Last week Intel opened its sizable checkbook and offered to buy McAfee for $7.68 billion. And the world replied, WTF?
Seven billion, six-hundred-and-eighty million dollars is a big steaming pile of cash, no matter who you are. That’s Caribbean-island-with-gold-plated-faucets kind of money. Buying AMD would have been cheaper (though illegal). It’s as much capital as Microchip and NXP put together. It’s more cash than Xilinx or Altera is worth. It’s less money than NASA spent to go to the moon—seven times. You can buy Central American governments for that kind of money.
It’s also the largest acquisition, by far, that Intel has attempted in its 42-year history. By my reckoning, Intel has acquired more than 60 different companies over the years, but rarely paying more than a few hundred million. Last year’s acquisition of Wind River was a big one, at $884 million, but that’s still an order of magnitude cheaper than McAfee. This one purchase alone will cost almost half as much as all the others put together.
So you’d think that this, the biggest deal in Intel’s history, would be an obvious move forward. Instead, software vendors, chip makers, and financial analysts are all scratching their heads wondering what Intel is thinking. Why buy an antivirus software company? What are those guys up to?
We may never know the full answer, but after talking with Intel executives I’ve got some ideas.
For starters, Intel wants to get into the embedded market in a big way. That’s no secret, but the McAfee acquisition shows just how serious the company really is about this. Intel dominates the PC market, of course, but they’re only a middling player in embedded systems. There are good reasons for that: Intel’s chips are too expensive, too inefficient, and too power-hungry for a lot of embedded designers. The features that make Pentium, Xeon, Core, and Atom good for PCs make them poor choices for everything else, so Intel is burdened with a hardware handicap.
Second, Intel believes (rightly) that the most interesting embedded systems will be networked and communicative. “Embedded” used to be defined as a computer system that had all its software permanently installed. There was no third-party software for embedded systems, almost by definition. That meant viruses and malware weren’t a concern, because the device maker created and debugged all the software the system would ever have. You might occasionally have bugs, but you never had viruses or Trojan horses. But that’s not true anymore.
Nowadays automotive GPS systems, satellite radios, in-car entertainment, and all sorts of high-volume embedded systems have an unsecured channel to the outside world. Ford’s Sync systems are programmed using Wi-Fi right on the factory floor, and Ford intends to sell “apps” to customers the way Apple does with iTunes. An always-on Wi-Fi connection has a lot of benefits, but it’s also an attractive conduit for hackers. Bluetooth is just as bad; Lexus already dealt with a Bluetooth-borne virus a few years ago.
Finally, we’ve all trained ourselves to run antivirus, firewall, and filtering software on our personal computers, and we whine and complain about how slow they are. Some folks joke that antivirus software itself is malware because it slows down the computer so much. And it just gets slower and more complicated over time as the database of known threats grows and evolves.
Moving Beyond Megahertz
To deal with all three concerns at once, Intel is setting itself up as the “secure processor” company. With McAfee’s help, Intel can design new processors that have antivirus features built in. If it works—and that’s a significant if—it’ll set Intel apart from other CPU makers. Now, instead of just comparing speeds and feeds, you’ll need to factor in security. With Intel’s blue-ribbon reputation as the world’s biggest chipmaker and McAfee’s standing as the second-largest security-software company, it’ll be hard to argue that anyone else could do better. Whether the actual technical benefits materialize or not, it will sure look good on the brochure.
So what kind of hardware hooks could Intel really provide? Is there any actual benefit to the silicon, or is this just marketing hand-waving? I think Intel could actually design some substantial security features into its devices with McAfee’s help. McAfee employs a lot of smart people who’ve developed some real expertise in finding and neutralizing all sorts of software threats. (Remember that “security” means more than just antivirus.) A lot of this detection depends on pattern-matching: looking for code segments or data structures that match known viruses, threats, or exploits. Pattern-matching is pretty tedious work for a microprocessor, and it’s one reason antivirus programs run so slowly. Adding hardware acceleration for this pattern-matching could speed this task up very nicely. Naturally, Intel and McAfee would coordinate their efforts so that the chip complements the software, and vice verse.
Over time, the two companies could develop a whole wish list of features that would make security more effective and less onerous. Done right, it could be a shining example of hardware/software codesign. Some features would be implemented in hardware, some in software, and some with a mixture of the two.
What are the downsides? Apart from the eye-watering price, not too much. It certainly won’t hurt Intel’s chips any, and the added features are a way to use transistors to add value. If you’re a McAfee user, nothing much changes. Intel and McAfee have both promised to continue supporting today’s retail and enterprise customers, even if they’re not using Intel-based systems. It would be foolish for Intel to do otherwise. If you’re a Symantec Norton Antivirus user, nothing much changes there, either. I’m sure the marketing people at Symantec will be crafting all sorts of stories about why this is good news for them, but really, the acquisition of McAfee doesn’t change the antivirus landscape much at all.
If you’re Freescale, Cavium, Broadcomm or any other chipmaker competing in the network- or mobile-processor market, things get a bit trickier. With no equivalent security story, you’re on the back foot when customers ask about your safety measures. Your products may be superior to Intel’s, but they won’t have the built-in halo of McAfee’s security protection.
In the end, Intel’s acquisition of McAfee is meant to be a game-changer: to shift the argument away from price, package, and performance and toward less-tangible benefits like security and hackerproof-ness. We’ll likely see the first fruits of this tie-up in about a year, with bigger changes coming a year or two after that. By that time, Intel will have had time to design an entirely new processor with McAfee’s input. Then we’ll know whether the big price tag was worth it.