Internet Opens Up New Markets - For Hackers and Viruses As Well
Madanmohan Rao interviews Srivats Sampath, CEO, McAfee
Most people who have ever booted up a personal computer (PC) will
have noticed the presence of McAfee security software. Since December
1998, Srivats Sampath has been the president and chief executive
officer (CEO) of McAfee, the world's leading security application
service provider (ASP). His fifteen years of experience in the
information technology sector includes head of marketing at Network
Associates and Netscape Communications, and other positions at
Central Point Software and Intel.
Srivats is also on the boards of WebTrends Corporation and Cadabra.com.
He received his bachelor's degree in electronics and telecommunications
engineering from Madras University in India.
Rao: What was the founding vision for McAfee.com?
Sampath: To build a very unique company that delivers security
not as software but as a service. Early on, we realized that security
needs to be managed constantly and evolve to protect against new
threats on a very regular basisand the only way to do that is
through being an ASP (application service provider).
What we have proved is that we have rapidly become one of the
largest consumer ASPs on the Internet, providing security to users
in over 230 countries. Our next step is to take this concept to
small and medium-sized businesses.
R: How has your organization grown since its founding?
S: McAfee.com was created in June 1998 purely as a concept. In
December 1998, we launched an online version of VirusScan (McAfee's
anti-virus product) and received tremendous feedback from our
trial subscribers. We quickly realized that we had something valuable
and viable on our hands. In September 1999 we launched the paid
version of McAfee.com providing our security services to consumers.
Since then, we have rapidly grown to nearly 800,000 paid subscribers
and close to one million active subscriptions. In 1998 we started
with two employees and now we have over 160. Our revenues have
nearly doubled year over year, and we are in a good track for
more growth in the next year.
We are one of the few Internet companies that are showing profitability
and growth in revenuestwo good indicators of a healthy business.
R: What are the top three trends you have noticed in Internet
security in the past couple of years? What can we expect to see
in the coming year?
S: The trend that we saw in the last few years is a corollary
to Metcalf's Law (the value of the network rises exponentially
with every node you place on it): as the network grows, the vulnerability
of the network also rises exponentially with every node placed
A prime example of this is the "ILOVEYOU" virus that propagated
around the globe in under five hours. If you didn't have the Internet
this wouldn't have happenedthe Internet is the enabling medium
for viruses to propagate. We will see more of these [viruses]
as more people will write them. The irony is that these malicious
viruses infect the very medium which propagates them. We will
see more rapid outbreaks that will do similar damage to the "ILOVEYOU"
virus in the very near future.
Another trend which we are witnessing is a result of the increasing
consumer use of cable and DSL connections. Traditionally, the
hacker community only targeted corporate computers. Now they are
setting their sights on home computers, where they want to steal
identities, credit card numbers, and other personal digital assets
that people place on their systems.
The third trend we are seeing is the organized efforts by groups
targeting the Internet infrastructure of large economy countries
(like the United States), exemplified by the classic case of the
denial-of-service attacks on Yahoo and eBay.
R: What are some key misconceptions you notice in the way companies
approach Internet security?
S: One major misconception we see is the belief that once youhave
a security system in place on your computer, you are safe. What
we'd like for people to realize is that security by its very nature
will protect you only at the time and moment. Because of the evolving
nature of viruses and hackers' ingenuity, you need to constantly
manage your security measures or face dire consequences. The actual
number of people that forget to update their anti-virus files
and upgrade their firewall software is surprising!
This can be likened in the real world to leaving your front door
open when you go on vacation. Instead, you use a lot of common
sense precautions to protect your real-world assets. As we migrate
to a digital world we have to take these old-world behaviors and
develop common sense precautions to protect our digital assets.
The second misconception is the notion that these things (virus
and hacker attacks) will happen to someone else. Let me tell youeveryone
is fair game in this world. E-businesses and consumers must make
security their top concern.
R: What are some of the online resources you provide for Internet
S: There are many services that we provide. One great example
is our World Virus Map, which is unique because it tracks viruses
in real-time. Nobody comes close to providing this type of intelligence
to businesses and consumers. Through our map, we can witness a
virus outbreak in another region of the world and this gives us
enough time to help reduce the infection of the virus.
We did this recently when we saw an alarming increase in an AmericaOnline
password stealing Trojan. Using this mapping system allowed us
to give ample warning to the AOL community about this Trojan.
The virus map provided us with this advance warning .
R: Who do you view as your major competitor in the security ASP
market, and how do you stack up against them?
S: We have been lucky in the sense that we have been a first-mover
with this concept back in December 1998. In the past two and a
half years that we have been in business, we have not seen a serious
competitor threatening our subscriber base and business.
To be competitive in this space a company has to heavily invest
in data centers and in the uptime required to properly manage
security. During the "ILOVEYOU" virus outbreak we had nearly a
million people visit our Web site for five consecutive days, and
we were the only anti-virus site at a five-nine (99.999) percent
uptime rate. This is a clear example of a return on our investment.
R: What has been the most challenging set of viruses and security
breaches that you have had to deal with?
S: "ILOVEYOU" was by far the biggest, and we view this virus as
representative of the tone of viruses that we will see down the
line. What amazed us was the propagation rate and damage it caused.
We have seen other viruses since, but none which have compared
to the level of speed and complexity of that specific virus.
Another trend we see developing is hackers using virusesparticularly
trojansto open up network PCs to the real world. The convergence
of hacking and viruses is an issue that we are closely monitoring.
R: How do you view the evolution of the home and business markets
for your products in the coming years?
S: The home market has long been our core franchise and typically
consumers have been left on their own as far as security and protection
is concerned. With our unique service-based approach, home users
can leave their security to us and we manage, protect and update
The same happens to small businesses: they don't have the resources
to have an IT department, but they realize having an Internet
presence is important. However, being on the Internet has its
risks in terms of hackers and viruses, and they need strong and
reliable protection against them.
Small businesses need to secure themselves just like large corporations,
and we provide the best solution in the marketplace, since managing
security is our core competence. Because small and medium-sized
businesses realize the need for security and can't do this themselves,
we are ideally suited to do it for themthis is a good example
of our strengths protecting their weaknesses.
R: What new offerings do you have for the wireless and broadband
S: In the wireless area, we offer our subscribers the Wireless
Security Center where users can protect their PCs and personal
digital assistants (PDAs) from the threat of harmful Trojans and
viruses. Currently, there are only 3 known viruses that affect
the Palm OS, but we expect more to come in the rapidly growing
As for broadband, we provide a personal desktop firewall. This
is one application that every home user who has a DSL or cable
modem connection needs. Not only are hackers going into people's
systems and searching for personal information, they are also
becoming increasingly aware that home PCs coupled with broadband
speeds are a perfect weapon to conduct denial-of-service attacks.
To this date, our desktop firewall has not had a single reported
R: How do you view the Asian Internet market? How does India fit
in here in this regard?
S: We think the Asian market is very big, and we think the Internet
growth of Asia far exceeds that of the United States because of
the population, and because of the reduction of price points.
India fits in a unique way because India is the largest market
of IT talent outside of the United States. This means large amounts
of people are using their computers both at home as well as at
As the Asian networks grow, security concerns about viruses and
hackers will also grow, and we think the opportunity for us to
come in and be a leader in Asia will be extremely viable.
R: Any other parting advice for Internet security professionals
S: Take security seriously. Security may be cumbersome and boring,
but it is something you have to build into your habit profile.
If you don't take steps to protect your digital assets, whether
it is personal or corporate, there is a very high probability
that something bad will happen to you.
R: If you had a chance to go back in time and start everything
again from scratch, what would you do differently the second time
S: I wouldn't change a thing!
The writer can be reached at email@example.com