66 comments

[ 2.9 ms ] story [ 167 ms ] thread
Is this new?
Did you click the link before commenting? The date is in the first line.
Everything is new when you were seemingly born yesterday... the date is the very first line "As filed with the Securities and Exchange Commission on September 28, 2020"
Does McAfee ever do something that isn't bad or worse?
Perhaps a more neutral phrasing: What is the value proposition for McAfee, in a world where basic anti-malware is built into most major OSs and their competitors are largely viewed as superior for the functions that they can offer?
They have a management plane that is still an asset for some people, and places with compliance requirements will use their crypto tools.

Security tools are an industry that’s all about m&a. They can buy a few startups and cobble together a suite of some sort.

I guess it begs to be asked: why has McAfee decided to IPO now as opposed to any other time in the past few decades?
(comment deleted)
Who’s it’s current owner? Since intel sold them, I assume they’ve gone between owners?
"On September 7, 2016, Intel announced a strategic deal with TPG Capital to convert Intel Security into a joint venture between both companies called McAfee. That deal closed on April 3, 2017. Thoma Bravo took a minority stake in the new company, and Intel maintains a 49% stake."

Wiki: https://en.wikipedia.org/wiki/McAfee

McAfee has been public in one form or another for over 25 years. This S-1 is for the most recent iteration of the company, which was spun out of Intel in 2017. (McAfee, then in its NETA form, was the first public company I worked for.)
> why has McAfee decided to IPO now as opposed to any other time in the past few decades

All of the tech companies see where the economy is going, and they all know it's time to bunker down. Going public is a good way to raise a nice burst of cash they can sit on to get through the really bad times ahead, especially while the market is still hot enough to raise said money.

As long as fed prints money...
I really wonder who's going to buy in to McAfee. Their original founder is outspoken against them, their primary product is built into every OS these days, and they've been selling off their brand trust in exchange for revenue. Their revenue growth with their current strategy is purely optimized for short term growth with catastrophic long term outlook.

They even say they don't have a plan for what to do with their money. In their filing under "Use of Proceeds" they state their objectives with the funds are to

a.) pay back a previous loan

b.) "the remainder for working capital and other general corporate purposes, including the acquisition of, or investment in complementary products, technologies, solutions, or businesses, although we have no present commitments or agreements to enter into any acquisitions or investments."

This really looks like a last-ditch effort to salvage the company and pay off a loan they couldn't.

B is boilerplate. Basically saying "we'll use the money for smart things". Everyone I've ever met seeking capital says this, I'm sure it's been in every S-1 I've read and I said the same words when I was seeking capital.

Oh, and it's non-binding so it's still possible to use the money for dumb things.

Just to expand on this, the "McAfee SECURE" logo was sold to PathDefender (not TrustedSite) and all those McAfee logos you see on websites aren't operated by McAfee any more.
Every time I find one of those "McAfee SECURE" logos I cringe because they are so tacky. Like please tell me exactly how MacAfee is keeping me safe on this website.
I doubt they even do a proper pentest evaluation, they just say "oh this site looks reputable" and slap it on.
> really wonder who's going to buy in to McAfee

Sorry to be glib, but: anyone who thinks the offering price is a discount against future value.

Clearly the company has _some_ revenue sources still? You could believe the company was going to be gone in five years and still think it was a good buy at the price offered.

I went to church (5yr ago) with a guy who was a VP in their corporate division. There was a decent detection software that they had bought up years before (Asomething) that they bundled into their edge product. That product apparently generated a lot of income.
My mom just bought a laptop, it came with McAffee. All the Windows laptops at work still run McAffee. Presumably as means to decrease productivity as much as possible, or I guess it must check some box somewhere, got me.
Best Buy and similar retailers bundle AV with the computer, and IIRC it's often impossible to not have it pre-installed (since Windows installs it at the OEM's request). The only way around this is using recovery media (bootable usb/cd) and NOT the "reset to factory" setting in Windows 10's recovery settings.
For a while now, Windows 10 has been able to reset to factory and remove all bundled apps via the Fresh Start reset option (https://support.microsoft.com/en-us/help/4026602/windows-10-...).

I've never tested to verify how well it works, and I don't think it prevents apps that Microsoft wants to include like Candy Crush.

You're right, although figuring out the correct path to perform this is confusing since there's a "reset" option (that does remove your personal data incl. files) that simply uses the pre-configured windows image, which Dell/etc modify to include the bundled software:

https://superuser.com/q/1236716/543570

>Their original founder is outspoken against them

Would anyone on the planet take investment advice from John McAfee?

> Their revenue growth with their current strategy is purely optimized for short term growth with catastrophic long term outlook.

Serious question - where exactly do you see this strategy being communicated specifically? Or is just purely anecdotal?

My work company (global company with offices in every region) uses them. An oldish version of the thing, likely mandated by head office in the US (I'm in Africa).

The antivirus routinely uses 100% of the CPU for hours in a day. Our machines are so locked down with other products, one would wonder if the McAfee stuff is even useful.

I have tinnitus because of laptop fans at work. A few of us who question IT practises are convinced that there must be something shady going on, as there are many better alternative. Heck, the default Microsoft option is good enough these days.

Silly compliance checkbox perhaps? I'm vaguely aware that certain PCI standards require organizations to install anti-virus software with specific requirements.
Windows Defender checks that box other than hogging the CPU.
> I have tinnitus because of laptop fans at work.

This seems unlikely, but on the off chance - ear plugs or concert ear plugs[0]? Concert earplugs ideally attenuate without changing the sound (not realistic, i know). Or a really good set of active noise cancelling headphones, in-ear monitors?

I do question the laptop fans being the root cause of tinnitus since there'd have to be so so many... are you in a server room of laptops running at full strength?

Regardless, protect your hearing!

[0] https://www.nytimes.com/wirecutter/reviews/best-earplugs-for...

I'll try what you're suggesting.

To give you a feel, one evening in the office when I turned off my laptop; colleagues stood up and asked what loud noise just turned off.

From that day, we noticed that our laptops were loud because of the fans. Sometimes the noise blends in because of AC and generally noise office. But the pitch is very high, and it's because CPU @ 60+ because the McAfee web control thing is running even though one has no browser open.

IT haven't been helpful, to the point where against compliance, a few of us being our own laptops to work, and use company ones here and there

This kind of noise on a laptop isn't normal. You may benefit from disassembling the laptop, removing any dust you find and reapplying thermal paste on the CPU.

There are countless tutorial on YT, even if you don't find your specific laptop model it will be close enough.

I'm pretty sure that any company that mandates Mcafee will not look kindly to their employees disassembling laptops either.
I've had the same experience of Mcafee - it makes you wonder how much their loathsome AV is contributing towards the company's power bill, and indeed global warming!
McAfee has significant market share in enterprise, where they've built a product that isn't necessarily good but largely meets compliance and management requirements more easily and more inexpensively than the built-in Windows features. What I mean here are remote management and monitoring features, across AV, host firewall, host IDS, DLP, SIEM, etc.

I don't mean to defend McAfee as their products are, across the board, pretty terrible. But I think most of their revenue comes from a market that Microsoft has, so far, largely chosen not to take on: enterprise security departments with significant remote management and compliance requirements. You can only approach what McAfee provides with Microsoft products, and you'd need AD, SCCM and the whole nine yards (probably Azure AD and InTune these days).

McAfee's major competition in this area is Symantec with Symantec Endpoint Protection (SEP). There aren't a lot of other vendors with an all-in-one solution.

Consider, for example, that McAfee holds the contract with the Department of Defense for HBSS which is McAfee's endpoint solution with custom tweaks for DoD requirements.

>Their original founder is outspoken against them

Given the... ahem... curious life journey[0] of said founder, I think that takes away approximately zero credibility from the company he left in 1994.

[0] https://en.wikipedia.org/wiki/John_McAfee#Legal_issues

He is a juicy character, but in this particular case his opinion matches that of the industry... which is to never touch anything McAfee-made even with a long pole.
An unhappy choice of words considering what he promised to do if BTC doesn't reach $1M by the end of the year. Somehow, I don't think he will bust out the jalapeño ketchup, relish, and spicy mustard, but will make some excuses. He's a media whore who always talks but never follows-through on anything.
I see it more as "even the very ... adventurous McAfee sees the need to distance himself from his old company"
(Can you please not use Unicode pseudo-fonts for emphasis in HN comments? We try to avoid visual gimmicks here. I've replaced the Math Bold Italic, or whatever that was, with standard italics, using asterisks as described at https://news.ycombinator.com/formatdoc.)
Shouldn't the Risk Factors section include a paragraph about the risk, nay certainty, that the eponymous founder will tarnish the company's brand by expounding on his outlandish activities (e.g. https://twitter.com/officialmcafee/status/106741539427993600...)?
He already has the top YouTube result for "how to uninstall McAfee"

https://www.youtube.com/watch?v=bKgf5PaBzyg

If he's already doing something, and like you say its a certainty that he'll continue, is that really a risk?

Side-note; Anti-virus software is ironically quite invasive and can be harmful to your system.

They bury themselves deep into the OS and often access undocumented kernel API's which can break the OS. In some cases they [1] betray your privacy in the name of security...

I guess it's still popular because it's often part of the bloatware on new PC's and Laptops...

[1] https://news.ycombinator.com/item?id=20703699

> I guess it's still popular because

It’s still popular because, A) it largely prevents malware, B) some security policies mandate it

>A) it largely prevents malware

compared to what? nothing at all? nowadays there's windows defender which is free so any antivirus product that doesn't do noticeably better is probably junk.

defender is an antivirus product. and yes AV largely prevents malware compared to nothing. defender is a damn good one, but doesn't meet enterprise needs. central administration and logging are nessecary when managing a fleet of tens of thousands of workstations. AV isn't perfect, partial prevention is more common than people think, partial prevention is also partial infection. I have seen countless incidents that started with their av product catching the malware half way through execution but they never knew because they don't receive central logs.

defender ATP solves some of these issues, but osx and linux capabilities are meh at best, and still very new. (linux at least) so still not ready for most enterprises. third party av exists because enterprises need centralized av across multiple OS that works ok. no one is fooling themselves thinking av prevents all malware, but it prevents a lot, and more importantly allows you to get visibility into your endpoints activities so a human can be alerted to what needs to be investigated further.

just because an av solution doesn't prevent things as much as others, doesn't make it completely useless, many many enterprises knowingly trade prevention and or performance for visibility, and cost, and that's ok.

> it largely prevents malware

Most antivirus has been shown to open more security holes than it fixes.

> some security policies mandate it

That's only because the people behind those policies think that A is true.

They bury themselves deep so that other malware can't uninstall it easily, that's basically it

But yeah it's a pain

It's been 20 years since I vowed to uninstall McAfee (& Symantec) software from every computer I could.

I've been pretty consistent at keeping that promise. Probably 1k+ uninstalls.

I worked at a helpdesk for a bit and made this a personal goal too. It actually increased business because people told me "their computer wasn't loud anymore". It's amazing what just removing some software and putting in better ram will do.
I work in security and let me explain why McAfee products are so commonplace in corporate environments, even when there are vastly better alternatives out there.

You want an AV product? Done You want a firewall product? Done You want central management? Done You want SIEM? Done etc etc

Are any of their products amazing compared to the alternatives? No! Do they integrate seamlessly with each other? No! Are they cheaper than alternatives? Probably not!

But.

They provide a solution for every checkbox. And it's easy to convince management and auditors that you have done 'the right thing' by using a well known brand. And this in turn gets pass marks from the auditors.

A specific note about integration between products, McAfee has a history of buying good security software companies and basically destroying them. The integrations usually 'barely work' and after enough people complain and the original core devs have packed up and left, they basically scuttle the product.

Remember when 'Foundstone' was a vulnerability scanner that was an actual alternative to Nessus and not the consulting arm of McAfee? I do and I'm still sad they gutted it.

I worked at a large American defense (blob? I don't know what the correct business term is) that put every damn McAfee product (all kinds of zany things I had never even heard of) on everyone's computers.

One particularly bad piece of software would intercept filesystem syscalls and I guess generate hashes from the data to do some sort of scan? Whatever it did made hg and the build tools almost unusable. For years everyone that was a member of the "engineering" group on the network was exempt but I guess someone realized managers were part of that and you had jump through administrative hoops to get temporary exemptions.

We had these amazing machines. I think the laptop I had might have been nearly as powerful as the desktop I just built, but my 10 year old thinkpad could consistently outperform them thanks to McAfee.

I believe the term you're probably looking for is conglomerate
I work in the enterprise space, and Mcafee is the AV I see the most, and I believe largely for the "checkbox compliance" reasons you mentioned.

Personally, I find Mcafee AV to be absolutely fucking horrible. It installs something like 10 Windows services, and runs about 15 processes, and it always consumes by far more CPU than anything else on my system - and I run Docker, Rider, etc, so actually put the system through it's paces.

As an aside, I'm currently working with a company that was recently hit by a randsomware attack. They have responded by installing two endpoint protection (aka next gen AV) systems, another DLP system (Mcafee DLP is already installed), and a kill switch that let's them remotely destroy a machine. The end result is that a machine that was previously severely degraded by Mcafee, is now a machine that is at times unusable, and permanently sounds like an aircraft taking off. I don't think they're even done - I'm pretty sure they're going to install more crapware! This BTW is a company that sends about 10 internal spam mails a day, many of which are images or/and full of spelling mistakes, and some of which are asking you to download and install .exe files...

Cyber security is a complicated profession
Many wireless carriers preload mcafee on android for free with updates. Who even knows if it catches bad android apps.
Got to wonder what the ratio will be for cocaine purchased per share. This IPO looks like it's headed for the Guinness Book of World Records, but I'd be curious to see how it stacks up with other IPOs. My bet is Uber is the overall #1, but if there's one individual who could singlehandedly shoot McAfee to the top, it's John McAffee. Less a man than a black hole for cocaine and prostitution, he's going to be pushing those numbers to new records. The only exception to this is perhaps post-Grimes Elon Musk. Not sure to what extent those 2 are stimulating the economy but they're certainly stimulating the economy for stimulants. On the other hand you have everyone else working at, what is by all accounts, a mature firm staffed with nerds working in a quiet sector.

At any rate, exciting news and I wish them the very best of luck.

But... he sold the company in 1994?
Why on earth did Intel acquire McAfee in the first place is still a mystery to me. And I dont know how many times it has changed hand since, and now we are back to IPO.

I actually think Oracle would be a better fit for McAfee given their enterprise nature.

The acquired them in the first place because they thought Security was the future. It was their big bet they could grow it synergistically to the core business while at the same time the market would wake up to security as important. The problem was that we moved to the cloud where cloud providers produced their own solutions, Microsoft woke up to security as well and it turns out security is really a part of the operating system- and Apple and Google figured that out on mobile. The nail in the coffin in my opinion was the fact that McAfee didn’t have the right security expertise- they had no influence on chip design, they were basically strong in corporate sales, which is something Intel already knew how to do and was useless on mobile. So it was just another case of Intel overpaying for something, letting it wilt in the shadow of x86 and then finally getting rid of it.

It’s not actually changed hands since Intel, Intel spun it out, retaining 49% ownership with TPG taking majority ownership with basically exactly thus plan - cut back the wasted investment Intel had made, make it lean and dump it on the stock market before anyone gets wise.

Wait, again? I had a friend who worked there the first time during the dot-com boom like 20 years ago. Crazy.