Daily Archives: July 19, 2006

Dvorak Misses Point of Microsoft-Nortel Alliance

In a column that is as overheated as it is vituperative, John Dvorak rails against yesterday’s news regarding Microsoft’s and Nortel Networks’ strategic alliance to develop and deliver unified-communications solutions that leverage Nortel’s telephony expertise and Microsoft’s prized desktop real estate.

This site was one of many that attempted to explain why Microsoft and Nortel combined forces on this strategic initiative. It’s clear to me what each party hopes to get from the partnership and why each of them felt this was a good idea to pursue. Whether that will translate into real traction in the marketplace, with the people who fork over their money in exchange for products and services, is another matter. Even if the strategy is right, the execution must be solid. A lot can go wrong with a partnership this broad.

That said, I understand the strategy, and I think it could turn out to be particularly beneficial for Microsoft, but only if Microsoft continually provides Nortel with enough incentive to follow the script. There’s a real danger that Nortel, if it can deliver itself into a position less desperate than the one in which it finds itself today, might become more than a little anxious about Microsoft’s ultimate motives unless Team Redmond restrains its hegemonic tendencies and empathizes, at least a little, with Nortel’s aims and objectives.

Microsoft wants to unify communications in Office and on Windows. It wants to run everything — telephony, email, instant messaging, videoconferencing, whiteboarding — on the desktop, with presence not only interwoven through its communications applications but also embedded throughout its personal-productivity and business applications. It’s a means for Microsoft to give a powerful second wind to its applications business, which is having an increasingly difficult time getting corporations to upgrade to new releases.

Dvorak misses all that, though, going off on a few tangents that are truly bizarre. He produces a textual rant that creates and knocks down a series of straw men at such a feverish pace that you leave with admiration for his imagination, if not for his reasoning.

Antivirus Software Practically Useless

Graham Ingram, the general manager of the Australian Computer Emergency Response Team (AusCERT), told an audience at a security breakfast this morning that the most popular antivirus applications on the market are rendered useless by around 80 percent of new malware.

Said Ingram:

"At the point we see it as a CERT, which is very early on, the most popular brands of antivirus on the market … have an 80 percent miss rate. That is not a detection rate, that is a miss rate. So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in."

That’s hardly the sort of endorsement Symantec, McAfee, or Trend Micro wants to receive from a security authority. "We stop 20% of malware!" isn’t the type of promotional copy a security marketer wants to see on her website or on the boxes of her packaged software.

But Ingram isn’t out to damage the brand equity of the major antivirus players. He’s trying to sound the alarm that computer users are not as secure as they assume themselves to be. Perhaps he’s also trying to get the security industry — which has more than its fair share of charlatans and demagogues thumping tubs all along its carnival midway of fear — to give serious consideration to new and different approaches that might actually stem the growing tide of malware.

As Ingram says:

"I am not suggesting that there is a difference in the quality of the antivirus products themselves. What is happening is that the bad guys, the criminals, are testing their malicious code against the antivirus products to make sure they are undetectable. . . . "

"What do most people have as protection for their client machines? I would suggest it is antivirus. You are lucky if you have antispyware. So they are attacking a machine that is protected by a piece of software that is not working."

Indeed. That is a serious problem, for the security industry as well as for the poor dupes who install anti-virus software and somehow expect that they are safe from online maladies. The trend has been established, and it’s going to get much worse before it gets better — if it gets better.

What’s happening, as Ingram suggests, is that the most popular anti-virus software also is the most permeable to malware. That’s because, as he explains, the increasingly sophisticated designers of malware test their pernicious code against the top-selling brands, just as they targeted Windows machines instead of Macs or Linux boxes when they were devising earlier exploits. If they know there’s a sizable installed base of Symantec and McAfee client AV software out there on PCs globally, they’ll make sure they test their exploits against those brands first. It’s a basic marketing principle in action.

You could buy an obscure brand, hoping that it will offer greater protection than the best-selling products provide, but that’s just a stopgap measure, not a solution to the problem. The malware legions are attuned to the market, and they will adapt their tactics for the greatest return on their investments of time and effort.

Where does that leave us? It leaves us, as consumers and as an industry, with a big problem. Services and technologies are being developed to address the problem, but the bad guys are showing more creativity and versatility, perhaps because they don’t have legitimate business franchises and cash cows to protect.

Some people say running anti-virus software that is largely ineffective against malware is better than having no protection at all. That’s true, I suppose, but it makes you wonder whether the value propositions anti-virus vendors are selling are worth the prices they charge for their products.

If ever an industry needed a dose of reality and an infusion of intellectual honesty, it’s the Internet-security business. We should all thank Ingram and others like him for delivering occasional wake-up calls.

Symantec’s Borrowed Money: For the IRS or for Acquisitions?

Symantec has negotiated a $1-billion unsecured revolving credit facility with a group of technology-industry investment banks. My guess is that the company’s intelligentsia doesn’t plan to use the money for renovations and landscaping in and around its Cupertino headquarters.

Naturally, Symantec doesn’t publicly disclose why it pursued the loan, but it is not a stretch to think the company might have acquisitions in mind. Symantec made five acquisitions in 2004, five more in 2005, and has made two acquisitions so far this year. According to published data, Symantec has approximately $2.87 billion in cash on its books, with debt of approximately $513 million. It’s market capitalization, as of today, exceeds $16 billion.

Another possibility, though, is that Symantec needs the money to repay what it is alleged to owe the Internal Revenue Service (IRS). In a petition filed with the U.S. Tax Court in June, Symantec said the IRS is seeking more than $757 million in back taxes owed by Veritas Software Corp., a company acquired by Symantec in 2005, plus another $303 million in penalties.

My rudimentary computational skills tell me that the back taxes and the penalties add up to more than $1 billion. Nonetheless, Symantec continues to pursue a negotiated settlement with the IRS that could see it pay less than $1 billion to resolve the matter.

For Check Point, it’s Acquire or be Acquired

Internet-security mainstay Check Point Software Technologies has stalled. During good quarters, its year-over-over revenue growth now is in the single digits, and when things aren’t as good, as in the quarter it just reported, the company’s year-t0-year quarterly revenue actually declines modestly.

Check Point misread or disregarded important market signals from customers, and it missed lucrative opportunities as a result. It missed the customer-demand shift from buying and installing security software at the network perimeter to simply buying a ready-to-roll appliance for perimeter deployment. It also reacted belatedly and somewhat indifferently to the market demand for inbound messaging security. The company also hasn’t come up with a coherent strategy yet in network access control (NAC), though its major competitors have staked out their positions.

Finally, it tried, unsuccessfully and belatedly, to enter the the intrusion-prevention market via the acquisition of Sourcefire, which was strongly discouraged by the US government on the grounds of national security; Check Point rescinded its offer for Sourcefire before the US government was forced to issue a formal decision preventing it from moving ahead.

Even though Check Point’s executives attempted yesterday to put on a brave face, reaffirming guidance for the year ahead and stating that the company is poised for robust growth, it appears a darker scenario is unfolding. Check Point no longer is the kingpin of the decidedly mature firewall market, where it has been displaced at the high end by Cisco and to a lesser extent by Juniper’s NetScreen products. It also faces formidable competition in the hotly contested SSL VPN market, and it faces a tough battle for uncertain gains in the unified-threat management (UTM) market. When you add it all together, Check Point needs at least one other card to play to keep revenues growing and profit margins respectable.

Check Point will have to choose wisely, because time is running out. I don’t think it wants to be acquired, so Check Point must do a discerning job of acquiring if it is to give itself a second wind as a growth company in the security sector.

Security Rumor: IBM Considering Acquisition of ISS?

A rumor is making the rounds that IBM executives are in the Atlanta area this week attempting to negotiate the acquisition of Internet Security Systems, Inc., which has become something of a forgotten presence in the security space as its many competitors have made moves and countermoves in a consolidating market.

It’s an interesting potential fit, and it will be just as interesting to see whether the rumor proves true.

Intel’s Annus Horribilis: The Year of Continual Cuts

Layoffs are not pleasant, but companies are compelled to enact them from time to time. As markets wax and wane, especially for long intervals, companies need more or fewer employees, respectively. They have cost structures and earnings to maintain, and, if revenue isn’t rising, costs must be pared.

Given the relatively torpid state of the PC industry and Intel’s company-specific competitive complacency in relation to hard-charging AMD these last few years, it’s no wonder that Intel CEO Paul Otellini called for a purge of 1,000 managers on July 13. Otellini not only wanted to slash costs, but he wanted to send a message that renewed vigor and vitality were required.

If these cuts were carried out expeditiously and professionally, disruptions to the company’s ongoing operations and employee morale could be mitigated. Now, however, we learn, from an Intel executive quoted in the trade press, that the 1,000 cuts are not the well-ordered end of a logical process of evaluation and subsequent action, but are perhaps the beginning of a perpetual purge that could continue right through to the end of the year.

Donald MacDonald, vice president and general manager of the company’s digital home group, told IDG News Service that Intel executives are looking for redundancies in the business structure of the 100,000-employee company, emphasizing that “nothing was off the table.”

MacDonald doesn’t think a continual employee vaporization is a big deal, however, though he wants everybody to know it has been difficult for him personally, as the following quote attests:

“This is not ‘death by a thousand cuts,'” MacDonald said. “If it didn’t involve people, this would be a really exciting time for the company.But I had to lay some people off on Friday, and it was horrible.”

Somehow, Mr. MacDonald, I think it was worse for them than it was for you. What’s more, you can say it’s not the death of a thousand cuts if that’s what you want to believe, but employees and managers, feeling perpetually at risk with the sword of sudden termination wielded above their heads, might feel otherwise. One of the worse distractions in a company are the rumors and culture of fear that results from poorly planned or seemingly open-ended layoffs.

If Intel’s executive class is demanding, rightly so, higher levels of proficiency and professionalism from its managers, then it is only right that Intel’s executives should lead by example. An executive talking idly to the press about how the cuts could continue indefinitely, and could strike anybody and anywhere in the company, isn’t exactly setting the bar very high.

Said MacDonald:

“We had become bloated. It’s like middle-age spread,” he said, patting his belly. “You don’t know how it happens, but one day you look down and it’s there.”

“As a senior manager, I bear some responsibility. And now we have to mop up the mess.”

It’s difficult to imagine that Otellini calculatingly dispatching MacDonald to deliver this bizarre message to the media, but, if he did, perhaps Intel is in worse shape than we know. As for MacDonald and his profound sense of responsibility, he should think about injecting a little humanity and tact — if he can find some of each — into his overriding urge to purge.

Furthermore, if he really feels he’s responsibility for “the mess,” why doesn’t he meet his exalted standards of noblesse oblige by falling on his own cost-cutting sword?