No, it’s not all commenters on Digg. Or on YouTube. Or, or, or. But a whole lot of them seem to be lying in wait to sink their teeth into the nearest virtual pantleg… or exposed jugular. The culture of vehement attack and merciless ridicule is still virulent in a lot of places online. (The whole “You Suck At…” meme is only the latest example.) Sponsor I’ve heard the advice that the you deal with that kind of attack by growing a thick skin, having a sense of humour about it, and generally hardening your heart and pretending it doesn’t hurt. It’s the same advice we used to give bullying victims before we discovered it just encourages jackasses to become bigger jackasses. Anyone building or managing an online community has a responsibility to keep the oil slick of aggression out of the conversational coastal wetlands. That doesn’t mean there aren’t lively or even heated disagreements, but that users aren’t aiming to actually wound each other. And that responsibility isn’t just to users; it’s to the business or organization behind the community, because that kind of toxic behaviour rubs off on their reputation. I won’t pretend it’s easy, especially with the entrenched culture of an established community. But civil behaviour ought to be the expected norm of online community, not the welcome exception. More Noise to Signal. Discuss

Click here to read more

Salesforce.com , the world’s leading SaaS vendor, is suing Microsoft for patent infringement, Business Week reported today. As we’ve reported , Microsoft filed suit against Salesforce.com for patent infringement last month. Salesforce.com has hired David Boies who represented the U.S. Department of Justice in its antitrust case against Microsoft. Sponsor TechCrunch reports the patents Salesforce.com is alleging Microsoft infringed are: Patent No. 6,813,633, Dynamic multi-level cache manager. Patent No. 6,918,059, Method and system for handling errors in a distributed computer system. Patent No. 7,024,454, Work sharing and communicating in a Web site system. Patent No. 7,209,929, Java object cache server for databases. Patent No. 7,305,454, Apparatus and methods for provisioning services. In April, Salesforce.com chairman and CEO Marc Benioff said about Microsoft: “The reality is that these patent trolls are unfortunately just part of doing business in technology these days. They’re basically the alley thugs. Every thriving economy has alley thugs.” Bringing on Boies is a clear sign Salesforce.com is taking Microsoft’s legal threats seriously. During his career, Boies defended IBM during the Justice Department’s antitrust case against the company, represented New York Yankees owner George Steinbrenner in a suit against Major League Baseball, represented Vice President Al Gore in Gore’s dispute over the 2000 election, represented SCO Group in its controversial Linux patent disputes, and several other high profile intellectual property cases. Horacio Gutierrez, Microsoft’s deputy general counsel for intellectual property told Business Week that, “We remain confident in our position and will continue to press ahead with the complaint.” Microsoft claims Salesforce.com infringed the following patents: Method and system for mapping between logical data and physical data System and method for providing and displaying a web page having an embedded menu Method and system for stacking toolbars in a computer display Automated web site creation using template driven generation of active server page applications Aggregation of system settings into objects Timing and velocity control for displaying graphical information Timing and velocity control for displaying graphical information Method and system for identifying and obtaining computer software from a remote computer System and method for controlling access to data entities in a computer network Discuss

Click here to read more

Entrepreneurs gearing up for their first meeting with potential investors are sure to have a million different things on their mind that are stressing them out. Is the pitch the right length? Is it filled with jargon or ridiculous assumptions? Is the font on the slides the right size? But there is one other that’s often overlooked: Am I dressed appropriately? Sponsor This post is brought to you by Gillette. When you pitch a venture capitalist, you aren’t so much selling your product as you are selling yourself, your team and you business plan. There are thousands of variables that can influence the way VCs respond to your pitch, and dressing appropriately – while completely unrelated to your product, team or business – will have a subconscious effect on their opinions. Don’t Distract the VCs The point of dressing appropriately is to not only convey that you have the wherewithal to make the simplest of decisions, but also to keep the VCs focused on what’s important – your product and your business. If there is any question in what you’ve decided to wear to a pitch, this will ultimately distract the VCs, preventing them from being sold on your idea. New York VC Steve Brotman, co-founder of Greenhill SAVP , gave The Wall Street Journal an example of very distracting clothing worn by an entrepreneur pitching him an Internet startup during the dot-com era. According to his story, a woman dressed in a strange green outfit entered his office unannounced and offered up a business plan. “You lost me at hello,” Brotman told her. The woman was selling a product with “avocado” in the name, and was attempting to dress like an avocado. “I’m not about to do a deal with a lady dressed like an avocado,” said Brotman. The lesson here? Don’t let your product influence how you dress; VCs don’t enjoy gimmicks. Safe Bet: Business Casual A general rule of thumb for appropriate dress when speaking with VCs seems to be “business casual.” Here’s a sample outfit that fits this profile, starting from the ground up: black dress shoes or boots (no sneakers, flip-flops or Crocs), a nice pair or jeans or dress slacks (no rips, darker shades work better, in my opinion), solid color t-shirt or polo (collared shirt with no tie could work also), and a black casual sport coat. Plus or Minus 20% While your appearance should not be distracting or influenced by gimmicky product promotion, if done right you can use it to your advantage. Boulder’s Andrew Hyde of TechStars suggests entrepreneurs use the “20% rule” when deciding what to wear. “You want to look 20% better or worse than your actual position,” he says. “The key is to either look good enough to make them think you’re trendy, or bad enough to make them think you’re hungry.” I would recommend going the safe route, but more confident entrepreneurs could use this tactic to their advantage. Hyde, who also co-founded a clothing line of humorous T-shirts for venture capitalists , says whatever you do, “Don’t wear a blue shirt, or they will think you are mocking them.” Unsure? Just Ask But what does a seasoned venture capitalist think after being pitched hundreds, if not thousands of times? Silicon Valley investor Guy Kawasaki says deciding what to wear can vary from company to company, and investor to investor. While his advice is geared toward interviewing at a startup, it still applies to VCs as well. “A good rule of thumb is to dress one level above the company norm: for example, for a T-shirt-style company, wear a collared polo shirt,” he says. “If in doubt, ask what’s appropriate for the interview.” This is probably the best advice on the issue. Ask. Try finding other entrepreneurs who have pitched your potential investors first before you ask the actual VCs you are pitching about what to wear – it could convey a lack of experience. Or it could convey an attention to detail and maturity. What About Women? Ah yes, women. Seeing as I am a male, I focused this article on the male entrepreneurs out there (who are statistically more common than women, at least in Internet startups). I don’t want to leave women out completely, however, so I will offer this bit advice to the female entrepreneurs out there. It’s actually quite similar to the rules of thumb for men – business casual, don’t over think it, and don’t be distracting. What determines “business casual” and “distracting” are different for women than for men, but I defer to our female readers to provide some helpful examples in the comments below! Be Smart The truth is, there is no right answer to the question of what to wear when pitching VCs. Each situation is different, and different VCs care more or less than others about how entrepreneurs look. The best practice is not to over think it, and just rely on what is most likely to work – business casual. No suits, no ties, no problem. Most VCs are pretty laid back, at least in traditional startup cities like San Francisco, New York and Boulder. If you fail to spend your time working out the more important aspects of your pitch, what you wear will be the least of the VCs’ worries. Discuss

Click here to read more

Today’s roundtable overlapped with the Italy – Slovakia World Cup soccer game, which from what I can tell was quite exciting, albeit very disappointing for the reigning champions! Michael Jastram started off by presenting ProR , an open-source platform to manage the RFQ process for automotive parts manufacturers and suppliers. Michael has an European Union grant for the next 18 months to build this platform, and intends to offer integration services and premium functionality on top of it to monetize it. His presentation was clear and concise, and he has good connections into the automotive industry, through which he expects to be able to scope out the functionality of the system relatively easily. Sponsor There are about 6 major manufacturers and 600 smaller parts manufacturers who feed into these companies. We discussed average deal sizes for the integration projects, which Michael estimates between €10,000-50,000. This would be a very reasonable way to monetize the platform and build a several million dollars a year business over the next three years. I found Michael’s strategy robust and well thought through. He used me as a sounding board to verify his assumptions. Michael came to the session with a good deal of homework done, which made it a smooth discussion with a very clear execution roadmap. I gave him several pointers to open source case studies, including SugarCRM , CollabNet , SpringSource , and DimDim , which, of course, is our host for the 1M/1M roundtables. Norton Scientific Then Bryan Webb pitched Norton Scientific , which is a protein aggregation monitoring system that helps with drug discovery. Bryan’s target market is the 3,500 chemistry labs worldwide, adding up to a TAM of about $250 million. The product is 12 weeks from being ready, and will be sold through distributors at $8,000 per unit. Bryan seems to have identified a well-defined niche, and has designed a product that costs $1,000 to build. Distributors will be paying $6,000 per unit, making $5,000 profit per unit. There are some short-term cash flow issues with this business, but clearly, there is a business here that can get to break-even relatively quickly. With some seed capital, the business will scale just fine. I plan to invite Bryan to be featured on my Incubation Radar series, and introduce him to some angel investors. Relationships Matter Now Next, Denise Barreto started off by introducing Relationships Matter Now, a Web portal for wellness programs that want to offer relationship advice to employees of corporations. I’m afraid I did not find the value proposition convincing, and advised her to go talk to at least 50 corporate HR managers in charge of wellness programs to validate her idea before she quits her day job. Giant Media Up last was David Segura with Giant Media , discussing his viral video marketing company which did $90,000 last month in services revenue. David is exploring ways to manage his cash-flow challenges so that he can invest some money in building a widget or two that transforms Giant Media to more of a technology company, as opposed to a pure services company. I tend to really like services businesses that achieve deep customer intimacy and build products based on that knowledge and experience. I am curious to see what kind of widgets David comes up with over the next few months, and again, as this business develops, we will feature the company in my Incubation Radar and expose it to seed investors. While I am not sure about Denise’s venture, the others three businesses – ProR, Norton Scientific, and Giant Media – I am reasonably sure have the potential to reach the $1 million mark with good execution and intelligent maneuvering. I started doing my free Online Strategy Roundtables for entrepreneurs in the fall of 2008. These roundtables are the cornerstone programming of a global initiative that I have started called One Million by One Million ( 1M/1M ). Its mission is to help a million entrepreneurs globally to reach $1 million in revenue and beyond, build $1 trillion in sustainable global GDP, and create 10 million jobs. In 1M/1M, I teach the EJ Methodology which is based on my Entrepreneur Journeys research, and emphasize bootstrapping, idea validation, and crisp positioning as some of the core principles of building strong fundamentals in early stage ventures. In addition, we are offering entrepreneurs access to investors and customers through our recently launched our 1M/1M Incubation Radar series . You can pitch to be featured on my blog following these instructions . The recording of this roundtable can be found here . Recordings of previous roundtables are all available here . You can register for the next roundtable here . Sramana Mitra is a technology entrepreneur and strategy consultant in Silicon Valley. She has founded three companies, writes a business blog, Sramana Mitra on Strategy , and runs the 1M/1M initiative. She has a master’s degree in electrical engineering and computer science from the Massachusetts Institute of Technology. Her Entrepreneur Journeys book series, Entrepreneur Journeys , Bootstrapping: Weapon Of Mass Reconstruction , Positioning: How To Test, Validate, and Bring Your Idea To Market and her latest volume Innovation: Need Of The Hour , as well as Vision India 2020 , are all available from Amazon. Photo by Svilen Milev Discuss

Click here to read more

This week NSS Labs released their Q2 2010 Corporate Endpoint Protection Products report. NSS has only publicly announced the two products it specifically recommends against: Panda ‘s Internet Security 2010 (Enterprise) and AVG ‘s Internet Security Business Edition 9. However, it takes only a quick look at Trend Micro’s web site to guess how NSS rated Office Scan (hint: very well). Some vendors have protested NSS’s ratings in the past, but like it or not NSS is changing the way security testing is conducted. Sponsor As security threats evolve, e-mail has been displaced by the Web as the primary delivery mechanism for malicious code. The old model of virus definition based antivirus software has been increasingly called into question . In 2007, Australia’s Computer Emergency Response Team claimed that leading products missed 80% of new viruses. To compensate, companies like Trend Micro and Kaspersky are developing cloud based “reputation services” to evaluate URLs and code. NSS president, and former VP of marketing at antivirus vendor ESET , Rick Moy explained in a phone interview: cybercriminals now typically use social engineering to trick users into downloading malware from web sites and run it voluntarily. Malware creators run “campaigns” on Twitter and other social media sites baiting users with anything from pornography to free iPads. Even the most savvy of users can occasionally be tricked by social engineering – we posted our own list of tech savvy Twitter users who fell for phishing scam last year. For an explanation of how such savvy users get fooled, read Cory Doctorow’s recent Lotus Magazine piece explaining why he fell for a phishing scam. Trend Micro recently published an independent report claiming the IT industry is being lulled into a false sense of security by vendors. The report cites an NSS survey which found half of respondents thought their antivirus solutions would protect them from threats 100% of the time, and that another 10% of respondents thought their solutions would protect them 99% of the time. Moy says there’s also a perception in the enterprise that anti-malware products are essentially interchangeable, but that’s turning out not be the case: NSS’s testing found wild disparities between the efficacy of different products, and found that a company’s previous track record is no indication of how well it will perform. NSS tests differ from most other testers, such as AV-Comparatives for example, in that NSS’s test computers that are actually connected to the Internet – something the company calls “live testing.” NSS tested PCs, running up-to-date copies of Windows 7 and using Internet Explorer 8 with SmartScreen disabled, by visiting known malicious sites to verify whether each product tested could successfully blocks malware from being downloaded and/or executed. According to Moy, typical testing involves using malware sets from Wildlist or Antivirus Bulletin – both of which use samples provided by the antivirus protection industry, some of which might be quite old. The results of AV-Comparatives’ most recent report , its “Retrospective/Proactive Test,” are radically different from NSS’s. Trend Micro did fairly poorly in this test, while Panda did quite well. AVG out performed Trend Micro. Peter Stelzhammer of AV-Comparatives confirmed via e-mail that the NSS and AV-Comparatives tests are not comparable, and that AV-Comparatives is working on a test similar to NSS’s. A consensus is forming in the security industry that there’s a need for new prevention techniques – and new testing methodologies to evaluate those techniques. The need for new testing methodologies was the theme of the ” Measuring The Actual Security Anti-Virus Products Provide Customers ” panel at SOURCE 2010 Boston in May, which included Stelzhammer, NSS CEO Vik Phatak, and representatives from CheckVir Labs , Dennis Technology Labs , PC Security Labs and West Coast Labs . Stelzhammer detailed the difficulties involved in doing live, Internet-connected testing and explained the methodologies for AV-Comparatives’ future NSS-like tests. AV-Test has released a test based on methodologies similar to NSS’s, with comparable results. According to the report published by Trend Micro: “ICSA and others such as Virus Bulletin state they will be evolving their certification practices in coming months to include real-time testing and/or testing against today’s threats.” NSS has a recent history of raising eyebrows in the security industry. In March of 2009 NSS published the results of a Microsoft sponsored test that found Internet Explorer 8 was more effective in blocking malicious web sites than Firefox, Safarai, Chrome, and Opera. This lead to many skeptical articles and accusations of bias. However, when looking at what was actually being tested, the results aren’t particularly radical: NSS found that Microsoft’s blacklist blocked more sites than the blacklists used by other browsers. NSS was not tested for other browser vulnerabilities. In September 2009, Network World reported that NSS was shifting its focus towards conducting self-funded tests instead of vendor sponsored tests. NSS would sell the reports and consult vendors, but would not take money for testing. One of NSS’s first self-funded tests found 3com TippingPoint 10 firewall to be deficient. Moy told TechWorld he thought that Tipping Point must not have been investing enough in improving its products. Some commenters were, shall we say, skeptical about NSS’s rating. That same month, NSS released its first Corporate Endpoint Protection Products test, unfunded and using its new live testing methodology. It ranked AVG, Panda and Moy’s former employers ESET at the bottom of the heap. It gave top marks to Trend Micro. In March of this year NSS released a free report detailing the failure of many commercial products to defeat variants of the infamous Aurora virus that infected Google’s computers. McAfee was the only product NSS tested that successfully blocked variants of the virus, and NSS found AVG was the only product tested that didn’t block the original exploit. In an entry on the company blog , AVG protested the results of the Aurora test and called a few things into question. It noted that the report initially indicated that NSS had tested AVG 8 instead of the newer AVG 9, and that NSS later claimed this was a typo and that it had tested version 9. AVG also claimed NSS gave them different information about the results of the testing before the publication of the report and that NSS was slow providing methodology before publication. AVG also provided a screenshot showing AVG blocking the Aurora virus. ESET also fired back at NSS , claiming that NSS’s report didn’t comply with two of the Anti-Malware Testing Standards Organization’s Fundamental Principles of Testing . ESET also complained that NSS did not provide access to samples used in its testing. Since NSS has moved ESET out of “caution” category in the newest report, we asked ESET if it had made any changes to its product to improve its ratings with NSS. “ESET was unable to get any useful feedback on its performance in the previous test without paying a substantial sum to NSS for ‘consultancy,’” replied David Harley, ESET Research Fellow & Director of Malware Intelligence via e-mail. “Even when ESET offered to pay the agreed-upon sum, the fee kept escalating. To this day, information on the test samples has never been supplied, so we are unable to assess the competence and validity of the test, let alone make any changes that would impact our performance in the more recent test.” Moy answered critics on the NSS blog. First, he addressed AVG’s objections . Moy disputed AVG’s claims that NSS withheld information and points out that the methodology and steps for reproducing its Aurora testing was available in the published report. He provided a video showing AVG 9 failing to protect against the Aurora exploit, and pointed out that the screenshot AVG provided depicted Firefox, even though Aurora was an Internet Explorer virus. In a post seemingly in response to ESET , Moy wrote: Some vendors used the anti-malware testing standards organization (AMTSO) to try to discredit the test. One of their objections was that we recommend against buying products that scored on the bottom third of our test. Sorry, we unabashedly believe malware protection should indeed be the key purchasing criteria for an AV product. And for vendors who claim their anti-spam on the corporate desktop will improve their protection against socially-engineered malware hosted on web sites, that’s just stretching it. Moy told us that all the NSS test methodology is available for free on the company’s web site and that ESET was mostly upset NSS didn’t release its malware sample set. Although NSS has received money from vendors for past tests, and does do security consulting, Phatak told us NSS did not receive money from Trend Micro or McAfee before the tests were conducted. Conclusion Science is about repeatable, verifiable results. The only way to glean a better understanding of the efficacy of various endpoint protection products is for more labs to employ cutting edge testing methodologies. The more tests released in the future, the more information enterprises will have in making informed decisions. Discuss

Click here to read more