
Why Intel bought McAfee - tortilla
http://arstechnica.com/business/news/2010/08/why-intel-bought-mcafee.ars
======
tptacek
For anyone looking for the decoder ring here: vPro is the Intel code word for
hardware products that support hardware virtualization, TXT (crypto-signed
executable memory security), and out-of-band management via the Intel AMT
management engine doohickey.

A "vPro" application for McAfee might, for instance, be to embed the AV engine
in a slim hypervisor layer, invisible to the OS, and to have it report status
to a mothership using the AMT engine.

People have been talking about Intel baking McAfee into hardware without
realizing that they have better options than that.

~~~
moe
_A "vPro" application for McAfee might, for instance, be to embed the AV
engine in a slim hypervisor layer, invisible to the OS, and to have it report
status to a mothership using the AMT engine._

Nice. A vendor controller hypervisor with full access to the system and
supposedly no way for the user to alter or inspect the code it runs...

What could possibly go wrong.

~~~
wccrawford
Actually, my first thought was "Man, that would be a great spot for a virus."
If other code can get in there, why not?

~~~
tptacek
Which sums up approximately 5 consecutive years of Black Hat Vegas and DC
presentations on rootkits.

------
sdz
Yes, it's clear that Intel wants to make security a top priority. However,
this article still doesn't explain why acquiring McAfee in particular makes
any sense, especially at a cost of $7.7 billion.

Yes, it does say that the "McAfee purchase gives Intel an instant foothold on
countless PCs," but these are not the PCs that Intel is after. These PCs
already have Intel chips on them. Intel presumably wants security as a
headlining feature for their next generation chips to entice users to upgrade.

In addition, Intel can gain an even wider-reaching foothold into your PC by
bundling a driver and distributing it through Windows Updates, as it does
already with its integrated video solutions. They presumably wouldn't need to
pay Microsoft $7.7 billion for the priviledge of making Windows more secure.

Aside from the foothold in your PC, then, what is left of the "long-term,
strategic buy"? There might be some patents and some talented developers, but
for a company that already spends $5 billion on R&D every year, it's hard to
understand why Intel couldn't come up with an in-house solution.

No, the real reason why Intel bought McAfee is probably much more pedestrian:
Intel is simply sitting around with too much cash earning too little return.

~~~
tptacek
(1) McAfee is a cash register that can be valued at some multiple of the next
N years earnings.

(2) Intel has a huge and underutilized repertoire of security infrastructure
technology that it can't, as a hardware vendor, fully exploit right now.

(3) McAfee has a huge installed base across the Fortune 1000.

(4) McAfee and Intel were already collaborating on integrating AV with
hypervisors and remote management.

From a strategy perspective, this seems pretty straightforward. Intel is
vertically integrating. ISVs weren't taking advantage of Intel's existing
security investment, probably in part because the industry was structurally
resistant to that happening. Rather than waiting and hoping for the stars to
align, Intel is taking control of its own destiny.

~~~
sdz
I agree that there is a strategy here. However, every strategy needs to be
evaluated relative to the cost, and from my point of view, the price that
Intel is paying to execute this strategy is too high.

If we look at MFE's peak earnings from FY2009, it's $173m. So a $7.7b price
tag is just under 45x. In other words, it'll take 45 years of FY2009 earnings
to merely regain the initial investment. Now let's be more generous and give
Intel a low discount rate of 5% and assume that those earnings grow compounded
10% each year. It will still take 25 years for Intel to make back that
investment.

Of course, the investment gets better if there are synergies that will provide
additional boost to Intel's earnings, but what are they? I don't really buy
(2) since Intel has shown that they are capable of getting their software onto
your computer when they want to (see their integrated video drivers that
download through Windows Update).

But even if they couldn't, they could have just continued collaborating with
McAfee without buying them. That's essentially the exact same thing as what's
happening now, minus the big transfer of wealth from Intel shareholders to
McAfee shareholders.

I suppose that I'm just not convinced that Intel couldn't have rolled their
own solution for less than $7bln. Even if they really needed to buy McAfee, a
60% premium over the market price is pretty steep, and it's hard for me to see
how that adds more value to Intel shareholders than a 7% special dividend or
buyback. So far, I haven't seen an argument that's made me think, "Oh yes,
that IS something I'd pay $7 billion for."

~~~
tptacek
Drivers and antivirus are not comparable footholds on desktop computers.
Enterprises don't buy premium drivers. They don't select vendors based on
driver brands. And, as Intel seems to have found, they don't pay premium
prices for desktop chipsets based on remote access drivers.

McAfee's gross revenues for the last 12 months total over 2 _billion_ dollars;
that's many many hundreds of millions of dollars worth of enterprises
specifically selecting McAfee software as part of their standard build and as
part of the mechanism by which they track and secure their computers.

Is MFE worth the premium? I have no idea. But the "synergy" here is not very
fuzzy. Intel has a clear path towards both integrating and bundling MFE's
value propositions into their own hardware, and to generating lock-in both
based on MFE's brand (which may command north of 40% of the enterprise market)
and on a combined AV/hardware security offering that won't be available from
any other mainstream vendor.

I don't want to sound like a booster for this acquisition. I'm not. I'm just
saying that it's nowhere near as crazy as some people (particularly the
"what's Intel going to do, implement AV in ASIC?" crowd) seem to think it is.
This is a straightforward vertical integration play, along an axis in the
industry (enterprise desktop security) that is natural for Intel to be
exploring given their last decade's worth of investment.

------
Vitaly
Intel CEO: I need an antivirus. Can you buy me something?

Some time later, his assistant: DONE! We just bought you McAfee.

Intel CEO: Cool! What version?

Assistant: Hmm, version?

------
protomyth
This line in the article makes me a little weary of Intel: "He then told an
anecdote about how he was watching Intel CEO Paul Otellini being interviewed
by Charlie Rose, and Otellini told Rose, "I've given our company a charter to
make [security] job one." Rattner laughed and told us that this statement
seemed to come from out of the blue, and it took him and other Intel execs by
surprise. But from that day forward, Rattner was focused on security."

I wonder how many other projects at Intel got started this way.

------
yellowbkpk
I like this explanation better:

Intel CEO: "We need antivirus, can someone buy me McAfee?" Few hours later:
"Done." "Great, which version?" "Version ... ?"

(From <http://twitter.com/paulmutton/status/21646042097>)

~~~
cryptoz
Not sure why you're being downvoted. I laughed!

------
sahaj
sounds like a bet that corporations and consumers will return to buying PCs in
the very near future since they have delayed their purchases because of the
recession.

