Q&A: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

By Byron V. Acohido

Surfshark wants to help individual citizens take very direct control of their online privacy and security.

Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One.

Related: Turning humans into malware detectors

This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

It’s notable that this is happening at a time when Microsoft, Apple and Google are going the opposite direction – by natively embedding more consumer-grade security services into their popular operating systems, like Windows, Mac, IoS and Android. And let’s not forget the longstanding, multi-billion market of antivirus software subscriptions directed at consumers.

The consumer anti-virus vendors have been generating massive subscription revenue for two decades; though this market is mature and in a consolidation phase, it is not going to disappear anytime soon, as suggested by  NortonLifeLock’s $8 billion buyout of Avast.

Last year I agreed to serve a one-year term on Surfshark’s advisory board. I accepted because I appreciated Surfshark’s emphasis on privacy and security — and saw it as a way to learn more about the consumer cybersecurity market. I recently took the opportunity to engage Surfshark CEO Vytautas Kaziukonis in a lively discussion about the quite dynamic consumer cybersecurity market. Here are excerpts edited for clarity and length.

LW: Why are individuals still required to take hands-on responsibility for protecting themselves online, what I’d call DIY security?

Kaziukonis: What you term ‘DIY security’ is increasingly important because there are so many ways to be compromised in this day and age. Whenever you trust a new website, service, or app with your sensitive data, you potentially place yourself at risk of a leak. You can’t know how good or how invested they are in their IT security.

After all, the Facebook breach exposing the data of over 500 million users – the one everyone talked about in April – was due to a flaw in a Facebook address book contacts import feature. So the more different services and apps you interact with, the less uniform your protection level becomes. When you’re facing this dizzying array of threats – from the aforementioned breaches to compromised public Wifi to phishing – you must take matters into your own hands. This is where security really becomes DIY.

LW: How does digital transformation play into this?

Kaziukonis: Agile development may increase the speed at which products are released, but bugs can crop up at any time. And as we mentioned before, you’re not just dealing with one company developing one product. All these processes are happening concurrently, and there’s no way you have the time or the inclination to investigate the security practices of each item.

At the same time, government subcontracting for IT services rarely delivers a product that works flawlessly in its primary purpose, let alone net security. Hence, the need to narrow it down to one or two software developers you can trust with security, partly because they specifically deal with the subject.

LW: Native security is increasingly being built into popular operating systems, and there’s a trend toward beefing up application security, as well. Why isn’t this enough?


Kaziukonis: Neither OS nor app development is primarily focused on security. Hence the features they provide are ‘nice to have’ rather than essential features that the whole development team works on tirelessly. They will provide a basic level of security – more of a tripwire or a speedbump than a brick wall – but it will hardly be enough.

LW: Many major antivirus companies – Trend Micro, McAfee, Norton, Kaspersky, Sophos etc. are still around extending their legacy services. Why isn’t this enough?

Kaziukonis: If there’s one thing to know in the IT business, it’s that things are constantly changing and that legacy companies need new competition – new blood in the market – to shake things up. Fresh new minds that don’t have to deal with legacy code offer consumers new opportunities while advancing the field in new and exciting directions.

That’s why you have Surfshark continuously launching new privacy and security tools rather than sleeping on the main product for a decade before considering branching out to cover all the gaps.

LW: Why are consumer VPNs generally in a good position to fill this gap?

Kaziukonis: Many features you want in a VPN deal with malware and similar threats. So it’s a natural development from there to branch out into anti-virus protection. After all, if we’re dealing with the most way malware is spread – by which I mean that it’s downloaded online – why not clean up inside the device as well?

We already have the know-how and the awareness of the issues in the realms of privacy in security. And as we deal directly with those subjects, agile development helps us respond to new threats in a very timely manner. We’re also looking for new features that would help our customers. That’s why we launched Surfshark Alert and CleanWeb long before we tackled an antivirus.

On the other hand, many legacy companies offer VPN as an upgrade option, not as the main product. Which was fine when you had only a handful of VPN users or uses. But the consumer hunger for both privacy and accessibility grows, so does the need for a VPN and other security tools beside the antiviruses we’re already familiar with.

LW: What moves are your direct competitors making?

Kaziukonis: Our competitors are not sleeping on this, and they’re also increasing their offering of security and privacy tools. This definitely marks it as a new trend in the market.

LW: Why do you believe Surfshark will be a leader in this emerging market for DIY security?

Kaziukonis: The main idea behind Surfshark was always to create a comprehensive security tool. We started out with a VPN, yes, but then we added Surfshark Search and Alert without them being something that everybody expects to be a VPN standard feature. So an AV is a logical next step.

Our suite of tools is getting more and more comprehensive every year, and the customer response shows that it’s appreciated. So we have all the motivation we need to keep going, and we’re not going to stop with just Antivirus.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone