I have some questions for those of you that provide consulting services and bill clients for your work.
The questions are geared towards the time consuming process of malware cleaning and overall system protection and updating. So let's get to it...
Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.
Now that I think about this I could have questions dealing with billing as well as questions on how you would handle a situation in the fastest possible manner, but I'll put those second set of questions in a different forum category. Here is the second set of questions: http://www.bleepingcomputer.com/forums/t/311552/how-would-you-go-about-doing-malware-removal-and-protection/
So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then proceed with installing your recommended tools (paid or free)... like anti-virus, anti-spyware, firewall, innoculation programs and so forth. You also go through the process of patching the OS with the latest service packs and patches that the user hasn't done. You also update all the applications that have been waiting to be updated that the client never did. You clean up all the crap toolbars, because they now only see 1" of browser screen due to the 6 toolbars installed, you start uninstalling all unneeded programs, removing items form startup, and so forth.
So basically at this point you could easily have 5 to 6 hours of time into the computer.
Now I personally charge between $65 and $95 per hour depending on the services. For this sort of thing it is normally $65 an hour.
Now if I have 6 hours into the system you are looking at $390 for the time. What I normally end up doing is cutting the time in half and charging $195. Partly because there are times I am simply waiting for scans to complete (although it at times is hard to walk away from some of these as it may need intervention)... and partly because if I was in there shoes I would think $390 was a tough pill to swallow. But now that I think about it the auto mechanics in our area charge between $65 and $75 an hour and the NEVER cut me a break. I can't get out of there without spending $300 bucks... but that's another story.
Anyway... what I am grappling with here is fairly billing the customer, but at the same time not screwing myself over in the process. I personally would not make the living I wanted if I was only collecting half my hourly rate.
I know there may be some responses where you want to describe how you avoid spending 6 hours on a computer and I DEFINITELY want to hear it, but I'll make another post for that and provide a link shortly. Here is that post: http://www.bleepingcomputer.com/forums/t/311552/how-would-you-go-about-doing-malware-removal-and-protection/
I know there are some folks who may do this sort of thing on the cheap... $15 or $20 an hour, but for that I might as well go work down at the local tire manufacturer and throw away my 20+ years in the IT Industry.
So those of you who do IT work as a business and to generate a meaningful living how do you deal with situations like this?
Do you simply do the bare minimum (just clean it) and then give the customer links to deal with protecting themselves and have them spend all that time getting protected?
Do you just make no money on malware removal and protection services?
What say ye?
Thanks in advance for your thoughts on the matter.
ps. I'll reply to this with a situation I had recently that ended up with 18 hours of time.
Edited by myitanalyst, 21 April 2010 - 01:25 PM.