Truth About Computer Security Hysteria
Brother, can you spare a minute?
Sunday, 20 May 2001
I'VE BEEN GETTING rather confused lately about the role of Venture Capitalists in the antivirus industry.
For the longest time, I had some rather idealistic ideas about how Venture Capital (VC) works, based on what I have read in various business magazines. I thought they worked together with entrepreneurs to help them finance their ventures. Considering the need for some innovative approaches to handling malware, this would be quite a useful activity. From my recent contact with representatives of several VC firms, I’d have to say that the stories in magazines lead one to serious misconceptions.
First of all, some full disclosure. I have a family to support and that means that I need to earn money on a regular basis, mainly by writing articles and acting as a paid advisor to organizations on the subject of malware.
Why would I state this rather obvious fact? Because, VC people seem to live in another universe where these laws of economic reality do not apply. While my evidence is entirely anecdotal, I suspect that my conclusion is not that divorced from what happens on a regular basis.
Cutting to the chase: over the past six months I have been contacted a number of times by people representing different VC firms who claimed that they were considering investing in developers of non-scanner antivirus products. In each case, the person contacting me started off the conversation by saying how much they liked a recent article of mine on alternative antivirus technologies. They then went on to say that they wanted to "pick my brain," or "have a chat" about these technologies, the market potential for these products, etc. etc. etc.
Why did they contact me? My theory is that they thought I knew enough about the area to make it worthwhile to talk to me. The interesting point in these conversations with VC people always came once we’d established that they thought I might have something to say of value.
This is when I discovered that the value they placed on my insights is of an ethereal nature, not a monetary one.
(Now, if they were a student, a reporter, a home user, or some other person who was looking for more information for some research they were conducting, I never have any qualms about responding to a query gratis, within reasonable constraints on time.)
Why would anyone expect Venture Capitalists to compensate someone for their advice? It must have to do with those confusing stories I kept reading in Fortune, Inc., and other business magazines. You know, the ones that say that VC folks invest in due diligence, pick over proposals with a fine tooth comb, examine every angle, get the lawyers and accountants to analyze the deal for every pitfall.
I’m starting to think this is utter poppycock. (Can we say 'poppycock' on the web, Rob?) [Yes.] What else would explain the sudden demurrals and soft backwards shuffle when I ask them if they are willing to pay for me to compose some serious and detailed responses to their questions. My feeling is that if someone asks me a serious question as part of their due diligence, I should give a serious, pondered answer.
Serious money needs to be spent on innovative antivirus technology to move it to the mainstream. But penny pinching VC firms are not the answer.
Until now, only VC have had an issue with attaching a monetary value to that answer.
We need to get out of the trap of constantly updating virus scanners. VCs want to profit when we find an answer. Yet until now, only VCs have had an issue with attaching a monetary value to that answer.
MY GUESS IS that VC firms actually make investments in antivirus firms based upon the tried and tested "throw the dart at the wall" technique. Or, maybe they don’t make the investments at all. I speculate they spend more on "doing lunch" each month than on researching these sorts of investment opportunities.
What does this sad tale of woe and misery signify for developers of non-scanner based antivirus products? I would have to say that expecting to find funding from a Venture Capitalist who will not invest even a few hundred dollars in properly investigating the potential for their product is a pipe dream at best.
Considering the real need for the development of new solutions to the malware problem, it is disheartening to see the companies trying to pioneer new ways facing hurdles like these. We’ve long reached the stage where we need to get out of the trap of constantly updating virus scanners in a game of "who’s on first?" Serious money needs to be spent on behavior blockers and integrity management technology to move it to the mainstream.
Penny pinching VC firms are not the answer. Better would it be to look elsewhere, for someone willing to at least perform a minimal amount of due diligence.