Most of those who have ever booted up a PC will have noticed the presence
of McAfee security software. Since December 1998, Srivats Sampath has been
the president and CEO of McAfee, the world's leading security ASP. His
fifteen years of experience in the IT sector includes head of marketing at
Network Associates and Netscape Communications, and other positions at
Central Point Software and Intel.
Srivats is also on the boards of WebTrends Corporation and Cadabra.com. He
received his bachelor's degree in electronics and telecommunications
engineering from Madras University in India.
Q: What was the founding vision for McAfee.com?
A: To build a very unique company that delivers security not as software but
as a service. Early on, we realized that security needs to be managed
constantly and evolve to protect against new threats on a very regular
basis -- and the only way to do that is through being an ASP (application
What we have proved is that we have rapidly become one of the largest
consumer ASPs on the Internet, providing security to users in over 230
countries. Our next step is to take this concept to small and medium sized
Q: How has your organization grown since founding?
A: McAfee.com was created in June 1998 purely as a concept. In December 1998,
we launched an online version of VirusScan (McAfee's anti-virus product)
and received tremendous feedback from our trial subscribers. We quickly
realized that we had something valuable and viable on our hands. In
September 1999 we launched the paid version of McAfee.com providing our
security services to consumers.
Since then, we have rapidly grown to nearly 800,000 paid subscribers and
close to 1 million active subscriptions. In 1998 we started with 2
employees and now we have over 160, our revenues have nearly doubled year
over year, and we are in a good track for more growth in the next year.
We are one of the few Internet companies that are showing profitability and
growth in revenues -- two good indicators of a healthy business.
Q: What are the top three trends you have noticed in Internet security in
the past couple of years? What can we expect to see in the coming year?
A: The trend that we saw in the last few years is a corollary to Metcalf's Law
(the value of the network rises exponentially with every node you place on
it): as the network grows, the vulnerability of the network also rises
exponentially with every node placed on it.
A prime example of this is the "ILOVEYOU" virus that propagated around the
globe in under 5 hours. Now if you didn't have the Internet this wouldn't
have happened -- the Internet is the enabling medium for viruses to
propagate. We are going to see more of these [viruses] as more people will
write these malicious viruses that infect the very medium to propagate
themselves. We are going to see more rapid outbreaks that will do similar
damage in the very near future.
Another trend that we are witnessing is a result of the increasing consumer
use of cable and DSL connections. Traditionally, the hacker community had
only targeted corporate computers, but now they are setting their sights at
home computers, where they want to steal your identity, credit card numbers
and other personal digital assets that people place on their system.
The third trend we are seeing is organized efforts by groups targeting the
Internet infrastructure of large economy countries (like the United
States), exemplified by the classic case of the denial-of-service attacks
on Yahoo and eBay.
Q: What are some key misconceptions you notice in the way companies
approach Internet security?
A: One major misconception is that all you need to do is place security on
your system and not worry about it. Security by its very nature will
protect you only at the time and moment. Because of the evolving nature of
viruses and hackers' ingenuity, you need to constantly manage your security
measures or face dire consequences. You'd be surprised to know the actual
number of people that forget to update their anti-virus files and upgrade
their firewall software!
The second misconception is the notion that these things (virus and hacker
attacks) will happen to someone else. Let me tell you -- everyone is fair
game in this world. E-businesses and consumers must make security their top
An analog to this in the real world is that you wouldn't leave your front
door open when you go on vacation. Instead you use a lot of common sense
precautions to protect your real-world assets. As we migrate to a digital
world we have to take these old-world behavior and develop common sense
precautions to protect our digital assets.
Q: What are some of the online resources you provide for Internet security
A: There are many services that we provide. One great example is our World
Virus Map, which is unique because it tracks viruses in real-time. Nobody
comes close to providing this type of intelligence to businesses and
consumers. Through our map, we can witness a virus outbreak in another
region of the world and this gives us enough time to help reduce the
infection of the virus.
We had done this recently when we had seen an alarming increase in an
American Online password stealing Trojan, and that allowed us to give us
ample warning to the AOL community of this Trojan. It is this advance
warning that the virus map provides.
Q: Who do you view as your major competitor in the security ASP market, and
how do you stack up against them?
A: We have been lucky in the sense that we have been a first-mover with this
concept back in December of 1998. And in the past two and a half years that
we have been in business, we have not seen a serious competitor threatening
our subscriber base and business.
To be competitive in this space you have to heavily invest in data centers
and the uptime required to properly manage security. During the ILOVEYOU
virus outbreak we had nearly a million people visit our Web site for five
consecutive days, and we were the only anti-virus site at a 5 nine (99.999)
percent uptime rate. This is a clear example of a return on our investment.
Q: What has been the most challenging set of viruses and security breaches
that you have had to deal with?
A: ILOVEYOU was by far the biggest, and we view this virus as representative
of the tone of viruses that we will see down the line. What amazed us was
the propagation rate and damage it had caused. We have seen other viruses
after that, but none compared to the level in speed and complexity of
Another trend we see developing is hackers using viruses, Trojans namely,
to open up network PCs to the real world. The convergence of hacking and
viruses is an issue that we are closely monitoring.
Q: How do you view the evolution of the home and business markets for your
products in the coming years?
A: The home market has long been our core franchise and typically consumers
have been left on their own as far as security and protection is concerned.
With our unique service-based approach, home users can leave their security
to us and we manage, protect and update their PCs.
The same happens to small businesses: they don't have the resources to have
an IT department, but they realize having an Internet presence is
important. However, being on the Internet has its risks in terms of hackers
and viruses, and they need strong and reliable protection against them.
Small businesses need to secure themselves like large corporations, and we
provide the best solution in the marketplace because managing security is
our core competence. Since small/medium sized businesses realize the need
for security and can't do this themselves, we are ideally suited to do it
for them - this is a good example of our strengths protecting their
Q: What new offerings do you have for the wireless and broadband markets?
A: In the wireless area, we offer our subscribers the Wireless Security Center
where users can protect their PCs and PDAs from the threat of harmful
Trojans and viruses. Currently, there are only 3 known viruses that affect
the Palm OS, but we expect more to come in the rapidly growing market.
As for broadband, we provide a personal desktop firewall. This is one
application that every home user who has a DSL or cable modem connection
needs. Not only are hackers going into people's systems and searching for
personal information, they are also becoming increasingly aware that home
PCs coupled with broadband speeds are a perfect weapon to conduct
denial-of-service attacks. To this date, our desktop firewall has not had a
single reported security breach.
Q: How do you view the Asian Internet market? How does India fit in here in
A: We think the Asian market is very big, and we think the Internet growth of
Asia far exceeds that of the US because of the population and the price
points coming down. India fits in a unique way, because India is the
largest market of IT talent outside of the U.S. This means large amounts of
people are using their computers both at home as well as at work.
As the Asian networks grow, security concerns about viruses and hackers
will also grow, and we think the opportunity for us to come in and be a
leader in Asia will be pretty big.
Q: Any other parting advice for Internet security professionals and CEOs?
A: Take security seriously. Security may be cumbersome and boring, but it is
something you have to build into your habit profile. If you don't take
steps to protect your digital assets, whether it is personal or corporate,
there is a very high probability that something bad will happen to you.
Q: If you had a chance to go back in time and start everything again from
scratch, what would you do differently the second time around?
A: I wouldn't change a thing!