Norton relies on Avast scan engine

Norton brand antivirus protection now uses the Avast scan engine. This means that another anti-malware engine is disappearing from the market and the range of different solutions is shrinking.

The virus protection testers at AV-Comparatives.org have pointed this out, and Gen Digital Inc. has now also confirmed this to heise online. There are several indications of this. "The folder structure of the virus definitions and some core processes are now similar to identical. For example, the process aswEngSrv.exe, which has the same name for both products," explains Peter Stelzhammer from AV-Comparatives when asked. He adds: "You can also find explicit references to Avast domains in an .ini file within the virus definitions directory in Norton".

Concentration on the antivirus market

A further concentration process is taking place on the antivirus market. Avast initially acquired AVG in 2016. As a result, the development and virus lab teams were merged and downsized, and parts of AVG's technology were added to the Avast engine. Since then, it has been used with a different logo and customized names in the executable files and their digital signatures in both Avast and AVG antivirus protection. Avast was purchased by Norton in 2021, more precisely "NortonLifeLock", as Symantec Corporation has actually been called since 2019 (to make the confusion perfect, the company is now called Gen Digital [more precisely: Gen Digital Inc.] or Gen for short).

The move to have the Avast scan engine sail under the Norton flag is probably only logical from a purely economic point of view. As Gen also purchased the former German company Avira in 2020, the company may have similar plans for this as well – However, nothing is known about any specific upcoming changes.

When asked by heise online, a Gen company spokeswoman replied: "Since the merger of NortonLifeLock and Avast in 2022, we have laid the foundation to closely link the products of the two industry leaders and create a new, world-class cyber security infrastructure. We are leveraging the best technologies from each gen brand to create a unified technology platform to deliver a better and more personalized experience for our customers."

Decreasing diversity in the market

The loss of a scan engine may not be particularly noticeable to many. However, it is a matter of decreasing diversity. Detection mechanisms and capacities are disappearing. Malware that might have been detected by the now defunct technology remains undetected. Samples of this malware will of course not end up in the malware exchange system of the antivirus manufacturers, and detection rates are likely to fall overall as a result.

AV-Comparatives maintains a list of which virus protection uses which scan engine. AVG, Avira and Avast are still listed as Czech and German products respectively, but are now located in the USA as a result of the Gen-Digital takeover.

When we asked Josef Pichlmayr, CEO of the Austrian antivirus manufacturer Ikarus, he had a similar assessment: "The diversity of the detection rate is definitely affected – by the concentration in the AV market". He sees a sell-out of European IT security companies, which means that there are hardly any European manufacturers left in the AV (engine) sector. Political factors such as the Kaspersky ban or simply the market power of individual players, such as Microsoft with its (free) Defender, also have an influence, adds Pichlmayr. Microsoft has also "already had a strong 'regulating' effect here with questionable decisions such as 'approval of AV products for the SecurityCenter' and thus against diversity", explains the Ikarus boss.

Pichlmayr nevertheless sees strong market players with good antivirus products in Europe; he lists Eset, WithSecure (formerly F-secure), Bitdefender, but also Gdata and Securepoint. In the EDR sector, however, things look bleaker. Here, only HarfangLab from France can compete with a phalanx of US providers. However, Ikarus feels that more and more European companies are "reaching for European alternatives – if they exist".

(dmk)