---

Internet Opens Up New Marketes - For Hackers and Viruses As Well

Madanmohan Rao interviews Srivats Sampath, CEO, McAfee

Most people who have ever booted up a personal computer (PC) will have noticed the presence of McAfee security software. Since December 1998, Srivats Sampath has been the president and chief executive officer (CEO) of McAfee, the world's leading security application service provider (ASP). His fifteen years of experience in the information technology sector includes head of marketing at Network Associates and Netscape Communications, and other positions at Central Point Software and Intel.

Srivats is also on the boards of WebTrends Corporation and Cadabra.com. He received his bachelor's degree in electronics and telecommunications engineering from Madras University in India.

Rao: What was the founding vision for McAfee.com?

Sampath: To build a very unique company that delivers security not as software but as a service. Early on, we realized that security needs to be managed constantly and evolve to protect against new threats on a very regular basis—and the only way to do that is through being an ASP (application service provider).

What we have proved is that we have rapidly become one of the largest consumer ASPs on the Internet, providing security to users in over 230 countries. Our next step is to take this concept to small and medium-sized businesses.

R: How has your organization grown since its founding?

S: McAfee.com was created in June 1998 purely as a concept. In December 1998, we launched an online version of VirusScan (McAfee's anti-virus product) and received tremendous feedback from our trial subscribers. We quickly realized that we had something valuable and viable on our hands. In September 1999 we launched the paid version of McAfee.com providing our security services to consumers.

Since then, we have rapidly grown to nearly 800,000 paid subscribers and close to one million active subscriptions. In 1998 we started with two employees and now we have over 160. Our revenues have nearly doubled year over year, and we are in a good track for more growth in the next year.

We are one of the few Internet companies that are showing profitability and growth in revenues—two good indicators of a healthy business.

R: What are the top three trends you have noticed in Internet security in the past couple of years? What can we expect to see in the coming year?

S: The trend that we saw in the last few years is a corollary to Metcalf's Law (the value of the network rises exponentially with every node you place on it): as the network grows, the vulnerability of the network also rises exponentially with every node placed on it.

A prime example of this is the "ILOVEYOU" virus that propagated around the globe in under five hours. If you didn't have the Internet this wouldn't have happened—the Internet is the enabling medium for viruses to propagate. We will see more of these [viruses] as more people will write them. The irony is that these malicious viruses infect the very medium which propagates them. We will see more rapid outbreaks that will do similar damage to the "ILOVEYOU" virus in the very near future.

Another trend which we are witnessing is a result of the increasing consumer use of cable and DSL connections. Traditionally, the hacker community only targeted corporate computers. Now they are setting their sights on home computers, where they want to steal identities, credit card numbers, and other personal digital assets that people place on their systems.

The third trend we are seeing is the organized efforts by groups targeting the Internet infrastructure of large economy countries (like the United States), exemplified by the classic case of the denial-of-service attacks on Yahoo and eBay.

R: What are some key misconceptions you notice in the way companies approach Internet security?

S: One major misconception we see is the belief that once youhave a security system in place on your computer, you are safe. What we'd like for people to realize is that security by its very nature will protect you only at the time and moment. Because of the evolving nature of viruses and hackers' ingenuity, you need to constantly manage your security measures or face dire consequences. The actual number of people that forget to update their anti-virus files and upgrade their firewall software is surprising!

This can be likened in the real world to leaving your front door open when you go on vacation. Instead, you use a lot of common sense precautions to protect your real-world assets. As we migrate to a digital world we have to take these old-world behaviors and develop common sense precautions to protect our digital assets.

The second misconception is the notion that these things (virus and hacker attacks) will happen to someone else. Let me tell you—everyone is fair game in this world. E-businesses and consumers must make security their top concern.

R: What are some of the online resources you provide for Internet security specialists?

S: There are many services that we provide. One great example is our World Virus Map, which is unique because it tracks viruses in real-time. Nobody comes close to providing this type of intelligence to businesses and consumers. Through our map, we can witness a virus outbreak in another region of the world and this gives us enough time to help reduce the infection of the virus.

We did this recently when we saw an alarming increase in an AmericaOnline password stealing Trojan. Using this mapping system allowed us to give ample warning to the AOL community about this Trojan. The virus map provided us with this advance warning .

R: Who do you view as your major competitor in the security ASP market, and how do you stack up against them?

S: We have been lucky in the sense that we have been a first-mover with this concept back in December 1998. In the past two and a half years that we have been in business, we have not seen a serious competitor threatening our subscriber base and business.

To be competitive in this space a company has to heavily invest in data centers and in the uptime required to properly manage security. During the "ILOVEYOU" virus outbreak we had nearly a million people visit our Web site for five consecutive days, and we were the only anti-virus site at a five-nine (99.999) percent uptime rate. This is a clear example of a return on our investment.

R: What has been the most challenging set of viruses and security breaches that you have had to deal with?

S: "ILOVEYOU" was by far the biggest, and we view this virus as representative of the tone of viruses that we will see down the line. What amazed us was the propagation rate and damage it caused. We have seen other viruses since, but none which have compared to the level of speed and complexity of that specific virus.

Another trend we see developing is hackers using viruses—particularly trojans—to open up network PCs to the real world. The convergence of hacking and viruses is an issue that we are closely monitoring.

R: How do you view the evolution of the home and business markets for your products in the coming years?

S: The home market has long been our core franchise and typically consumers have been left on their own as far as security and protection is concerned. With our unique service-based approach, home users can leave their security to us and we manage, protect and update their PCs.

The same happens to small businesses: they don't have the resources to have an IT department, but they realize having an Internet presence is important. However, being on the Internet has its risks in terms of hackers and viruses, and they need strong and reliable protection against them.

Small businesses need to secure themselves just like large corporations, and we provide the best solution in the marketplace, since managing security is our core competence. Because small and medium-sized businesses realize the need for security and can't do this themselves, we are ideally suited to do it for them—this is a good example of our strengths protecting their weaknesses.

R: What new offerings do you have for the wireless and broadband markets?

S: In the wireless area, we offer our subscribers the Wireless Security Center where users can protect their PCs and personal digital assistants (PDAs) from the threat of harmful Trojans and viruses. Currently, there are only 3 known viruses that affect the Palm OS, but we expect more to come in the rapidly growing market.

As for broadband, we provide a personal desktop firewall. This is one application that every home user who has a DSL or cable modem connection needs. Not only are hackers going into people's systems and searching for personal information, they are also becoming increasingly aware that home PCs coupled with broadband speeds are a perfect weapon to conduct denial-of-service attacks. To this date, our desktop firewall has not had a single reported security breach.

R: How do you view the Asian Internet market? How does India fit in here in this regard?

S: We think the Asian market is very big, and we think the Internet growth of Asia far exceeds that of the United States because of the population, and because of the reduction of price points. India fits in a unique way because India is the largest market of IT talent outside of the United States. This means large amounts of people are using their computers both at home as well as at work.

As the Asian networks grow, security concerns about viruses and hackers will also grow, and we think the opportunity for us to come in and be a leader in Asia will be extremely viable.

R: Any other parting advice for Internet security professionals and CEOs?

S: Take security seriously. Security may be cumbersome and boring, but it is something you have to build into your habit profile. If you don't take steps to protect your digital assets, whether it is personal or corporate, there is a very high probability that something bad will happen to you.

R: If you had a chance to go back in time and start everything again from scratch, what would you do differently the second time around?

S: I wouldn't change a thing!

The writer can be reached at madan@inomy.com