The UK’s Competition and Markets Authority has given a provisional nod to the proposed merger of British cybersecurity company Avast and US rival NortonLifeLock.
Action by Britain’s market regulators has international ramifications; the CMA’s interventions in the Arm-Nvidia deal were partly responsible for the cancellation of the $66 billion sale of the British chip designer to Nvidia. And it has held up Facebook’s purchase of Giphy.
As for the antivirus vendor pact, the $8.6 billion merger was announced in August 2021 and, after a gentle probe, the Competition and Markets Authority (CMA) decided that a closer look was needed in March 2022. That closer look (referred to as a Phase 2 investigation) is pretty much done and dusted and the CMA has provisionally decided that the deal doesn’t raise competition concerns in the UK.
This is due to existing players, including the duo’s main rival in the UK, McAfee, and Microsoft’s bundling of its own security applications into Windows.
Microsoft has adopted somewhat of a scattergun approach to cybersecurity in its flagship operating system; what is built into Windows is known as Windows Security (formerly known as Windows Defender Security Center) and includes Microsoft Defender Antivirus. This is not to be confused with Microsoft Defender, which is a cross-device app “that helps people and families stay safer online” and requires a Microsoft 365 Personal or Family Subscription.
Windows Security is designed to keep Windows PCs secure unless an alternative antivirus product has been installed, such as the wares of Norton or McAfee.
The confusion seems to have spread to the CMA, which noted that “Microsoft Defender is not sold as a separate product” in its report while Microsoft states in its FAQs “Microsoft Defender is a part of the Microsoft 365 subscription.”
The CMA did, however, note the arrival of Microsoft Defender for Individuals in June, which it said does indeed need that Microsoft 365 subscription.
Keeping up with Microsoft’s branding gymnastics can be difficult. Microsoft Defender, being part of Microsoft 365, can’t be purchased as a stand-alone product.
The CMA did say that user numbers taking advantage of Microsoft’s solution are “both very high and growing very fast” but were not included in the analysis due to its inclusion in Windows.
As for Norton and its ilk, the CMA found that an important method of customer acquisition was via contracts with hardware manufacturers to have the software pre-installed on new devices in the hope of snagging customers once a free offer had expired. Retention rates once a customer had signed up were put at 80 to 90 percent. The CMA has already administered a rap on the knuckles to cyber security companies over unfair practices around renewals.
Kirstin Baker, chair of the CMA inquiry group, said: “After gathering further information from the companies involved and other industry players, we are currently satisfied that this deal won’t worsen the options available to consumers. As such, we have provisionally concluded that the deal can go ahead.”
Interested partners have until August 24 to respond to the provisional findings before the CMA issues its final report on September 8. ®