The market for security software has witnessed an unprecedented growth in recent years. A closer examination of this market reveals certain idiosyncrasies that are not observed in a traditional market. For example, it is a highly competitive market with over 80 vendors. Yet the market coverage is relatively low. Prior research has not attempted to explain what makes this market so different. In this paper, we develop an economic model to find possible answers to this question. Our model uses existing classification of different types of attacks and models their resulting network effects. We find that the negative network effect from indirect attacks, which is further enhanced by value-based targeted attacks, provides a possible explanation for the unique structure of this market. Overall, our results highlight the unique nature of the security software market, furnish rigorous arguments for several counterintuitive observations in the real world, and provide managerial insights for vendors on market competition.