I'm starting this thread to track the response to the serious McAfee gaffe this morning (April 21, 2010). Apparently, McAfee mistakenly quarantined a critical process in Windows XP (SP3), causing cycles of automatic reboots for a rumored 800,000 computers globally, including at many major enterprises. I, myself, am not a McAfee user. I'm simply observing their response to this issue.
And that response so far has been tepid--simply issuing a patch, with a short apology at the end of a blog post: "We sincerely apologize for the inconvenience this has caused our customers and will update this blog posting as more details become available." [ see pdf from 949pm EST - I am providing PDFs as their posts are being edited/updated ]
Surely they will need to do something for disrupted customers, many of whom must have had a massively frustrating day today. I'll keep an eye on it and report back on this page.
UPDATE: at 11:15pm April 21. EVP Barry McPherson provides a well-phrased, but unapologetic, longer note in a separate post [ see PDF ], detailing how he has needed to be on hand for the last 14 straight hours, as if to excuse him for not being more communicative. I understand that, but why didn't corporate communications chime in immediately? We are talking about a mistake that resulted in hundreds of thousands of inoperable computers.
UPDATE 2: Day 2 - 12:15pm April 22: It's been more than 24 hours, and still no significant response from their Brand and PR people. For an event that could damage the McAfee brand so badly, the silence is deafening.
UPDATE 3: Day 3 - 12:15pm - April 23: It's been more than 48 hours. McAfee finally issued a more detailed apology last night [ View PDF of Mcafee_apology_blog_post ], with Barry McPherson writing that Mcafee is "extremely sorry for any impact that the...file may have caused you"
However, there's no link to this blog post on the homepage. Instead, McAfee bolded their existing link (in other words, they have done basically nothing to increase their acknowledgement of the crisis), and redirected the link to a page of fixes. This page, one level down from home, DOES NOT INCLUDE ANY APOLOGY [ view PDF ]. I want to point out that the USA Today headline for this problem was: McAfee anti-virus program goes berserk, reboots PCs. It's not helpful to bury your apology two or more levels down. Given the scale, shouldn't the apology appear on the homepage?
UPDATE 4: Day 3 - April 23 (Friday Evening): (I didn't post until Sunday) - David DeWalt, McAfee's CEO, writes an apology [ View DeWalt Apology PDF ], probably in the region of 60 hours after the incident began.
"McAfee’s business is protecting you, our customers, from threats and harm. We pride ourselves on our record of doing so, and we sincerely apologize for this incident. We will work hard to continue earning your full confidence in our company, our products and our brand."
UPDATE 5: Day 5 - April 25 - Sunday: Sometime over the weekend, McAfee finally pushed the issue to the main portion of their home page, but instead of apologizing or admitting fault, the space merely reads, "Information on this week's security update issue," which feels incongruent to the disaster - nearly meaningless - a throwaway. [ View GIF file of McAfee homepage at about 730pm April 25th ]
Still, I'm glad they put it right up front. I think they've finally realized that at this moment in time, no one cares about their upcoming product launch, because their brand has simply been ravaged by this incident.
UPDATE 6: Day 5 - April 25 - Sunday: Clicking through some of the links, I just saw that McAfee is offering restitution for home/home office users. [ view PDF ] It includes
- Toll Free Phone Support
- Offer to "express deliver" a CD with software fix (downloadable too, of course)
- McAfee will reimburse "reasonable expenses" for PC repair costs
- 2-year extension of McAfee subscription if you were affected by the problem
I think that's a reasonable response--I think users will just naturally feel that the solutions to the problem need to be expensive and painful to McAfee and I certainly think that this fits the criteria. Even so, I'm not sure it will be enough to keep people from switching away from McAfee for at least several upgrade cycles.
Corporate buyers only get a help article, although I am sure McAfee's account managers are sorting out how to privately compensate companies.
UPDATE 7: Day 7 - April 27 - Tuesday: McAfee CEO has now posted a 5 minute video where he apologizes, talks about specific reasons for the problem and goes through future safeguards. Also, he details what McAfee will be offering their business customers ("a customized business package based on your needs"). I'll give credit where it's due. This is a nice piece. It's clear and apologetic.
OVERALL: Ultimately, I think McAfee's response was pretty good, even though they were quite slow to get everything together--and they had to recover from a few missteps from a communications standpoint.
Were shareholders penalized? Their stock price ordinarily might have taken a bigger beating, but over the last few days, the price has been buoyed by a rumored HP buyout, keeping the PPS around $40, or approximately $5.5B in enterprise value. So despite having to give up what is, conservatively, $50-150M in future revenue (in the form of free services), in addition to many millions in out-of-pocket costs to placate customers right now, and the loss of at least some confidence from many customers and prospects, shareholders are still whole.. what a strange and mysterious world we live in!
BONUS UPDATE - 4/29 (equivalent to Day 9, but the crisis is all but over) after market close: McAfee fell about 12% after hours to a PPS of about $35, after reporting light earnings for the quarter and bringing down projections about 4-8 cents in earnings for next quarter, probably in grand part because of this crisis. I'd actually imagine this could happen for the next several quarters. With only 160M shares outstanding, you'd think there'd be as much as $.40-1.00 in missed earnings over the next 2 years.
Frankly, if you held on to shares, it's really your own fault. You had many exit opportunities after the crisis revealed itself, and even if the PR response was OK, it wasn't going to remedy the near-term damage caused to the brand, nor pay for the millions lost due to this problem. Note - I have had no position in McAfee throughout the time of writing of this post.