While recently researching for an article on the future of security software, I caught up with David Harley, senior research fellow at ESET and a director of the anti-malware testing standards organisation (AMTSO), to collect his views.

He made some interesting points that I thought were worth highlighting on the selection of anti-virus products by consumers.

Harley claimed that there is a non-technical issue that has been highlighted this year by an upturn in free anti-virus applications. When choosing a solution, he said that it is looking more positive, as more people (including those who would not normally buy anti-virus) are protected by a commercial grade anti-virus whether it is free or paid for.

He said: “I am coming round to the idea that security companies are going to have to do a better job of explaining their business models in order to make clearer the difference between the rogue approach to marketing and provision and the legitimate approach.

“That means a lot more than mimicking rogue anti-virus ‘FUD (fear, uncertainty and doubt) marketing', it is an educational initiative and it involves educating the business user, the end-user and the people who market and sell products. Every time someone tries to sell a product using quasi-rogue approaches, they trade a short-term possible economic advantage for a long-term drop in the industry's credibility. That's bad for the industry, of course, but it's also bad for the consumer.

“It exposes him to further confusion between rogue and legitimate, and he will tend to go for what sounds like the better (something for nothing) deal. How this gets done is another question.”

The concept of promotion of a product is key in challenging economic times. Harley agreed claiming that even open-source applications will have to tread this route eventually (or at least charge for documentation and support).

He also claimed that the consumer and business markets have never been as far apart as we tend to assume, especially with the proliferation of mobile devices these days causing headaches for IT staff.

“That exposes their employer to risk if they behave incautiously or inappropriately, and exposes them to risk if their employer isn't as well protected as they assume. The trouble is that now the same messaging channels and social media that expose home users to risk are also being used in corporate contexts now, where for a while many enterprises were trying to block obvious problem services,” he said.