

McAfee.com sleeps through its nightmare scenario - bensummers
http://blogs.zdnet.com/SAAS/?p=1066

======
blantonl
I think this is a pretty good example of how "Enterprise Software" will
continue to quickly lose favor with customers. My personal opinion is that the
"Enterprise Software" market is now more than ever about sales and marketing
rather than innovation and and delivery.

Just look at the release budgets for enterprise software - sales and marketing
are at the top, while R&D and support are at the bottom.

If any open source implementation of anything like this happened, I can assure
you the comitters and developers would be appalled and embarrassed (in
public), and significant lessons would be learned all within users view.

Meanwhile, in the "Enterprise Software" arena such as McAfee's - their learned
lessons are clear. How do we spin this? And how do we align our marketing and
sales teams to minimize the impact on our sales models.

I'm just shaking my head at this one...

Serious lessons to be learned here...

~~~
vtail
> I think this is a pretty good example of how "Enterprise Software" will
> continue to quickly lose favor with customers. My personal opinion is that
> the "Enterprise Software" market is now more than ever about sales and
> marketing rather than innovation and and delivery.

How so? According to McAfee, the problem only affected less than 0.5% of their
non-enterprise customers. I'm sure only small fraction of those affected will
decide to switch their vendor; the rest of non-technical crowd will simply
ignore this.

> My personal opinion is that the "Enterprise Software" market is now more
> than ever about sales and marketing rather than innovation and and delivery.

> Just look at the release budgets for enterprise software - sales and
> marketing are at the top, while R&D and support are at the bottom.

We have actual data to debate this: McAfee's annual financial statement,
[http://www.google.com/finance?q=NYSE:MFE&fstype=ii](http://www.google.com/finance?q=NYSE:MFE&fstype=ii).

In 2009, McAfee spent $839mn on SG&A and $325mn on R&D. Sure, the R&D number
is less than SG&A, however:

\- SG&A number includes administrative expenses, paying rent for buildings,
providing customer support etc.

\- $325mn on R&D is a huge number. Assuming fully-loaded annual developer cost
of $200k, it's 1.6k developers working _full-time_ on this product. I'm not
sure how many open-source software project have similar number of at least
_part-time_ developers involved. Even taking into account "A Mythical Man-
Month" etc. is still a significant resource.

Having a decent anti-virus product requires, among other things:

\- Having full-time dedicated security experts - and by experts I mean people
who literally have decades of experience in the field. You cannot become a
security expert overnight.

\- Dealing with thousands of different software/hardware environments at
customer machines

\- _Regularly_ updating virus databases, monitoring threats 24/7 and providing
rapid updates for every new virus/trojan

\- Providing decent customers support to all of your non-technical customers
who don't know much about computers.

I don't know how well McAfee handles all the tasks above - I'm not their
customer, and not affiliated with them in any way. I just want to emphasize
that anti-viruses are non-trivial, and there is no existing open-source
business model today that can handle this complexity.

~~~
hga
McAfee has now changed their estimate to "[...] a small percentage of our
enterprise accounts globally" [http://siblog.mcafee.com/support/mcafee-
response-on-current-...](http://siblog.mcafee.com/support/mcafee-response-on-
current-false-positive-issue/)

~~~
vtail
I was specifically referring to their non-enterprise customers. For them,
their statement says that "a fraction of our consumer base–home users" [is
affected].

Enterprise customers are in a different league: even if individual users are
extremely unhappy, it's the IT department who makes the final decision about
switching vendors.

I'm extremely unhappy about using Lotus Notes for email/calendar where I work,
but can do nothing about it, other than whining on the internet.

~~~
hga
Hmmm, I guess I confused what you said with this early statement from them:

" _We believe that this incident has impacted less than one half of one
percent of our enterprise accounts globally and a fraction of that within the
consumer base._ "

------
maukdaddy
McAfee desperately needs some PR help on this one. It will be much better in
the long run to put a large, prominent announcement on the their site linking
to instructions, etc. Even better would be an 800-number so that affected
customers could call and be walked-through the process of fixing their PCs.
Yes, this would hurt the bottom line, but it is just good business.

~~~
rdj
Why? In a matter of days even the most computer savvy of folks will have put
this behind them. McAfee will still be bundled with Localtown-ISP or installed
on the new desktops. Mom and pop will see that their "subscription" is about
to expire and won't even wonder if this was the program that broke something
with svhost.exe.

While you and I may agree that it would be good business for them to go out of
their way to fix this and clean up their image, I just don't think it really
matters in the long run. I would be surprised if they do anything other than,
"Whoops. The next signatures are here".

------
rbanffy
I'm intrigued why shares haven't suffered.

<http://bit.ly/ce29LA>

