Alan_J_Roberts@Sun.COM (11/12/89)
Aryeh Goretsky's posting about Pam Kane's VIRUS book was much too
kind. The only purpose I could perceive for the book was as a vehicle
for promoting her antiviral products. Had she stated up front that
this was her prime intent I would have had no problem with it. As it
is, the book presents a shamefully inaccurate account of the
technical, economic, corporate and political issues surrounding the
virus problem. It further fails worst where it claims to offer the
most. For example:
Pam takes a clearly defined posture on the economic damage done by
the Internet worm. She rails against the outrageous estimate of 100
million dollars damage estimated by a "quasi virus expert" (an unnamed
John McAfee) and "proves" that the damage was far less. What is
interesting here is that any first year student of business
administration could quickly peg the costs at at least 100 million by
simply calculating lost access time. A quick call to Stanford would
place the number of Internet hosts at over 200,000 and the average
users per host at over 20. We know that 50% of the connections were
down for 24 hours and some (including ARPANET) were down for up to 4
days. Assuming the absolute minimum - that we suffered a 50%
reduction in interconnectivity for 16 working hours, that only 50% of
user time could be allocated to remote connections versus local use
(an absurdly low assumption given the prevelance of E-mail), and that
only 20% of a user's normal workday required any access to a terminal
for any reason - local use or remote, and that the burdened
person-hour cost to the organization is $27 per hour (standard white
collar allocation), then the lost access costs are
(#users)(interconnectivity down time)(%time allocated to remote use)
(%productive time allocated to terminal access) = $86,400,000. This
figure does not include the more significant costs of host down-time
for diagnosis/ clean-up, application costs allocated to late
processing (enormous costs for many applications), and dozens of other
indirect (but no less real) cost factors associated with unplanned
disruptions of organizational processes. In pam's viewpoint, it
seems, the only observable effects of the Internet event were the
disinfection and recovery of the infected machines - a factor so
economically insignificant that it was not even included in McAfee's
analysis.
What this points out, I believe, is that Pam, while professing to
write a book about the business implications of the virus problem,
appears to be completely ignorant of fundamental business economics.
She appears equally ignorant of virus technical issues.
Alan