McAfee Cockup: Apologies Are Not Enough

When companies around the world rely on an antivirus company to keep their PCs safe, and that company issues an update that crashes a significant number of the world’s computers, the words “false positive” don’t really do the situation justice.

“False advertising” might be nearer the mark.

McAfee plays down the problem

As we understand it, McAfee issued an update which mistakenly identified svchost.exe, a key Windows file, as a virus. McAfee’s statement claims it only affects “one half of one percent” of its users, which sits somewhat strangely with the “long day” in the office which McAfee’s Barry McPherson describes on a company blog.

eWEEK has an all-XP office, and we found that one third of our users lost a morning’s work. Another third use AVG antivirus, and the rest thought they had McAfee, but – through good luck – weren’t fully updated.

We believe that the full extent of the problem caused by McAfee’s mistake will be larger than the company wants to say now. And we are also waiting a response to the company on the question of whether it will be offering compensation for lost productivity to the victims of its mistake.

We also expect the incident will have a major impact on usage of the company’s products.

The problem of bundling

I have to say that I have never liked McAfee software, or its commercial rivals, which sell their wares through a process little short of a protection racket. The software is bundled on PCs, which should give the company a more-or-less captive market, although in my experience the process of installing and paying for it is usually rather too complex.

The process of bundling security software in fact skews AV business models very seriously, as each supplied with McAfee nag-ware or trial-ware costs the company $5 to $15, a very significant fraction of the possible revenue the company can get, when users succeed in negotiating the update screens and paying for it. The marketing costs of this model are, in short, so high, it raises serious questions about the whole business model.

And, not everyone realises the model is actually losing ground against free AV software. AVG and Avast each claim around 100 million users, while McAfee and all the other operators (including some other freeware solutions, and nagware installations that aren’t yet paid for) have around 90 million between them.

Freeware antivirus products rely on word-of-mouth to spread them, and honesty to persuade commercial users (like myself) to convert to the paid version. It is apparently much cheaper to maintain a user base of 100 million users with updates than to pay PC makers to put your trial-ware on theier systems.

I met Avast’s CEO Vince Stickler in London last week, and he claims to have a conversion rate “in low single digits”, which is enough to make Avast profitable. And the big base of free users gives the company an advantage in spotting new attack signatures, he said.

Incidents like today’s McAfee mishap will push users away from the bullying dinosaurs of anti-virus towards companies evolving a more co-operative style of working.