Today’s online-advertisement world is filled with the Madoff-esque, the questionable, and the distinctly not-safe-for-work. Some hope shines through though: DoubleVerify, a start-up that offers a policing service for naughty ads, has raised $33 million in its third funding round. READ MORE
Personal financial service website Yodlee announced that is has crossed the 30 million users milestone. The company, founded in 1999, offers a suite of financial solutions that power many large financial institutions and portals, including Bank of America, Fidelity, and American Express. READ MORE
Over the last few years, Web 2.0 has evolved to become not only a design paradigm, but also a development methodology that has become synonymous with innovation. Web 2.0 companies are able to innovate rapidly for four simple reasons: Low cost of innovation. You don’t need a bucketful of cash to prototype a Web 2.0 product or launch a Web 2.0 company. Costs of computing and storage have fallen dramatically, and services like cloud computing virtually eliminate the need for heavy IT infrastructure, reducing fixed costs. Case in point: Y-Combinator, a seed fund that invests an average of just $15,000 per venture, has helped many young companies get their start. Y-Combinator success stories include Reddit (acquired by Conde Nast) and Zenter (acquired by Google). Rapid bite-sized improvements instead of massive launches. The software that powers the Web services can be updated constantly, because it’s delivered over the Web. As a result, Web 2.0 companies often upgrade their services every day or every week, launching new features and fixing bugs. Ease of “measuring” user interactions with the service. Web services have the advantage that user interaction with the site or the service can be measured in a very precise manner. It’s easy to record the time spent by an average user on the site, the number of page views they saw, the trail of clicks and pages that helped them complete their task, and a lot of other such data. Because everything can be measured, Web companies have developed a philosophy of testing and measuring a lot more and guessing a lot less. Before any feature is launched to the entire audience of a site, it’s often tested on a small portion of the user base. An open innovation model. Web 2.0 companies have realized that some of their most innovative ideas might not come from within the company. Using Web-service application programming interfaces (APIs), they have exposed some of their most precious data to outside developers who can build innovative applications. Real-time search, one of the most used applications on Twitter, was developed by a company called Summize, using Twitter’s API. Twitter later acquired Summize. Taken together, all these methods are geared towards a new model of innovation — one that emphasizes rapid experimentation and serendipitous discovery. Since every idea is cheap and quick to try out with real users, and the results are easily measurable, Web 2.0 companies get to road test several ideas without spending excessive amounts of time trying to prioritize between them. Similarly, by allowing outside developers to use the company’s data to create applications without any restrictions, Web 2.0 companies are in effect launching hundreds of experiments simultaneously. This throws the traditional model of product development and innovation on its head. In the old days, companies performed exhaustive (and costly!) analysis to determine which one or two ideas would be most likely to succeed, and then invested accordingly. The Web 2.0 model makes it possible to experiment with a lot of ideas, without investing a lot of upfront cash or forcing assumptions about which idea will deliver the biggest upside. This new model is great for a world in which consumer preferences are difficult to predict and change rapidly. While your business might not have the same natural advantages as a Web 2.0 company, with a little bit of redesign of your processes, you could use elements of the same philosophy to fast-track your innovation. Here are some tips to get you started: Lower your cost of new product development. Be on the lookout for opportunities to reduce your costs of new product development. Using technology for knowledge management and outsourcing to low cost countries are among some of the ideas that innovative companies use. For example, in the electronics industry, Original Design Manufacturers (ODM) companies based in low cost countries like China have emerged as choice partners for prototyping and launching new designs. Create experiments that lead to continuous bite-sized improvements.If any aspect of your offering is a service, you can keep innovating by adding small features or by improving the workflow. In order to do that, you need to build a test-bed for trying out lots of experimental ideas. A few years ago, Stefan Thomke, a professor at Harvard Business School, published an insightful study detailing how Bank of America turned its branches into “Service Development Laboratories.” For instance, Thomke talks about an experiment designed to solve the problem that users perceived their wait times to be longer than the actual time. In order to remove the perception, the experiment involved testing user perception when televisions were installed over teller booths and comparing that with a standard branch without televisions. By measuring the improvement in customer satisfaction ratings with the television, the team was able to develop a case for wider rollout to some of the bigger branches of BofA. This is a great example of an experimental setup that leads to constant improvement in the quality of service. Measure everything and create feedback loops. You should aim to find opportunities for measuring user interaction with your product or service directly at the point of interaction, without relying on “marketing surveys.” Harrah’s is a great example of a company that invested in business intelligence solutions around its loyalty program, and made all of its marketing efforts highly data driven. Whenever a customer conducts a transaction using their Harrah’s card, the information is transmitted to a database, and used in a variety of ways to target the customer. The success of marketing campaigns is also measured using this data, and the campaigns are optimized accordingly. Soon after the program was launched a few years ago, its success made Harrah’s the most profitable company in its sector. Open up the innovation process to others and plug in with the ecosystem. In his book Wikinomics, Don Tapscott talks about how Goldcorp Inc., a struggling Toronto-based gold mine, opened up its sensitive geological data to the public to help the company get accurate estimates of the location of gold in its mines in Red Lake, Ontario. Within weeks, solutions poured in from all kinds of unexpected quarters, and identified more than 110 targets, half of them not previously identified by the company, with 80 percent of the new targets yielding substantial amounts of gold. In another example, Proctor & Gamble has developed a program called “Connect and Develop” with a goal of having 50 percent of its new products come from outside the company’s labs. The program also opens up access to P&G’s innovation assets. On the other hand, if you can’t find good ways of exposing your own data, you could instead think of using the data and APIs exposed by others — for example, Pure Digital, the manufacturers of the Flip Video Cameras, used YouTube’s APIs to make it easy to upload videos directly into YouTube, and in the process out-innovated the competition. It’s clear through all these examples that the new model of innovation is for everyone, and not just Web 2.0 companies. Find applications for these ideas in your business, and use them to change the world for the better. Vijay Chittoor is the director of product panagement at Kosmix, an exploration engine that offers a 360 degree view of any topic on the Web. A former McKinsey consultant, Vijay is a graduate of Harvard Business School and the Indian Institute of Technology, Bombay. He shares his thoughts on technology at his blog..
The Internet has changed a lot about how small businesses handle human resources back-office processes, starting with how employees get paid. Today, companies can use a payroll service bureau with a Web-based front end, or an online payroll provider. Or they can turn over their entire payroll department to a preferred provider organization to manage. Companies have been farming out payroll since the advent of the first computers back in the late 1940s, and payroll continues to be one of the most commonly outsourced business practices at companies of all sizes. Lisa Rowan, human resources (HR) technology analyst at at IDC, the Framingham, Mass. market researcher, estimates 53 percent of companies with 1,000 or fewer employees use an outside service. It’s not uncommon for companies with five employees — or even one — to use an outside payroll provider, according to Rowan and payroll service vendors. One reason: small businesses would rather reserve their time and resources for revenue-generating activities. “There’s a war for talent, a shrinking labor pool, rising costs for health care benefits, more regulations to deal with. At the end of the day, more demands are being put on them to do more with less. It’s a natural fit to outsource,” says Rich Watson, major account division vice president of marketing at ADP, the national payroll processor. Another bonus: outsourcers figure and pay payroll taxes, so business owners don’t have to. “There’s no upside to running perfect payroll, people expect it. But there’s a whole lot of downside if you don’t pay people or your taxes,” Watson says. Different levels of service Once business owners decide to ditch spreadsheets or Quickbooks, they have to decide what to use instead. According to industry analysts and other experts, their choice will depend on: How much, or little, they want to be involved in the process What they want to spend What, if any, other HR functions they want to outsource too, such as benefits, workers compensation, time and attendance and recruiting. After making those determinations, they can choose between the following: Payroll service bureaus At this most basic level of payroll outsourcing, companies send timecard data to a service bureau that calculates payroll and withholdings and either sends back paychecks — or deposits them directly into employees’ bank accounts — or sends payroll data to companies who cut their own checks. National service bureaus such as ADP, Ceridian, and Paychex account for 40 percent of the payroll industry, with the remainder made up by local vendors, according to analysts and industry experts. These days, many service bureaus use a Web-based interface, and provide online training and support. Service bureaus charge monthly fees based on the number of employees covered and how many other services a customer signs up for. Online payroll providers Think of online payroll providers as the do-it-yourself alternative to a payroll service bureau. Small businesses license Web-based software and pay a flat monthly rate of anywhere from $30 to $65, according to Rowan. Software-as-a-service (SaaS) payroll software is best suited to companies with at least several hundred employees because they need some level of HR and IT staff to provide services and tech support to go with the software, she says. The buzz over SaaS means lots of companies are offering online payroll, including startups such as PayCycle and SurePayroll, and Intuit, which just introduced its service. Banks, which once sold payroll services but got out of the business, are offering it again as a way to lock in local business customers. Bank of America and other top institutions offer online payroll and use online payroll vendors like PayCycle to run it for them, Rowan says. Preferred provider organizations Companies that don’t want the hassle of managing a payroll department can outsource the entire thing to a third party. Referred to as preferred provider organizations (PPO), these companies become co-employers of a business’ employees. In the arrangement, a PPO becomes the employees’ employer of record, handling payroll along with health benefits administration, workers’ comp, and payroll taxes, while the business continues to manage the employees’ daily activities. Some companies that provide total outsourcing include ADP, TriNet, and Gevity. By aggregating thousands of employees from dozens of clients, PPOs can offer prices for payroll services and other HR processes at rates significantly lower than an individual small business owner could find on their own, says Nov Omana, product manager at TriNet and an HR industry veteran. Covering so many employees also means companies like TriNet can afford to build a back-end HR platform that rivals those found at much larger companies, another advantage for small businesses, Omana says. TriNet’s customers aren’t just mom-and-pop shops but professional and financial services and technology companies, including “lots of venture-based startups,” he says.
I got a letter the other day from Time Warner, where I briefly worked some years ago. It was a sincere-enough-sounding note just to let me know that the guys in the data center may have inadvertently let my Social Security number and other private information fall into unknown hands. No need for me to take it personally—the company had done the same thing to some 600,000 present and past employees when it lost a boxful of backup tapes from a truck. Companies seem to be surrendering a lot of valuable data these days to hackers and other miscreants, at least when they’re not busy fending off the latest crippling virus or worm. What can you do about it? I’m not going to give you the standard lecture on the importance of protecting your computers. I bet you’re a little tired of hearing that sort of thing. Instead, I’m going tell you something different about computer security—something you won’t hear from vendors, IT whizzes, or even security professionals. You’re not going to like it, but you need to understand it. First, a little background: In 1992, a troubled, profoundly untalented young hacker known as Phantom D managed to tear through at least 1,000 computer systems over the course of a year, including those at military weapons research laboratories, leading computer vendors, and ATM networks. I know a thing or two about the case because journalist Charles C. Mann and I wrote a book about Phantom D in 1997. What we learned at the time from some of the world’s leading security experts was that breaking into even the most sensitive sites on the Internet was a cinch—so easy that anyone with time on his hands could do it. Our prediction: The situation wasn’t going to get better. Indeed, it would probably get worse—no matter how much effort people made to stem the tide. This is not the sort of thing that Web surfers and corporations want to hear, and the computer-security community all but conspires to oblige them. Think about it: If you’re a security consultant, a corporate IT honcho, or a law enforcement official paid to make computing safe, how quick are you going to be to shout from the rooftops that there’s no way to get the job done? For that matter, how willing are you to accept this fact yourself? Which brings me back to Time Warner. There’s no need to pick on the media giant; it’s been in great company in recent months, most recently CardSystems Solutions, where a hacker attack in June exposed 40 million credit cardholders to a risk of fraud. Bank of America, Wachovia, ChoicePoint, and LexisNexis also have been stung recently. People read these stories and shake their heads over the lax security at the target companies. It may even make you think about calling up your IT director and beefing up your own company’s computer security. But that reaction is part of the problem. The fact is, companies like Time Warner and Bank of America have been doing a pretty good job of meeting or exceeding industry standards for protecting their computer systems and data. And it’s not like IT bosses everywhere else are asleep at the wheel. Barry MacQuarrie, the CIO for Xpitax, a tax outsourcing firm in Braintree, Mass., notes that security consistently ranks as the top priority in surveys of accounting industry CIOs. “We have three levels of passwords, we filter all e-mail twice before it reaches our firewall, and we run antivirus on everything internally, MacQuarrie says. So do plenty of other firms. And yet the hackers keep getting inside, the viruses continue to rage, and data disappears. What’s the problem? The world’s faith in the holy trinity of computer security—firewalls, intrusion-detection systems, and antivirus software—is misplaced. Jim Settle, the former head of the FBI computer-crime squad and now a computer-security consultant in Haymarket, Va., offers this assessment: “They don’t work. Duh. Sure, they’ll keep out casual hackers who get discouraged easily or don’t have the latest tools, but that’s about it. Settle is often hired to test computer-security systems by trying to break in, usually just after a few million dollars’ worth of state-of-the-art security software has been installed. In nearly 50 efforts, he’s never failed to get inside, and only once was he even detected. Managers ask the question: Is our data safe? Any honest expert can give you the answer—without knowing a thing about your systems. No, your data is not safe. Managers ask the question: Is our data safe? In fact, there’s really no need to wonder about that. Any savvy, experienced, and honest security expert can give you the answer—without knowing a thing about your company’s systems. No, your data is not safe. And here’s that thing I promised you wouldn’t want to hear: There’s nothing you can do about it. Why? First of all, the very thing that makes the Internet so useful, exciting, and transformational—it connects everyone to everyone else, it’s anonymous, and it’s controlled by no one—is what makes it so easy for some jerk in Latvia to hook into your PC in Topeka. Completely protecting a network would require anticipating an essentially infinite number of techniques that might be used to break in; hackers, on the other hand, need to discover only one. What’s more, when security experts discover a new vulnerability, they usually try to keep it a secret, for obvious reasons, which hampers the development and distribution of fixes. Hackers, by contrast, not only share information freely, they also widely and immediately distribute tools that automate the hacking process so any of a vast army can join in on the fun. You could hardly design a more hospitable environment for hackers if you tried. That’s not to say you can’t lower your risks slightly. One cheap and easy technique is to encrypt everything on your network. It will slow performance, and it won’t keep hackers from stealing your data, but any lost data will be scrambled and worthless. Another technique is to enforce a draconian password policy—reject any password that’s a name or a word, even if spelled backwards; force password changes every 30 days; make it a serious offense to write down a password in the workplace. Of course, even if you did all this and more, someone in your company could still cough up a password in response to an e-mail from a skilled “phisher, or take work home on a disk and get hacked on his home computer, or simply lose a laptop computer full of sensitive data—like the laptop lost by a Virginia travel agency in May containing account information on 80,000 Justice Department employees. I think the smartest move is simply to accept the excellent chances of getting hit, no matter how safe anyone tells you your network is. That will get you thinking about what kind of data you collect, how long you keep it, and what you’ll say to employees and customers if it’s lost. If your computers contain any account information, documents, or e-mail that could, in the wrong hands, bring down your company, then you’re sitting on a time bomb. Unless, that is, you’re pretty sure you can do a much better job of protecting data than the U.S. government has in protecting the top-secret nuclear weapons information on its computers. Meanwhile, do me a favor, will you? If someone whispers to you that he wants to sell you something that fell off the back of a truck, let me know—it could be my Social Security number.
Note: This is the first in a series of technology updates by former Inc. senior writer Anne Stuart. Future columns will explore topics such as “spam,” videoconferencing, cell phone messaging, and smart business use of online auctions. Slammer. Klez. Bugbear. Bubbleboy. Lirva. Those sound like names for characters in kids’ cartoons, but they’re neither funny nor harmless. They’re computer viruses. And they’re increasingly common. Over the past decade, virus-writers worldwide have created and released about 80,000 viruses, worms, Trojan horses and other “malware” programs, according to Graham Cluley, senior technology consultant for antivirus software vendor Sophos Inc. (www.sophos.com) And about 600 to 800 new variations crop up every month, although, typically, only a few cause widespread or serious headaches. What exactly is a virus? It’s tiny, malicious software program designed purely to disrupt or damage computers. What exactly do viruses do? Some simply display odd messages or images. Many — including the famous Melissa virus — perpetuate themselves by sending infected messages to everyone in a user’s e-mail address book. Others gobble memory or storage space, making systems sluggish. Some corrupt files — for instance, changing spreadsheets or chewing up text documents — or erase them entirely. Some alter Web pages. Some reformat hard drives, block user access, or cause systems to freeze. A few disable security measures or open secret “holes” into computer networks, providing hackers with easy access. Like their biological counterparts, computer viruses can spread fast, attack systems silently, and cause a great deal of pain. In January 2003, the SQL Slammer worm circled the globe in less than an hour, infecting 75,000 computers in 10 minutes. Slammer, which paralyzed computers running Microsoft SQL Server 2000, temporarily shut down South Korea’s telephone system, knocked out thousands of Bank of America automatic-teller machines, and slowed credit-card transactions worldwide. How much financial damage can viruses cause? It’s tough to find reliable numbers about the costs of virus attacks because some effects — for instance, decreased productivity and unrealized business opportunity — are tough to quantify. In addition, many companies simply won’t share information about security-related losses. Following are several ways you can prevent or minimize the impact of virus attacks in your business: Install antivirus software on every computer. That includes laptops and PCs in remote offices. Encourage employees to use antivirus programs at home as well, especially if they use their own computers to connect to your network. In addition, consider protecting e-mail gateways with software that automatically blocks all incoming messages carrying executable code — but keep in mind that those filters may also capture legitimate business communications with harmless attachments as well. Keep antivirus programs current. With new viruses popping up regularly, it’s critical to make sure you’ve got the latest protection. Most leading solutions can be set to periodically update themselves online; you can also do the job manually to respond to new threats. Launch a company-wide prevention campaign. State-of-the-art security measures won’t protect your company unless everyone uses them. A single employee can unintentionally infect the entire network by opening a booby-trapped e-mail attachment or installing contaminated software. Make sure everybody knows and follows these basic virus-prevention procedures: Always delete junk e-mail messages — ads, jokes, chain letters — without opening them. More than 85 % of viruses infect businesses via e-mail, according to the International Computer Security Association’s (www.icsa.net) annual Virus Prevalence Survey released in March 2003. Never open e-mail attachments from strangers. And even those from people you know should be scanned with software that might spot viruses forwarded unintentionally. Be selective about downloading and installing software. Know the source and scan the files before running any new program. Get knowledgeable about pranks and hoaxes. Phony virus alerts waste almost as much time as the real thing. When you get a forwarded e-mail message breathlessly proclaiming some new threat, check it out at Vmyths (www.vmyths.com) or on other virus information sites before responding. Regularly update Microsoft products. Many viruses attempt to exploit vulnerabilities in Windows, Outlook, Internet Explorer, and other products by the giant software empire. Microsoft’s security page (www.microsoft.com/security/) provides alerts, “patches,” and advice for both home and business users. Back up. Back up. Back up. At work, store files on both PC and network hard drives. At home and on the road, copy important files to CDs or floppies. Begin backing up entire systems nightly or weekly, perhaps storing an extra copy of critical information offsite. Look into Web-based storage services such as Connected Corp. (www.connected.com), Easyspace’s Easyarchive (www.easyspace.com/services/easyarchive.html), and Elephant Backup (www.elephantbackup.com). The computer-virus universe changes constantly, with, according to some estimates, about 20 new viruses surfacing every day. You can’t vaccinate your computers against all of them. But with vigilance and commonsense caution, you can strengthen your company’s electronic immune system, making it much more likely to survive an attack. Glossary Antivirus Program: Software that detects and removes viruses from computer hard drives. Such programs must be updated regularly to add profiles for the thousands of new viruses that appear every year; updating can often be handled quickly online. Trojan (or Trojan Horse): A malicious program in disguise, named for the giant wooden gift horse the Greeks used to conquer their Trojan enemies. Trojans appear benign, entertaining, or even useful, but actually conceal viruses that can harm systems. Backdoor.BO (also called Back Orifice) is among the best-known examples. Virus: A malicious software program used to deliberately infect a computer system. Typically, viruses are concealed in existing programs and activated when those programs are executed. Viruses often cause damage by replicating themselves, causing systems to crash, or by attacking or attaching themselves to other programs. Stealth viruses remain hidden or change themselves after executing so that they can’t be detected. Well-known viruses include Melissa and Bubbleboy. Worm: A type of virus that replicates itself and gobbles up computer memory but cannot attach itself to other programs. Well-known worms include Klez.H, LoveLetter (sometimes called “IloveYou”), Bugbear, and Lovgate. Further Reading The following books, all available from Amazon (www.amazon.com) and other booksellers, offer generally easy-to-understand information about computer viruses: Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans, by Douglas Schweitzer (John Wiley & Sons, 2002). Offers sound, practical, comprehensive advice from a security expert. Updates provided on a companion Web site. Malicious Mobile Code: Virus Protection for Windows, by Roger A. Grimes (O’Reilly & Associates, 2001). Focuses on defensive strategies. Viruses Revealed, by David Harley, Robert Slade, and Urs E. Gattiker (McGraw-Hill/ Osborne Media, 2001). Explains what viruses are, how they work, where they come from, how to prevent them, and how to deal with them. Includes case studies. Also available as a downloadable, searchable e-book. Resources The following Web sites provide comprehensive information about viruses, worms, and similar threats: About.com Antivirus Software Guide antivirus.about.com/index.htm?terms=computer+virus News, glossary, encyclopedia of hoaxes, links to vendors and other resources. CERT Coordination Center, Carnegie Mellon University www.cert.org/ A wealth of information on all aspects of computer security at work and at home. CNET Virus Alert Center www.cnet.com/software/0-7760531-8-6319437-1.html News on current threats, advice on PC protection, links to free resources, and antivirus software vendors. Computer Security Institute www.gocsi.com Major membership organization for technology-security professionals; Web site contains articles, reports, and links to additional resources about viruses and other security issues. International Computer Security Association (ICSA) Labs www.icsa.net Independent arm of security vendor TruSecure Corp. (www.trusecure.com) offers “vendor-agnostic” testing and research. Web site contains constantly updated virus alerts, white papers, studies, an annual Virus Prevalence Survey, and more. National Institutes of Standards and TechnologyComputer Security Resource Center Virus Page csrc.nist.gov/virus/ Information, links to other resources and antivirus software vendors. Sophos Inc. www.sophos.com/safecomputing Safe-computing advice for both network administrators and individual users. Virus Bulletin www.virusbtn.com Independent antivirus advice, news, profiles, and resources. Vmyths http://www.vmyths.com Supersite for information on virus myths and hoaxes. Vendors Following is a sampling of major antivirus software vendors whose offerings include products, services, and information targeted to small and growing companies: Command Software Systems Inc. www.commandsoftware.com Founded 1984; now part of Authentium Inc. Offers antivirus software for home users, large companies, and small businesses. Web site’s Virus Center includes news, alerts, a glossary, research, e-mail newsletters, and other information. Computer Associates International Inc. www.ca.com Founded 1976. Offers antivirus software for businesses. Web site’s Virus Information Center contains alerts, encyclopedia, and an extensive glossary. McAfee Security www.mcafee.com/ Founded 1989. Offers antivirus and security solutions for home users, large companies, and small and growing businesses. Network Associates Inc., McAfee’s parent company, provides free virus alerts, updates, update on hoaxes, and other information. Panda Software Inc. www.pandasoftware.com Founded 1990. Offers antivirus software for home users, large companies, and small and growing businesses. Web site includes Virus Information Center with virus encyclopedia (including “Top 5″ current threats), hoax updates, tips, and other resources. Sophos Inc. www.sophos.com Founded 1986. Offers antivirus software for companies of all sizes. Web site includes a rich collection of analyses, articles, updates on hoaxes, and alerts, including monthly “Top 10″ virus list. Symantec Corp. www.symantec.com Founded 1982. Offers firewalls, antivirus software, and other security solutions for home users, large companies, and small and growing businesses. Web site provides free virus alerts, library of virus information. Customers can download anti-virus updates from home page. Provides updates on hoaxes. Trend Micro Inc. www.trendmicro.com Founded 1988. Offers network antivirus software and other security products and services. Web site includes virus advisories, encyclopedia, prevention tips, and additional information. Also offers a free online cost-analysis calculator for determining potential financial impact of virus attacks. Send feedback, column ideas, and tech tips to annestuartinc@yahoo.com.
Note: This is the first in a series of technology updates by former Inc. senior writer Anne Stuart. Future columns will explore topics such as “spam,” videoconferencing, cell phone messaging, and smart business use of online auctions. Slammer. Klez. Bugbear. Bubbleboy. Lirva. Those sound like names for characters in kids’ cartoons, but they’re neither funny nor harmless. They’re computer viruses. And they’re increasingly common. Over the past decade, virus-writers worldwide have created and released about 80,000 viruses, worms, Trojan horses and other “malware” programs, according to Graham Cluley, senior technology consultant for antivirus software vendor Sophos Inc. (www.sophos.com) And about 600 to 800 new variations crop up every month, although, typically, only a few cause widespread or serious headaches. What exactly is a virus? It’s tiny, malicious software program designed purely to disrupt or damage computers. What exactly do viruses do? Some simply display odd messages or images. Many — including the famous Melissa virus — perpetuate themselves by sending infected messages to everyone in a user’s e-mail address book. Others gobble memory or storage space, making systems sluggish. Some corrupt files — for instance, changing spreadsheets or chewing up text documents — or erase them entirely. Some alter Web pages. Some reformat hard drives, block user access, or cause systems to freeze. A few disable security measures or open secret “holes” into computer networks, providing hackers with easy access. Like their biological counterparts, computer viruses can spread fast, attack systems silently, and cause a great deal of pain. In January 2003, the SQL Slammer worm circled the globe in less than an hour, infecting 75,000 computers in 10 minutes. Slammer, which paralyzed computers running Microsoft SQL Server 2000, temporarily shut down South Korea’s telephone system, knocked out thousands of Bank of America automatic-teller machines, and slowed credit-card transactions worldwide. How much financial damage can viruses cause? It’s tough to find reliable numbers about the costs of virus attacks because some effects — for instance, decreased productivity and unrealized business opportunity — are tough to quantify. In addition, many companies simply won’t share information about security-related losses. Following are several ways you can prevent or minimize the impact of virus attacks in your business: Install antivirus software on every computer. That includes laptops and PCs in remote offices. Encourage employees to use antivirus programs at home as well, especially if they use their own computers to connect to your network. In addition, consider protecting e-mail gateways with software that automatically blocks all incoming messages carrying executable code — but keep in mind that those filters may also capture legitimate business communications with harmless attachments as well. Keep antivirus programs current. With new viruses popping up regularly, it’s critical to make sure you’ve got the latest protection. Most leading solutions can be set to periodically update themselves online; you can also do the job manually to respond to new threats. Launch a company-wide prevention campaign. State-of-the-art security measures won’t protect your company unless everyone uses them. A single employee can unintentionally infect the entire network by opening a booby-trapped e-mail attachment or installing contaminated software. Make sure everybody knows and follows these basic virus-prevention procedures: Always delete junk e-mail messages — ads, jokes, chain letters — without opening them. More than 85 % of viruses infect businesses via e-mail, according to the International Computer Security Association’s (www.icsa.net) annual Virus Prevalence Survey released in March 2003. Never open e-mail attachments from strangers. And even those from people you know should be scanned with software that might spot viruses forwarded unintentionally. Be selective about downloading and installing software. Know the source and scan the files before running any new program. Get knowledgeable about pranks and hoaxes. Phony virus alerts waste almost as much time as the real thing. When you get a forwarded e-mail message breathlessly proclaiming some new threat, check it out at Vmyths (www.vmyths.com) or on other virus information sites before responding. Regularly update Microsoft products. Many viruses attempt to exploit vulnerabilities in Windows, Outlook, Internet Explorer, and other products by the giant software empire. Microsoft’s security page (www.microsoft.com/security/) provides alerts, “patches,” and advice for both home and business users. Back up. Back up. Back up. At work, store files on both PC and network hard drives. At home and on the road, copy important files to CDs or floppies. Begin backing up entire systems nightly or weekly, perhaps storing an extra copy of critical information offsite. Look into Web-based storage services such as Connected Corp. (www.connected.com), Easyspace’s Easyarchive (www.easyspace.com/services/easyarchive.html), and Elephant Backup (www.elephantbackup.com). The computer-virus universe changes constantly, with, according to some estimates, about 20 new viruses surfacing every day. You can’t vaccinate your computers against all of them. But with vigilance and commonsense caution, you can strengthen your company’s electronic immune system, making it much more likely to survive an attack. Glossary Antivirus Program: Software that detects and removes viruses from computer hard drives. Such programs must be updated regularly to add profiles for the thousands of new viruses that appear every year; updating can often be handled quickly online. Trojan (or Trojan Horse): A malicious program in disguise, named for the giant wooden gift horse the Greeks used to conquer their Trojan enemies. Trojans appear benign, entertaining, or even useful, but actually conceal viruses that can harm systems. Backdoor.BO (also called Back Orifice) is among the best-known examples. Virus: A malicious software program used to deliberately infect a computer system. Typically, viruses are concealed in existing programs and activated when those programs are executed. Viruses often cause damage by replicating themselves, causing systems to crash, or by attacking or attaching themselves to other programs. Stealth viruses remain hidden or change themselves after executing so that they can’t be detected. Well-known viruses include Melissa and Bubbleboy. Worm: A type of virus that replicates itself and gobbles up computer memory but cannot attach itself to other programs. Well-known worms include Klez.H, LoveLetter (sometimes called “IloveYou”), Bugbear, and Lovgate. Further Reading The following books, all available from Amazon (www.amazon.com) and other booksellers, offer generally easy-to-understand information about computer viruses: Securing the Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and Trojans, by Douglas Schweitzer (John Wiley & Sons, 2002). Offers sound, practical, comprehensive advice from a security expert. Updates provided on a companion Web site. Malicious Mobile Code: Virus Protection for Windows, by Roger A. Grimes (O’Reilly & Associates, 2001). Focuses on defensive strategies. Viruses Revealed, by David Harley, Robert Slade, and Urs E. Gattiker (McGraw-Hill/ Osborne Media, 2001). Explains what viruses are, how they work, where they come from, how to prevent them, and how to deal with them. Includes case studies. Also available as a downloadable, searchable e-book. Resources The following Web sites provide comprehensive information about viruses, worms, and similar threats: About.com Antivirus Software Guide antivirus.about.com/index.htm?terms=computer+virus News, glossary, encyclopedia of hoaxes, links to vendors and other resources. CERT Coordination Center, Carnegie Mellon University www.cert.org/ A wealth of information on all aspects of computer security at work and at home. CNET Virus Alert Center www.cnet.com/software/0-7760531-8-6319437-1.html News on current threats, advice on PC protection, links to free resources, and antivirus software vendors. Computer Security Institute www.gocsi.com Major membership organization for technology-security professionals; Web site contains articles, reports, and links to additional resources about viruses and other security issues. International Computer Security Association (ICSA) Labs www.icsa.net Independent arm of security vendor TruSecure Corp. (www.trusecure.com) offers “vendor-agnostic” testing and research. Web site contains constantly updated virus alerts, white papers, studies, an annual Virus Prevalence Survey, and more. National Institutes of Standards and TechnologyComputer Security Resource Center Virus Page csrc.nist.gov/virus/ Information, links to other resources and antivirus software vendors. Sophos Inc. www.sophos.com/safecomputing Safe-computing advice for both network administrators and individual users. Virus Bulletin www.virusbtn.com Independent antivirus advice, news, profiles, and resources. Vmyths http://www.vmyths.com Supersite for information on virus myths and hoaxes. Vendors Following is a sampling of major antivirus software vendors whose offerings include products, services, and information targeted to small and growing companies: Command Software Systems Inc. www.commandsoftware.com Founded 1984; now part of Authentium Inc. Offers antivirus software for home users, large companies, and small businesses. Web site’s Virus Center includes news, alerts, a glossary, research, e-mail newsletters, and other information. Computer Associates International Inc. www.ca.com Founded 1976. Offers antivirus software for businesses. Web site’s Virus Information Center contains alerts, encyclopedia, and an extensive glossary. McAfee Security www.mcafee.com/ Founded 1989. Offers antivirus and security solutions for home users, large companies, and small and growing businesses. Network Associates Inc., McAfee’s parent company, provides free virus alerts, updates, update on hoaxes, and other information. Panda Software Inc. www.pandasoftware.com Founded 1990. Offers antivirus software for home users, large companies, and small and growing businesses. Web site includes Virus Information Center with virus encyclopedia (including “Top 5″ current threats), hoax updates, tips, and other resources. Sophos Inc. www.sophos.com Founded 1986. Offers antivirus software for companies of all sizes. Web site includes a rich collection of analyses, articles, updates on hoaxes, and alerts, including monthly “Top 10″ virus list. Symantec Corp. www.symantec.com Founded 1982. Offers firewalls, antivirus software, and other security solutions for home users, large companies, and small and growing businesses. Web site provides free virus alerts, library of virus information. Customers can download anti-virus updates from home page. Provides updates on hoaxes. Trend Micro Inc. www.trendmicro.com Founded 1988. Offers network antivirus software and other security products and services. Web site includes virus advisories, encyclopedia, prevention tips, and additional information. Also offers a free online cost-analysis calculator for determining potential financial impact of virus attacks. Send feedback, column ideas, and tech tips to annestuartinc@yahoo.com.
They needed it overnight. They wanted the best. In the race to build the first online hardware store, Peter Hunt and Rich Takata put their company in the hands of outright strangers The Company Name: CornerHardware.com Inc. Founded: Incorporated May 1999; Web site launched early 2000 Location: San Francisco Cofounders: Chairman and CEO Richard Takata; president and chief operating officer Peter A. Hunt Employees: 35 full-timers Mission: Creating an online home-improvement store, magazine, and community for do-it-yourselfers URL: www.cornerhardware.com The Developer Name: Xuma Founded: 1998 Location: San Francisco; with offices in New York, Los Angeles, and Las Vegas Cofounders: CEO Joe Cha; chief technology officer Jamie Lerner Employees: 250 Mission: Producing built-to-order Web sites for E-businesses URL: www.xuma.com In December 1998, Peter Hunt set out to tackle what should have been a simple, joyous task: building a tree house for his four-year-old son for Christmas. Hunt couldn’t wait to start the project. It wasn’t just that he welcomed the diversion from his high-powered job as an investment banker. It was more that, ever since he’d been a kid, Hunt had loved working with his hands: making model trains and airplanes, building furniture, fixing things around the house. As an adult he’d dreamed of buying a corner hardware store in some rural New England town, the kind of place with a bell over the door and shelves lined with hinges and screws and doorknobs, where he’d spend his days happily helping customers pick out the right paintbrush or handsaw. But with two kids and a top job at Montgomery Securities in San Francisco, the lanky, thoughtful Hunt didn’t even have time to stop into a local hardware shop, let alone wander through a giant home-improvement warehouse. He assumed he’d save time by buying everything he needed for the tree house — instructions, lumber, materials, and tools — online. So he went to the Web and looked for hardware sites. And looked. And looked. He found nothing except a loose network of like-minded tree-house enthusiasts, many similarly frustrated by their own fruitless online searches for supplies and information. From that experience, Peter Hunt, banker, suddenly figured out how to finally become Peter Hunt, hardware guy. Hunt’s thinking went like this: What if there were lots of little communities out there — tree-house builders and woodworkers and plumbers and fixer-uppers and even contractors — all hungry for online hardware and home-improvement advice? And what if somebody could provide it for them in one friendly, convenient location, sort of a virtual corner hardware store? In early 1999, Hunt, then 35, took a week off to write a business plan for just such a company. But he knew something was missing. He needed a business partner — a veteran hardware retailer, a real insider. When he asked around, he kept hearing the same name: Rich Takata. Richard T. Takata, then of Seattle, had been in the hardware business for 24 years. Takata, who’d most recently been president and CEO of Eagle Hardware & Garden Inc., had remained with the 41-store chain after North CarolinaÂbased Lowe’s Cos. had bought it for $1.4 billion. (In fact, Hunt’s firm had handled the sale.) Although reserved and soft-spoken, Takata, then 49, was hardly averse to risk; in his spare time he occasionally drove race cars. A lifelong do-it-yourselfer, Takata also knew his industry and its customers. Over the years he’d waited on thousands of people, even during store visits when he was the company’s CEO. And like Hunt, whose own company had been acquired by North CarolinaÂbased NationsBank, Takata was ready for a change. Xuma’s founders named their Web-development company after an ancient Chinese battle cry. In April 1999, at the urging of a mutual friend, Hunt and Takata met for dinner to talk about launching a big home-improvement E-commerce site. They discovered they had much in common. Both were quietly intense, articulate, committed. Both were customer-service evangelists, true believers in keeping promises and building long, loyal relationships. Both believed passionately in the Internet’s potential for business. And both had high — some might say almost impossible — standards for themselves, their companies, and those who worked for or with them. Of the two, Takata was more tactical and analytical, a manager with a keen recall of industry statistics and an almost instinctive understanding of business trends. Hunt, very much the money guy and deal maker, was also more sentimental. (He documents CornerHardware.com’s growth in a scrapbook filled with mementos like copies of the company’s incorporation papers and of its early bank deposits, and Polaroid photos of each newly hired employee.) From the start, the two men agreed they wanted to do more than lead the Web in sales of drill bits and deck stain. They wanted to re-create the old-fashioned corner hardware store of Hunt’s dreams and Takata’s experience: a place with well-stocked shelves, knowledgeable clerks, lots of how-to information, and most of all, a friendly, collegial, yes-you-can-do-it-yourself atmosphere. It would, of course, be called CornerHardware.com. They knew it was a big idea with hefty potential; pulling in even a small fraction of the $400-billion-a-year home-improvement business would yield a fortune. They were amazed that nobody had launched the kind of venture they envisioned, and they knew that before long somebody else certainly would. What they wanted to do — build a full-service online hardware store and community — would cost at least $2.5 million. Takata and Hunt knew they needed to move fast — and they did. Within three weeks of their first meeting, both men had quit their jobs; put up $250,000 each of their own money; raised about $500,000 more from angel investors, family, friends, and colleagues; and incorporated their business. But for all the partners knew they needed to do, there was still plenty they needed to learn. Chief among the lessons: just how tough it would be to build a big Web business in a matter of months — and how much tougher it would get when circumstances forced them to launch the site weeks earlier than planned. They didn’t know for sure whether a no-name newcomer like CornerHardware.com could compete with new and upcoming E-commerce arms from brick-and-mortar brands like Sears (which was already selling parts, tools, and appliances online), Home Depot (which plans to launch a full E-commerce site this summer), and Ace Hardware (which would begin selling merchandise online at OurHouse.com late in 1999). In addition, dot-com start-ups were also racing to market. Major projects included HomeWarehouse.com, then under development in nearby San Mateo, Calif., and Amazon.com‘s new tools and hardware store, which would also launch by year’s end. And it was entirely likely that some of those in the race would end up as roadkill. When it came to CornerHardware.com’s technology, Hunt and Takata knew they weren’t looking just for a speedy job. Sure, there was no time to waste — they wanted a beta site before year’s end, a quiet launch by March 2000, and a public launch shortly after that. But building their Web site would also be a big, complex, cutting-edge project. They needed transaction processing capability and complete descriptions and images of some 37,000 products, everything from penny nails to power saws to Phillips-head screwdrivers. They would shoot to double their inventory, which is distributed from a warehouse in Kansas, within their first six months online. True to their customer-service mission, Hunt and Takata also wanted, from day one, to offer how-to articles, visitor message boards, animated step-by-step project instructions, a massive glossary of hardware terms, a superb search engine, and live customer service, online and in real time. That last capability would become, in fact, the real cornerstone, so to speak, of CornerHardware.com. Using interactive windows, customers would be able to chat with service reps in real time — asking questions about products or about a bill, for instance. That kind of service, which the company would contract out to dedicated staffers at Boston-based eSupportNow, would be what Hunt and Takata believed would ultimately distinguish their company not just from other online hardware stores but from their brick-and-mortar brethren as well. As Takata pointed out later, there weren’t many home-improvement stores that were open 24 hours a day. Although Hunt and Takata knew what they wanted their site to do, they didn’t know much about the nuts and bolts required to make it happen. They needed professional help. And they needed it fast. The high-speed, high-stakes scenario isn’t unique to CornerHardware.com — or even to the online home-improvement industry. Today almost any new business-to-consumer Internet company must fight for a foothold in an already crowded market. (Witness the proliferation of online pet stores, drugstores, vitamin stores, and toy stores.) Being first online remains a competitive advantage. But there’s no point in being first without doing it well. As consumers on the Internet grow more sophisticated they’re less willing to tolerate sites that are slow, unreliable, boring, or tough to navigate. And they absolutely won’t return to sites that haven’t provided stellar customer service. E-commerce sites have grown increasingly complex in reaction to the industry’s ever higher standards and well-publicized successes and failures. In many cases, like CornerHardware.com’s, a business simply can’t hire its own team to build a site — even if it could find the right people, it probably couldn’t afford to pay them or retain them. So, like CornerHardware.com, the company opts to stake the future of its business on outside developers — people the company doesn’t know, people who must translate the entrepreneur’s dreams and plans into equipment and software and code. Xuma’s approach bridges the gap between standard and optional E-commerce components. As Takata and Hunt were setting up shop in rented space in San Francisco’s financial district, Joe Cha was building his own business just a few blocks away. About a year earlier Cha had been working at his third consulting job. A friend reintroduced him to Jamie Lerner, a consultant Cha had known slightly when both had worked at Andersen Consulting several years earlier. Like Hunt and Takata, Cha and Lerner found themselves thinking along the same lines. They wanted to try something new, and they didn’t want to create just another San Francisco Web-development company. Instead their thinking went like this: What if you could apply the same approach to building a Web site that Dell Computer applies to building a computer? What if you could create big, complex, flexible, reliable, customized E-commerce systems in record time simply by not reinventing the wheel for every single project? So Cha and Lerner founded Xuma. (The name, pronounced “zoo-ma,” is an ancient Chinese battle cry that the partners found perfect to describe their army of engineers charging into the E-commerce wars.) They adapted the Dell model: just as Dell combines standard and optional components to rapidly create computers, Xuma combines its standard and optional E-commerce components to quickly build Web sites. In the venture’s first year, the quiet, charming Cha (so charismatic that he was among 10 bachelors featured in a Women.com feature on “The Men of Silicon Valley”) sold Xuma’s services to customers ranging from health-and-beauty-products retailer More.com to home-furnishings site GoodHome.com. By its second anniversary, in April 2000, Xuma had launched more than 70 Web-based businesses nationwide and employed 250 people in four offices. But back in mid-1999, Xuma hadn’t yet tackled anything on the multimillion-dollar scale of CornerHardware.com. By the summer of 1999, Takata, CornerHardware.com’s CEO, and Hunt, its chief operating officer, had raised about $6 million in funding: close to $1 million from their own pockets and from family, friends, and angels; and the balance from the first round of venture funding. (A second round early in 2000 would yield an additional $21 million.) And the founders had begun building a staff. Their first hire: vice-president of engineering Steve Finer, who faced the daunting job of actually overseeing the Web site’s construction. (See “Chronicles from the Pit,” below.) Finer, then 33, was an enthusiastic, outspoken technologist who, in a previous life, had managed nightclubs in Boston. He knew something about risk: he’d cofounded an Internet start-up that later collapsed and eventually filed for bankruptcy. And he knew something about working hard; he was always either at the office or connected to it by beeper, cell phone, or computer. (Shortly before the CornerHardware.com launch, when Finer was working 12 to 15 hours a day, he came home one night to find that his lonely dog, Cassius, had disemboweled a sofa cushion.) After joining CornerHardware.com in August 1999, Finer faced his first and toughest task: getting his new bosses “to understand that you don’t build anything — whether it’s a car or a Web site — overnight.” Especially not something as complex as CornerHardware.com. And in Internet terms, what Hunt and Takata wanted was pretty close to overnight. So Finer immediately ruled out doing the job in-house. Given the tight market for top technology staffers, especially in San Francisco, he knew he couldn’t build the talented team he needed to even approach that timetable. Instead, at his recommendation, CornerHardware.com looked outside, holding what Cha describes as a “bake-off” for potential developers late in the summer of 1999. Xuma wasn’t the oldest or the biggest or the best-known contestant. But Hunt, Takata, and Finer liked what Xuma had cooked up. The decisive factor: speed. Cha, Xuma’s CEO, and Lerner, its chairman and chief technology officer, then both 29, promised to do the job faster than anybody else — within six months. They also promised to build systems and databases that would “scale,” or grow quickly without having to be replaced. That’s what CornerHardware.com needed — and that’s why Xuma walked away with a contract worth between $750,000 and $1 million. (Takata says the balance of CornerHardware.com’s launch budget went for interface design, software licensing, equipment, product photography, and related costs.) By Xuma’s standards today — less than a year later — the CornerHardware.com contract is a relatively small one. But at the time it was a huge coup, providing, if all went well, a link in the chain leading to bigger jobs. So Cha took the kind of risk that he would later say no developer should ever take: he went ahead without any built-in contingency plan — no plan B — in case of crisis. True to its own business model, Xuma would build the CornerHardware.com site using many preexisting components — a standard credit-card-processing system, for instance. Still, the Xuma team, headed by senior project manager Phil Lew, then 26, knew that building such a complex E-commerce site wouldn’t be easy. Xuma anticipated it would spend five to six months, beginning in October 1999, building, testing, debugging, and launching the site. The schedule, though ambitious, seemed entirely possible. That is, as long as nothing went wrong. Although CornerHardware.com and Xuma were both new, fast-growing San FranciscoÂbased start-ups, their cultures were entirely different. Sure, they both hired the best they could find: CornerHardware.com’s hiring coups included a Home Depot senior vice-president, a top producer from CNet, and several home-improvement authors and writers, while Xuma lured dozens of “rock-star engineers” away from other Web developers. But theirs were very different workplaces. At CornerHardware.com, a middle-aged artist or writer in a flannel shirt and jeans might sit in meetings with a college-age kid with a nose ring. It was rare for anybody to spend the whole night at work (with the possible exception of Finer, who worked around the clock in the countdown to the launch). In general, it was quiet, especially since most employees worked one or two days at home. (There wasn’t enough office space for everyone to be there at the same time.) In contrast to that relative calm, at Xuma nobody had a private office. Engineers racing to meet project deadlines spent days in the big war room known as “the pit,” living on trucked-in pizza or Thai food, working elbow to elbow at food-littered tables lined with computers. It was a noisy, messy, overwhelmingly youthful atmosphere. For Lew, it was exhausting, but it was also fun. His team bonded in a way that can come only from eating three meals a day together, working side by side until after midnight, then car-pooling home through unusually silent streets. And that bonding meant that together they felt they could do anything, Lew says. They would need to. In late fall, when Lew’s team was already spending most of its time in the pit simply trying to hit the original March launch date, something did go wrong. In mid-November, a CornerHardware.com competitor, HomeWarehouse.com, launched earlier than anybody had expected. About the same time, Amazon.com launched its home-improvement store, and Ace began putting OurHouse.com online. And funding was beginning to dry up for consumer dot-coms in favor of business-to-business ventures. Takata and Hunt decided they had no choice: they had to move the stealth launch from late March to January 15, and follow that with the public launch a few weeks later. They delivered the bad news to Finer, their liaison with Xuma. “They told me, ‘If we wait till March, we’re out of business,’ ” Finer recalls. “At that point I’m holding my stomach.” Finer reluctantly asked Xuma to shave close to six weeks off the initial launch date. Xuma agreed to try moving it up to January 15. “The trouble with being the vendor is that the customer is always right,” Cha says with a sigh. In this case, being right required heroics from Lew’s project team. “We had guys here that didn’t see their families, that were living here 24/7,” Cha says. (See Lew’s diary, below.) “We killed ourselves. But we got on-the-job training there. We learned.” What followed was a series of compromises made by both sides. Five days before the new launch date, the Xuma project team begged for an extension, saying they needed the extra testing time to make sure the site worked well. They asked for two more weeks. Takata and Hunt agreed to wait 10 more days. They knew they wouldn’t be doing themselves any favors by launching sooner if the site frustrated the very people they wanted to attract. Meanwhile, Lew was learning that both Hunt and Takata were demanding, detail-oriented, hands-on managers. “I used to say ‘Retail is detail,’ ” Takata says. “Now I say ‘E-tail is detail.’ ” Both Hunt and Takata closely tracked the site’s development, sometimes requesting changes that would take days of engineering time to complete. “Or they’d say, ‘We need 700 pages [of Web-site content before launch],’ ” Lew says. “We’d say, ‘We can do 200.’ “ Then there was the titanic tinkering on the day before the rescheduled launch. In the afternoon of January 24, Hunt decided the site needed another level of search hierarchy, or ways for customers to view products and information. While other team members frantically tested the site, one engineer spent six hours building in the new function, letting it go live around 8 p.m. After viewing the site that evening, Hunt changed his mind. Lew describes it this way: “Peter sees it. He doesn’t like it. I say, ‘It’s exactly what you guys asked for.’ He says, ‘I want it back like it was this morning.’ ” Lew asked Finer to intercede; Finer returned with this message from Hunt: “Sorry, but it has to happen. And you have to tell me when it’s done.” The same staffer spent the next three hours reversing his earlier work, finishing at about 1:30 a.m., just hours before the quiet launch. And yet Cha, ever the diplomat, doesn’t regard CornerHardware.com as particularly exacting. “All of our customers are very demanding,” he says. In fact, he adds, CornerHardware.com was a relatively easy client because, unlike many enthusiastic dot-com start-ups with ill-defined business plans, from the very beginning Hunt and Takata had clear ideas about what they wanted to accomplish. On January 25 at 3:30 a.m., Lew drove his entire team home from work, and, at 4:45 a.m., finally slept. CornerHardware.com had launched — without fanfare and without any major problems. It also launched without some of the things its founders had wanted. These were the trade-offs: CornerHardware.com had been photographing about 800 products a day, but even at that rate the company couldn’t shoot 37,000 products before the launch. Instead it posted a representative sampling from each category. (Says Hunt, “If you have 72 hammers on the site, do you really need pictures of all 72 from day one?”) It also launched with no way of issuing returns to customers’ credit-card bills. (Initially, refunds would be made by check.) And it launched with fewer products and less content than Hunt and Takata had wanted. But nothing crashed, and the products advertised were available, poised on the shelves in the Kansas City warehouse. Surprisingly, Takata rates the launch at about 95% of what he’d hoped for. “One of the lessons I have learned about the Internet space in general is that you can’t be a perfectionist,” he says. “The Internet is a game of weeks. If you can get your site up four weeks earlier and have a complete customer experience [even without some desired features], I’d say do it.” A month later the public launch went off without any major hitches. Since then, CornerHardware.com’s traffic has grown steadily, with Xuma continuing to run the site. Hunt and Takata won’t release figures except to say that they had more traffic in April than in the entire first quarter. As for the conversion rate — the percentage of people who actually buy something — “some days it’s 19% or 20%,” Hunt says. “And we have days where it’s 1%.” Meanwhile, the purchasing of big-ticket items has increased: in addition to batteries and lightbulbs, customers are buying bathroom vanities and power tools. These days the founders are still keeping an eye on the competition, especially that big orange company from Atlanta. “I’d be lying if I told you we don’t worry about Home Depot,” Hunt says. “But we don’t lose any sleep over it,” because, he says, he doesn’t believe the giant retailer will duplicate the CornerHardware.com business model or its real-time online customer service. As for that tree house, Hunt did build it much later. But he ended up creating it from a kit that he got from a brick-and-mortar retailer. Ironically, he got so busy starting up CornerHardware.com that he didn’t have time to build one from scratch. And in returning to that project, Hunt revisited one big lesson that he and Takata had discovered throughout the building of their business: it’s all about making compromises. Anne Stuart is a senior writer at Inc. Technology. Chronicles from the Pit Steve Finer, vice-president of engineering for CornerHardware.com, and Phil Lew, Xuma’s CornerHardware.com project team leader, each kept diaries for several weeks between the Web site’s “stealth launch,” in January, and its first major marketing pushes, in early March. Here are some excerpts: Steve Finer Thursday, February 17 At 3:45 a.m., we added another Sun Enterprise 4500 server with 16 CPUs. Serious horsepower! As I got off the elevator this morning my coworkers gave me a high five because the new server made the site so much faster. Wednesday, February 23 Two new applications went into alpha testing. One rotates products featured on the home page. The other is a media-tracking application [which tracks the effectiveness of promotional campaigns]. Unique visitors to the site have doubled since last week. Today the site was accessed from all over the world, including from Taiwan, Slovenia, Thailand, Malaysia, Israel, and Japan. Actually shaved for the first time in weeks. Wanted to be presentable for a taping we did today with Xuma and the Mark Bunting video crew [for a business video to be shown on United Airlines and TWA]. Thursday, February 24 Biggest challenge: preparing for the March marketing campaign [a newspaper and online ad campaign with coupons]. We need to be able to support the traffic. Friday, February 25 Added 6,000 new images. Finished quality-assurance process for media tracker and product-feature applications. Also [a New York Times] article gave us a nice boost in traffic and tripled the number of people who went to the customer-support line yesterday. Monday, February 28 We’re all really busy. The engineering team has a lot of projects that need to be completed, including the media tracker and the product-feature device. Tuesday, February 29 Public launch. It has been a difficult day. All departments are asking for additions to the site. It’s a challenge to satisfy all requests and prioritize them properly. Our lack of space [is a problem]. My job would be so much easier if we could hire people to supplement Xuma’s activities. Friday, March 3 We’re really focusing on driving traffic. We added a new disk drive to the development server and a new storage device to help manage all our images. We also added more than 40 new how-to articles. Don Johnson and Cheech Marin filmed their TV show, Nash Bridges, outside our office. We passed out CornerHardware.com hats to the crew, which they all wore during the filming. Saturday, March 4 Had one last meeting with Xuma and my staff to make sure we have the right staffing in place to support [Sunday's marketing campaign]. Monday, March 6 The marketing campaign went off without a hitch. We were able to support all the additional traffic. It blew my mind! Daily traffic today was more than double normal, and we had 10 times as many people buying products as we have on a typical day. Next week the campaign will branch out to a larger part of the country. Since everything today went so well, I’m not too worried. But it is still keeping me up at night. Phil Lew Thursday, February 24 Development seems to be going better than planned. [CornerHardware.com CIO Ken Hite] called me in the morning wanting to track an order number for an order where the money wasn’t captured. The problem was with the file from the third-party fulfillment house. Lesson learned: We need to build in more robust error checking. We cannot assume that the third-party fulfillment house will always give us the correct formatted file. The need to develop a robust process to keep the content and data fresh on the live site is giving me grief. [The process was so slow that when CornerHardware.com updated many items, it could take days for the updates to take effect.] We are working on another solution to load data but don’t know when that will be in place. The media-tracker application needs to be done by tomorrow (that is, in the hands of QA). Things are going great, but I’ve been down this road before. I need to keep the pressure on development to make sure that they follow through on our delivery dates. Friday, February 25 Had our first meeting with [new CornerHardware.com executive producer] Alice Hill. She had some fantastic ideas about the site direction. I look forward to working with her; she’s going to be able to streamline the decision-making process since we will not have to wait on [COO Peter Hunt and CEO Rich Takata] in the future for decisions about where the site is going to be heading. Sunday, February 27 What I’ll remember most about today: talking to Bill [Meehan, Xuma's lead engineer on the CornerHardware project] at midnight on a Sunday night about CornerHardware.com — again. We make this site go. Both of us take a lot of pride in that. We are both emotionally attached to this project and want CornerHardware.com to be the best it can be. That makes it easier to stay up late on Sunday nights to do things for CornerHardware.com. Monday, February 28 Everyone is very excited about the big day tomorrow [the official launch]. I think we have all done due diligence to get ready for this big day, but until the day comes you never know. Tuesday, February 29 Crazy, crazy day. In the afternoon, CornerHardware.com informed us that [there were] 40 additional content pages to be attached to a new front page. At 5 p.m., 6 p.m., 7 p.m., 8 p.m., this content had still not passed the QA check. The new front page will not be able to go up until tomorrow. Traffic was higher than usual. Two articles [about CornerHardware.com] came across my desk: one was from CNet and the other from ZDNet. Didn’t get much sleep, since we were at work until 5 a.m. Sunday, March 5 First thing I did when I woke up today was log on to the Internet via my DSL to check on the site [following that morning's newspaper coupon campaign]. I can see that the orders are already rolling in from Washington and Utah. By 10:30 a.m., we are already at 15 orders for the day. I called Steve Finer at home (I think I woke him up) and let him know the good news: people are hitting the site and buying things. Please e-mail your comments to editors@inc.com.
