The $1 Trillion Cybercrime Myth

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

Some jerk will...

Hah, won't get it with your logged in account now will you!

http://xkcd.com/605/

Pffft!

The REAL crime is the theft of our pensions for 'too big to fail'. This other crap is some kind of diversion.

Re:Pffft!

Aint it the truth. My friend just bailed me out of a bad spot (car impounded because of parking too close to a driveway 220 miles from home with no money) and not one day later his car gets impounded because the cute little cop doggie says (in fully concise english) that there is pot in the car. Life is good.

Re:Pffft!

My previous car, a 78 Camaro got impounded when my mother hit a tree. What was really fucked up about that mess. The relevant laws for the area where it occurred and in my area states they must wait one hour before towing the vehicle and while doing so attempt to contact the owner of the vehicle. My phone number was on paperwork all over the place in that car, as was my email address, several chat handles, and home address. I was at home, next to the phone, on the internet, with most of my chat programs and email programs running the whole time. I did not get any calls, messages, or emails from them. In fact I didn't even know it happened until my uncle showed up and told me my mom was in the hospital. They wanted $200 just to let me tow it out of there, when I questioned that price they stated $80 for towing (from the scene to the lot), the rest for one day of storage in a mostly empty lot. When I told them they were crazy if they thought I would pay $120 for one day of storage in a lot that didn't look any more secure then my front yard, they told me I would have to pay even more if I left it there and that they'd "generously" nock off $40 if I signed it over. Fuck that, I left that shit there, then when I found out they sold it off without removing paperwork that had personal information on it I pressed charges. Somehow they got the case thrown out in exchange for waiving the fees, which neither me nor my lawyer agreed to (we were very surprised to find out).

Re:Pffft!

[haruchai]

Clinton, Dubya and Obama have all been drug users

Re:Pffft!

It's hard to characterize pot-heads as a minority, at least in te US, where demand is enough to create a turf war in the rest of america for the 'right' to sell you people some dope and surveys point that around 40-50% of americans over the age of 14 have smoked weed. You mormons are the real minority and it is an issue when the gov. criminalizes a drug used by millenia with no lethal or factually measurable consecuenses.

Re:billions - millions

This is what teaching plug and chug math reduces a population to...

Reread and try again.

If we give in

The number will be accurate, assuming we accede to Dr. Evil's demands. Which we never do.

these things... they happen

[zlives]

i once lost 1.21 jiggawatts in a time travel scam...

Re:these things... they happen

I once lost a wiffleball bat in your mom...

Of course it's made up

[Baloroth]

Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that. The thing is, and the reason people can get away with citing a number that ridiculous, is because it is so large. People simply have no concept of scale that large. You can't hold a number that large in your head, not insofar as it applies to something real. As a pure number, sure, but not as a number of something. The human brain can comprehend tens, even thousands: but trillions are simply too large for the mind to hold, which means that as a talking point, a couple billion is about the same as a trillion for your average human: it basically just ends up meaning "a really really really lot."

If you approach rebuking the number as "well what should the number really be", you aren't countering the key point behind those figures, which is simply to express a massive quantity. If you respond by saying the number should really be in the millions, people will usually scoff at you ("no way McAfee could have been that wrong") or at best simply take the average of the two numbers, which still yields a massive number in their head. The point of such studies isn't to be scientific: it's to be rhetorical. So ultimately, to the people citing that number, it doesn't matter in the slightest if it is true, or how it was a arrived at. All it matters is they have a really big number to cite that they can say is "scientific" or "proof that we need to take action."

Re:Of course it's made up

I get suspicious when the number reaches a significant fraction of our discretionary spending on national security/military. I think that's about $750,000,000,000 for 2012.

$1 Trillion USD is just beyond absurd. That's the same as stealing about 88% of all income tax collected from every person and company in the entire US for an entire year.

Re:Of course it's made up

[TuomasK]

Exactly! Lets think it in seconds: 1 million seconds was 12 days ago. 1 billion seconds ago it was the 1980's. 1 trillion seconds ago neanderthal's walked on earth.

Re:Of course it's made up

[aaarrrgggh]

If the losses are really only in the millions, how is there a market for zero-day exploits of ~$50k each? To engage in your average criminal activity, you need at least a 10:1 payout for something low-risk logically. If the packaged exploit is half the cost of executing the scam, your average zero-day should gross $1MM. Isn't it easier to skim $100k from a brokerage account than mine bit coins?

Of course, your average criminal isn't too good at math, but it hardly seems that difficult to cast a big enough net that would be useful. $1T isn't logical, but a couple $B isn't that hard to imagine across 100 effective scams. ...or are the banks really smart enough to catch on before it spirals out of control.

Re:Of course it's made up

[PopeRatzo]

Obviously, the $1 trillion figure is made up. The real figure is more likely in the tens of millions, maybe a little higher, but probably even less than that.

Wait a minute now. The derivatives market by itself, is close to $800Trillion. That's "trillion" with a "T" and represents a sum that equals many times more than the GDP of the entire world.

The manipulation of Libor and stealing by simply timing the rate changes could easily have represented $1Trillion in crime.

Add to that the investment banks using their position to do high-frequency trading, in effect "peeking" at their customer transactions to jump in front (yes, that's a crime) and all the rest of the straight up fraud and theft that is being perpetrated by the big banks thanks to their proximity to the Federal Reserve and we've left $1Trillion in cybercrime about five miles back.

You make the mistake of thinking that "cybercrime" can only be Balkan hackers or credit card scammers - small time fraudsters. The real cybercrime is being perpetrated by our financial elite on a scale that makes them absolutely untouchable - out of the reach of any government. Hell, the medicare fraud by the company owned by the governor of Florida, Rick Scott, caused them to pay a fine of a billion dollars, which means the amount they stole using their computer medicare billing system is well over that amount. That's certainly cyber-crime.

Then look at the $27trillion being held illegally off-shore by American citizens to evade taxes (also a crime and also made possible thanks to computers) and the figure of what could be called "cybercrime" adds up to more than the total GDP of the United States and Japan combined. To give you an idea of the impunity with which this illegal (as in crime) activity is engaged, one of the people who almost certainly took advantage of the 2009 amnesty by which these tax cheats could repatriate their money to the US without facing criminal prosecution is now running for president.

Re:Of course it's made up

[johnnyb]

The real way to compute cybercrime numbers:

1) number of copies of Norton sold * price
2) number of copies of McAfee sold * price
3) number of copies of Windows sold * price
4) number of copies of MS Office sold * price

Adding up 1-4 will give a good estimate of cybercrime. We should probably add in an additional $10 million to also cover phishing scams.

Re:Of course it's made up

[Hatta]

If you work with very large and very small numbers on a regular basis, you can indeed hold a number that large in your head. Exponents are not that abstract.

Re:Of course it's made up

You are quite wrong. The discrete quantities the human brain can quickly recognize are much smaller than that.

Think of people in a room; you enter a room and you see 3 people. You don't have to think for a second, you know it's 3 people, instantly. The same with 4. Perhaps 5. After 6 people, you might not realize, but, as you count them, you'll probably be counting in groups of 3 or 4. Everything above 6 or 7 you only estimate (e.g.: "there were *about* 15 people in that room"), unless you actually take time to count them.

That doesn't mean numbers like $1 trillion are useless, though, and represent only an arbitrary "massive quantity". Any person who pays attention, when hearing a number like that, will spontaneously make comparisons. The first numbers that came into my head, for instance, were the $700 billion bailout and U.K.'s GDP. $1 trillion is almost half of U.K.'s GDP, so I instantly doubted the number.

Without drawing comparisons the number is quite useless, it's true. That's why I prefer when they use ratios in the headlines.

Re:Of course it's made up

Million Seconds: 11.0000 Days
Billion Seconds: 31.6879 Years
Trillion Seconds: 3168.8088 Centuries

I love how simple this is in C

Re:Of course it's made up

[Stirling+Newberry]

Stock flow error.

Re:Of course it's made up

[similar_name]

The derivatives market is $1200 trillion dollars or..

1.2 quadrillion seconds: 38,026 Millenia

BTW Google says 1 trillion seconds is 316.888 Centuries

Re:Of course it's made up

Maybe, but most people can visualize a couple tons of sand much easier than a trillion grains of sand. Most people can't grasp what a trillion inches or a trillion seconds mean just by picturing it. More likely if you do grasp very large numbers you are just more accustomed and quicker at converting a trillion inches into miles or a trillion seconds into centuries.

Of course abstractly one can visualize two cubes; one 1 inch on all sides and another 10 inches on all sides. This gives a nice volume ratio of 1000:1. You can keep sliding those cubes so that one set represents how much more 1 trillion is to a billion and 1 billion to 1 million and 1 million to 1000 and 1000 to 1 but that's not the same as grasping 1 trillion the way we grasp say the number 8.

Re:Of course it's made up

[PopeRatzo]

If you just take the cases of cybercrime that the biggest banks have already settled with the Justice Department, you get way over $1trillion.

It's silly to think that the $1 trillion figure is "made up". Just look at the deal that's being cut in regard to the massive amount of mortgage fraud. The amounts there are what, 700, 800 million dollars?

Of course, the lawyers tell their clients, when settling for pennies on the dollar, to "admit no wrongdoing" but to pay up anyway because they committed the crimes.

Re:Of course it's made up

[PopeRatzo]

The amounts there are what, 700, 800 million dollars?

I'm sorry, that should be "billion" with a "b".

These numbers get so big that I can barely keep them straight.

I can't even remember what comes after "trillion". Is it "quadrillion"? Well the derivatives market, that shadow market that is tied to absolutely nothing real - not equities, not bonds, stocks, nothing but money in the hands of a tiny number of people, nothing that adds a goddamn thing to society, and we're bumping right up against that quadrillion figure now. Meanwhile, we talk about how greedy those teachers are for wanting the pension they were promised.

Re:Of course it's made up

It's silly to think that the $1 trillion figure is "made up". Just look at the deal that's being cut in regard to the massive amount of mortgage fraud. The amounts there are what, 700, 800 million dollars?

You do realize there are 3 orders of magnitude between $1 trillion and $700, 800 million right? So do you think cybercrime was over 1000 times greater than mortgage fraud?

Re:Of course it's made up

[PopeRatzo]

You do realize there are 3 orders of magnitude between $1 trillion and $700, 800 million right?

Sorry, as you can see in my correction (right below my post), I meant to say, "$700, 800 billion".

Number so big make me a little dizzy. Please excuse me.

Re:Of course it's made up

The derivatives market [washingtonsblog.com] is $1200 trillion dollars or..

How in the world did so much "wealth" get "created"?

Debt? Bonds? Futures? The perpetual wealth generator called fractional reserve banking?

Re:Of course it's made up

No, the Trillion figure derived from:

1) number of copies of Norton sold
2) number of copies of McAfee sold

(1+2) * No. of extra Man Hours needed Per system as a result of slower system * Wage per Hour.

I consider a Trillion to be a good estimate of lost productivity over this 2 decades.

one in a thousand

[RichMan]

Throw that one guy out as a strange "outlier" and the number is zero. That is more believeable.

Lies, damn lies and statistics. Grarbage in garbage out.

If it was only one person out of a full one thousand sample then the sample size is way to small to be statistically significant. Whoever did the statistical analysis should be fired. With that low a report rate you don't know it is 1/1e6 or 1/1e9 and you just got unlucky in the sample.

Re:one in a thousand

[SJester]

Whoever did the statistical analysis should be fired.

Why should they be fired? Their job is public relations, not honesty.

Re:one in a thousand

Indeed, they should be gelded instead.

Re:one in a thousand

[haruchai]

There's no reason for those 2 things to be exclusionary

Re:one in a thousand

[PhamNguyen]

Half correct. There are really two issues. First, do you believe that a single company could really suffer $50,000 of losses from cybercrime? If no, then certainly remove that data as an outlier. if maybe, go with the "yes" case below but qualify your result with a comment about reporting error. If yes, then you can't just remove the data because then you will underestimate the true cost. However, since we only have one observation of $50,000 losses (and assume all the other losses are much smaller) and the rest are much smaller, then the distribution is non-gaussian and we need to use the bootstrap to get standard errors. This will give a correct (but huge) confidence interval.

Re:one in a thousand

I have data on three trees that show a definite trend of global temper......oh wait......

Re:one in a thousand

[ceoyoyo]

Clearly nobody actually did a statistical analysis.

In fact, an outlier that large, in two different samples, suggests foul play. Perhaps the number was far too small so they had to slip in a ringer.

Re:one in a thousand

[martin-boundary]

Why should they be fired? Their job is public relations, not honesty.

You're part of the problem. Lies and fraud should not be tolerated, regardless of whether it's someone's "job". It's wrong, and causes damage to society by misleading people and ultimately tricking them into parting with their money.

1 Trillion is over 6% of GDP

[udachny]

It is not only cyber-crime estimates that are coming from one or two self-reported unverified people. All the economy related numbers are made up, reverse engineered, adjusted to fit the narrative of the political power.

1 Trillion USD losses to cyber-crime? So taking the 15 Trillion GDP figure at face value (which you must not make mistake of doing), it means that over 6% of the GDP is lost due to all this 'cyber-crime'. 6%. The entire USA agriculture sector is 4% of the reported GDP.

Re:1 Trillion is over 6% of GDP

Or the top 15,000 families.

the same type of math the RIAA and MPAA use...

[logicassasin]

The RIAA and MPAA both use similar voodoo-comic book math techniques to justify their "losses" to cybercrime (illegal downloads).

Re:the same type of math the RIAA and MPAA use...

[haruchai]

A speaker at TED demonstrated this was due to rampant ringtone piracy.

Stop the presses

Security software vendors exaggerate business' losses due to cybercrime! Who would've thought....?

We trust Microsoft now?

It's in Microsoft's interest to underestimate the losses from cybercrime, just as it's in McAfee's and Symantec's interest to overestimate it.

Re:We trust Microsoft now?

[wild_quinine]

When you're calling in Microsoft to help expose the FUD, you are dealing with some military grade bullshit.

Re:We trust Microsoft now?

Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks. So Microsoft will attempt to minimize the reported cybercrime numbers because it reflects poorly on them.

I'm not saying Microsoft is wrong in their analysis here, in fact I think they are correct, but you cannot say that Microsoft is "helping" anybody but themselves by exposing the FUD. I highly doubt that they would help expose any FUD about Linux, because Microsoft themselves (especially Balmer) have produced plenty of FUD directed mostly at Linux, but also against Mac.

Both sides here have impure motives.

Re:We trust Microsoft now?

[wild_quinine]

Well, in this case, it is basically Microsoft defending itself against the FUD from Norton, because the only reason you should need Norton is if Microsoft Windows sucks.

Which is ironic, because Norton sucks like a black hole with daddy issues.

Re:We trust Microsoft now?

[Bob+the+Super+Hamste]

Norton sucks like a black hole with daddy issues

Of all the days to not have mod points.

Symatec source citations

[sl4shd0rk]

"Up to $1 Trillion in losses[1] and "$388 million in IP losses[2]"

[1] - someguysblog.com
[2] - foxnews.com

While we're mythbusting

3D printing will not replace manufacturing

3D printing is not Star Trek level technology

Manned space "exploration" is a joke

We will never colonize the stars, the galaxy or even the Moon

OK nerds?? Grow up.

Re:While we're mythbusting

...and you will still die of old age, QA.

Re:While we're mythbusting

But we already extended our lifespan with early 20th century technology. But that's going to stop. Instead, imaginary and delusional fever dreams will happen. Right. And, to top it all off, you don't want to live long enough to see who's right. Interesting, almost like a religion.

Re:While we're mythbusting

Does anyone else remember when the trolls here put effort into their attempts?

Re:While we're mythbusting

[Gaygirlie]

This is Slashdot: there's no way of telling a troll from the average, gleefully ignorant, self-centered Slashdotter. When in doubt just ignore the whole thing, you likely have better things to do.

You better watch out

[jeffmeden]

Your summary of " $388 million in IP losses for American companies" was actually $388 Billion, and it was in total cybercrime losses in the USA (including time lost due to outages/delays)

"Symantec [placed] cybercrime’s [US] total cost, factoring in time lost, at $388 billion".

You keep making errors like that and ProPublica is going to come after YOU next.

Re:billions - millions

[nedlohs]

Wow, you aren't very smart are you?

Department of Conjecture

[Penurious+Penguin]

Gee, why don't we just outsource calculations like these directly to Wall Street, or Phillip Morris, or R.J Reynolds?

That's why we need confidence intervals

[PhamNguyen]

Something like, $1 trillion with a 90% confidence interval of [$1000, $2 trillion] would have been completely honest :-) (this is the kind of confidence interval you would get using the bootstrap method on the kind of data they describe, i.e. data with one huge outlier).

The Costs May Be Justified If You Consider........

[guitardood]

If they are including spyware/virus in their "cybercrime" definition, the numbers make sense.

Consider this:

I've got a customer who had two of their machines taken out by viruses. At a billable rate of $180/hour, it took approximately 10-12 hours to try the cleaning solutions (which of course did not work) and then reformat and reinstall Windows and the five-million updates to updates to updates. So that's just two occurrences in one week costing the client $4,000.00 for actions due in large part to whoever it was that sent the virus to them in the first place (bogus PDF attachment). This was just for this week. Annually they probably have 3-4 incidents like this per month at a company of just over 50 people. You could point the finger at the bonehead who opened the attachment or the non-functioning antivirus software, but the root cause was the sending of the virus in the first place. Doing the math, that's $2000*4*12 or $96,000.00 not including the costs of the antivirus software and other preventative measures which need to be taken.

Just the annual cost for this one company alone could justify extrapolating the seemingly over-inflated costs of cybercrime.

We see the actual money thefts

[skidisk]

I work for a company that analyzes transactions and detects account takeovers and thefts at banks. Banks call us when they suffer a loss or series of losses. When they call us these losses are typically over $300,000 and the largest attack we've seen is for about $1.5M. We do NOT deal with the biggest banks, mostly regional and local banks. In case you didn't know, there are about 15,000 banks and credit unions in the U.S., so there are a lot of targets for criminals. Not all these banks have assets worth stealing, and not all of them are even on line. By our estimate, roughly 6,000-8,000 of these banks are sufficiently interesting and available to be targets of criminals.

So can I give you a real number? No, because we don't deal with the biggest banks and we also don't talk to all 15,000 banks. But I can tell you that having worked with several hundred banks, these so-called cybercriminals are stealing a lot of money. Yes, true, the banks that call us self-select, so I am NOT saying that every bank is losing $1M/year. But we do see hundreds of banks with losses that seem to indicate that the criminals are stealing tens of millions, and possibly hundreds of millions of dollars. FWIW.

P.S. They are also successfully stealing a lot of money from brokerage houses, so that gets added to their haul, also.

Re:We see the actual money thefts

[gl4ss]

you know, even one billion dollars is pretty far from one trillion dollars.
by the way this cybercrime doesn't include apparently wire fraud, which certainly existed before "cyber" as well.

this one trillion dollars isn't mainly even based on real dollars the companies held in their hands, but on IMAGINARY POTENTIAL PROPERTY value. they estimate that their new widget is worth 23 millions and that they lost that due to breach and that would have been included in the study, never mind that there weren't enough cash floating around for them to actually make those profits.

"The companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone, and spent approximately $600 million repairing damage from data breaches," the release said. "Based on these numbers, McAfee projects that companies worldwide lost more than $1 trillion last year." The release contained a quote from McAfee’s then-president and chief executive David DeWalt, in which he repeated the $1 trillion estimate. The headline of the news release was "Businesses Lose More than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime."

$4000 for two machines???

[logicassasin]

... sheesh, they could have found a guy on Craigslist that would have immediately jumped to the "gotta reinstall windows" solution for $40 a pop.

"Just the annual cost for this one company alone could justify extrapolating the seemingly over-inflated costs of cybercrime."

No, your overinflated $180/hr billing rate is as much to blame for this one as does milking the client for money. Seriously, as someone that does AV cleanup as part of my security duties for a large global company I gotta call bullshit on your 10-12 hrs. You were looking at 2 hrs tops to try a number of different solutions before throwing in the towel.

Re:$4000 for two machines???

[guitardood]

First, my hourly rate is cheap when compared with the rest of the industry averaging $250/hour. But never mind that, how exactly do you expect to run virus scans (60-120 minutes), apply supposed fixes (60 minutes), re-run scans to see if fixes worked (60-120), backup user data and email (30-60 minutes), reformat and reinstall windows (60-120 minutes depending on the speed of the machine), download updates (60-120 minutes), install SP3 (60 minutes), download more updates (60-120 minutes), reinstall antivirus software (30-45 minutes), MS Office (30 minutes), office updates (30-90 minutes), reinstall other applications and printer connections (60-120 minutes), restore user data (60-120 minutes). That's 10 items, most of which all take over an hour. You have to also remember that in a typical office, most people are still running XP on P4 or CoreDuo machines with 1g memory and the slowest hard drives money could buy. Granted they could just buy a new machine. Than have me remove the bloatware, reinstall their applications and reconfigure to work in their custom networking environment.

Now that I've given a sane answer, here's the smart ass answer: I understand why you are called the logic assassin, you are completely devoid of any. Moron!

Re:$4000 for two machines???

[kcitren]

You've supported this company for years and still haven't made a standard system image? I guess if they don't know any better it's a nice way to milk your customers. Good job, you make us all look great. And what company over 5 people buys machines with bloatware? They going into Bestbuy?

Re:$4000 for two machines???

[guitardood]

Up until last year, they had their own inside IT person who was from the mainframe world and was a bit out of her element. They have 50 people and 49 different workstations. Not my choice. Not my sale. They have been buying onesy/twosy machines since slooooooowly transitioning from Wyse serial terminals into the PC world.

Most of the people who commented on this portion of the main post should really sit down and watch Glengarry, Glenn Ross: "Never open your mouth when you don't know the shot". Jesus Christ!!!!!!!!!!!!!!!!!!!

Pffft 1 Trillion? That's nothing!

[DarthVain]

RIAA have this science down pat. I mean they sued Limewire for 51$ Trillion dollars! (insert pinky)

All these companies come up with BS numbers to push their own agenda. Oh and you can bet every study done by the MPAA and RIAA, were all done by "independent" sources... I mean I recall a number used for piracy being used in Canadian lobby, that was so self refreential it was neigh impossible to figure out where it came from. When they finally did, it was an unsourced, no details presentation, done by RIAA themselves, pass on from them to others, to studies, etc...

Just like the Academy of Tobacco Studies, the Moderation Council, and SAFTY were all unassoicated with their terrible industry overlords...

Re:Pffft 1 Trillion? That's nothing!

[lavagolemking]

The "Academy of Tobacco Studies" is a made-up industry trade group in the satirical film Thank You for Smoking. You're probably thinking of the Tobacco Institute.

Re:Pffft 1 Trillion? That's nothing!

"neigh impossible"
horse shit

Re:The Costs May Be Justified If You Consider.....

Tell this company I will guarantee virus free computers for 40k a year. Any virus they get I will remove and fix the machine, guaranteed! They save $56k a year and I get a nice part time job.

You should be fired!

[trevc]

50 people and they have 3-4 incidents a month? Sounds like they need to fire you and hire a real IT person - somebody that knows what they are doing and charges a decent rate.

Re:You should be fired!

[guitardood]

Why should the fire me?

Rather than be a smart aleck, what would you do if: you warned the customer's about the specific viruses they're getting hit with, your warned them of the insufficiency of their current antivirus, you repeatedly told them that we have to upgrade from Outlook Express to a real email program, you warn that they need a much more reliable and secure email server with modern filtering capabilities, and they refuse to acquiesce to any of those recommendations?

Would you take it upon yourself, an outside consultant, to purchase licenses for them, and then go to each workstation and perform the necessary upgrades/changes without management approval on your time and your dime? I highly doubt it.

The one thing I've learned in this business is that people with unlimited funds will do the above without question. The other 90% of businesses operate on shoe-string budgets and will gladly pay the fireman fee if and when a problem arises but don't want the business upset of having to overhaul anything or the "unnecessary" costs.

Re:You should be fired!

Please stop giving him reason to flail his epeen around, it's very small. Don't you know it's very hard to clean viruses off of PCs? It takes years of expertise to use boxed software, one can't figure it out in 2 minutes like my Grandma did..Un Possible! Besides, he told you it's hard so it has to be true.. you are reading it on the Internet!

Re:The Costs May Be Justified If You Consider.....

You could point the finger at the bonehead who opened the attachment or the non-functioning antivirus software, but the root cause was the sending of the virus in the first place.

If you remove the person who sent the virus someone else will send a virus and the problem remains. If you remove the retard who opened the attachment the problem is solved.

your explanation was enough...

[logicassasin]

... enough to show me just how bad you are at your job. Your industry average of $250/hr is complete bs; a number pulled out of your ass to justify raping this company due to their own ignorance. I understand, it's your cash cow and you will do anything to protect your interests, but right now you look like a used car salesman from the 80's; lying to the customer just to make a buck.

Re:your explanation was enough...

[guitardood]

I've been in this business for 30 years. How long have you been operating your own consulting firm? How many competitors do you have to be price competitive with?

Grow up and join the real world.

The only place you can get consultants for less than $150 per hour are from India and that is for remote support only.

Re:your explanation was enough...

[guitardood]

............or Craigslist.....LOL.

Re:The Costs May Be Justified If You Consider.....

[guitardood]

I'll put that in my morning memo: "Please Note: An anonymous coward on the internet will be glad to replace my 20 years of working with your company and 30 years of experience with setups exactly as yours with his own home spun bargain basement virus repair. I'll gladly repair them when he is finished".

Re:The Costs May Be Justified If You Consider.....

[guitardood]

Agreed! Unfortunately not my call.

raping a company for 20 years is still rape

[logicassasin]

... no matter what you say, or how you try to justify it, you're still giving it to them with no Vaseline or even so much as a reach around or peck on the cheek. The only reason you're still in business is because you found a sucker of a company and are milking them to make your BMW payments.

One can get an H1B Indian consultant to stand up an SAP BobJ instance on SUSE 10 for around $160/hr right now and he/she will sit in your office to do the job, you can get them for that much to do a wide range of things from writing your in-house applications to supporting and securing your networks. Companies like Robert Half, Modis, or Experis don't even bill remotely that much for a windows guy to come onsite for basic PC tech work (which is precisely what you're doing), I'll say $50-$60/hr where the consultant doing the work MIGHT get $20/hr of that.

Nope, you're pretty much a sheister that makes honest consultants look bad.

Re:raping a company for 20 years is still rape

[guitardood]

Sorry! No more food here Mr. Troll!

Re:raping a company for 20 years is still rape

[stephanruby]

I do agree, that his rate seems to be a bit inflated, especially if he has an ongoing relationship with his client.

But "Robert Half"? What is that? Some kind of Temp agency? Do their Temps come with their own CD/DVDs? USB backup drives? Will they come with their own rescue/toolkit USB sticks? Or will the Temp have to Google his way out of your predicament? And will the Temp have to rely on you for finding your installation CDs/DVDs?

And every time you call this Robert Half agency, will the same exact person show up? After all, you'll be handing out some of your passwords to that person and if you're like most business people, you'll probably be leaving them unattended and unsupervised for at least a few hours.

Despite the markup, wouldn't it be just safer to hire someone you've previously hired in the past? Or hire someone who comes highly recommended from your business friends?

Re:raping a company for 20 years is still rape

From 2011/Oct Cornell Website:

Microsoft Premiere Standard Support Agreement
Departments can set up their own local support agreements with Microsoft at a discounted subscription rate under New York State's Premiere Support Agreement. Any college or unit with a need for a customized Microsoft support agreement may leverage the NYS agreement and establish an independent Premiere Support Agreement. The current hourly rate for Premiere Support is $195 per hour, and Microsoft will require the purchase of designated blocks of hours.

Premiere support is designed to be used for business-critical, time-sensitive technical issues.

Common examples of block designations are:

120 hours: (estimated $57,000 per year):
120 hours: support assistance with a Technical Account Manager
40 hours: problem resolution
maximum of $2100 per incident for onsite support visits.
40 hours: (estimated $23,000 per year):
40 hours: support assistance with a Technical Account Manager
25 hours: problem resolution
Maximum of $2100 per incident for onsite support visits.

Just sayin......

FOSS could have been the solution

[logicassasin]

A lot of what you have described could be mitigated with open-source software. A good consultant would have made those recommendations.

Ironic

[PingXao]

Microsoft is calling others out on inflated numbers? Talk about the pot calling the kettle black. In 2009 people viewed BSA's $53 Billion Lost to Piracy claim with a healthy dose of skepticism. So which companies are in BSA? Oh look! Microsoft, Symantec and McAffee (among others).

Maybe McAfee, which TFA credits with the Trillion Dollar figure, is just applying what they've learned from their dealings with Microsoft and BSA.

Debunking of this is months old

[Stirling+Newberry]

http://www.nytimes.com/2012/04/15/opinion/sunday/the-cybercrime-wave-that-wasnt.html April 15th of this year.

Painful truths are still painful

[logicassasin]

Calling me a troll does nothing to change the fact that you're robbing this poor company blind.

I remember that woman, formerly with World Bank .

[sgt_doom]

. . .a UK citizen, last I heard she was with the state gov't of Colorado, who pulled a hundreds of billions of dollars figure out of her butt while she was at some talk in Saudi Arabia --- pure BS as she was and probably still isn't -- at her age -- any type of computer science industry expert, etc. Frequently repeated, with no validation nor verification whatsoever --- typical of the Amerikan non-media.

FUD From FUD

McAfee and Symantec Norton are the source of maleware and virus programs!

They must be in order to benefit. Its their Business Model!

LOL