations, but needed compensation for that effort. Ads allow us to do that. This is not adware, there are no popups, there is no scanning for keywords or analyzing what a user is doing. No action takes place except a small little banner that comes out with limited types of advertising. We don't work with adware publishers, we don't work with substandard products. The ads are from well known advertisers, through well known ad networks. When a consumer clicks on an ad they should now we have done some due diligence on the ads they have seen. We will not take bad advertising or anyone who wants to steal information or put them at risk. We call them safe ads in our company.
Does the display advertising make enough to run a company?
Gary Guseinov: We get revenues from several places. Advertising is one, people who upgrade to non-ad supported versions is another. We're also selling this like traditional software, and there are some people who actually go directly and buy the software. It's both from selling licenses and deriving revenues from advertising.
Tell us a little bit about the history of the company and your backing?
Gary Guseinov: The company was founded in 2003, and we didn't start selling products until 2004. We had an anti-spyware product, and in 2005 we acquired a company that had the technology and a patent for the secure peer to peer collaborative Internet security network. We acquired the company, and built a new Internet security suite around that network. The new product didn't really start until 2006, and we didn't launch it until November. We were privately funded until 2005, when we took investment from ITU Ventures, Centrecourt, Bushico Capital, and ARC Investment Partners.
Does the free distribution really drive that many downloads?
Gary Guseinov: Yes, absolutely. Most days, we have ten thousand downloads of the software. It's absolutely a big demand, and the public is to a certain extent confused and frustrated by Internet security. Most Internet security products don't tell the truth about what they offer, and their capabilities. The consumer is confused, and when they download anti-virus software, they believe anti-virus software defends against spam and spyware. They think that anti-spam software defense against viruses. The second part is the fault of the industry that doesn't explain what they are offering. If you go to Google and type in spyware, typically these guys will offer a solution against spyware but also claim they work against viruses and other threats. The industry is misleading consumers, to some extent. The second problem is that they have a free trial version, and what some companies do is they charge you "pay to delete"--you scan your computer, the software finds some threats, and then gives the user the option to purchase the product if they want to remove those. I don't like that idea. I don't like that if they find a problem, they are only willing to fix it if you pay for the software. Others who offer free software without crippling it or paid delete, don't have updates. You download that free software, assume it's protecting you, but only gives you a percentage of protection--because they can't afford to give you all the updates for free. It tells you it's found problems and fixes them, but doesn't tell you that there are more problems. It can't give you status or updates because you haven't paid for it. There's a big gap between what is really going on, and what you're getting. How is the consumer going to know this? Only if the software company tells them.
A lot of these companies are very small companies just trying to look good. They cannot afford to do threat research, and cannot afford to do frequent updates. Our model is not to mislead people to give complete Internet security, and give all the possible updates we have. If there are one hundred updates in one day, they'll get them. The only way to afford that is because of our secure peer-to-peer updating infrastructure. That's how we are going to survive.
Our business model is that users will see ads, and can choose to turn them off with our fee structure. Compared to Symantec, McAfee, or ZoneAlarm, we're charging $11.99 for a license, and $39.99 for five licenses. That compares to $50 or $60 for 3 licenses if you go to Pandas or Symantec, and that gives you limited updating and limited functionality--that's what makes our product different. We recently had a review by PC World Magazine, which compared us to Windows LiveCare, Symantec, and Panda, and we beat them in lots of categories--simply because of our updating model--because we updated quicker we detected more threats. I believe strongly that by the end of the year, with some amount of effort, we'll be rated one of the top five Internet security firms because the way we're progressing and growing.
How do you manage the threat research given your price points and model?
Gary Guseinov: We have designed a couple of tools that allow us to automate a certain amount of threat research. We analyze viruses with a universal severity scale--which is a risk rating for all the threats we find. A risk rating is a description of what the threat presents to a computer. We are able to quickly analyze threats and eliminate them from your computer. Other threats--like keyloggers and rootkits, require human analysis, and we mploy analysts and researchers who sit and analyze threats, put them through systems to find what risks it presents, and how to deal with it. We also work with external, third party sources that see this information. We have a network of resources that we pull from to make our threat research possible. Also, every one of our users is technically a listening point--a node--like a honeypot. Every threat that they collect on their computer is reported to us for analysis--they're part of a network protecting themselves and the rest of the network. For us to grow, and for the Internet to be safer, it would be ideal if everyone has one version of our software--even if they have paid software, because our software actually works with McAfee and Symantec. We're the only antivirus and antispyware that does not have to uninstall other products to work, it's a second layer of security. By downloading our software, you would make the Internet safer, even if you aren't using it.
Thanks for the interview!