Archived viruses, was Re: Reasonable price for a complete SOL-20 system?

Fri Oct 21 20:43:38 CDT 2016

On Fri, 21 Oct 2016, Steven M Jones wrote:
> I didn't think modern A/V products included complete historical sets of
> signatures. I'm sure they can deal with ancient, simple bootloader
> infections and such, but at some point I'd be concerned there's a gap
> where something might be too new to be detected by the simplest
> heuristics, but too old for a more sophisticated signature to be in your
> common modern products.
> But this isn't something I've had to deal with.

1) WHY would they delete older threats from their database?  You are NOT 
talking about a shortage of storage space!

2) Are you going to boot your machine from that image?

> Is this an imagined problem?

YES.

The media panic over the Michaelangelo virus revealed much about the 
anti-virus "industry".
Let's start with the NAME.  There was no name IN the virus.  It was a copy 
of the "Stoned" virus that somebody added a nasty payload to (overwrite 
100 sectors of disk).  WHY was it named "Michaelangelo"?  Because somebody 
in the "anti-virus industry" looked at a calendar to see what was special 
about March 6.  If they had been in Texas, instead of using a KQED 
calendar, it would have been named "Alamo", which is a far more credible 
event to name a virus after.  'course it could have been completely random 
choice, or termination date of somebody's employment.
Wikipedia says, "There is no reference to the artist in the virus, but due 
to the name and date of activation it is very likely that the virus 
writer intended Michelangelo to be referenced to the virus."
Hmmmm.  Named after the date (by anti-virus people); because it was named 
that, that confirms the accuracy of the name.

Certain college administrators declared that every machine that was 
infected would have to be destroyed; "it is impossible to remove the 
virus".  Have I mentioned a colleague whom they tried to terminate for 
removing machines from dumpsters?
At UC Berkeley, agressive scanning was done in student computer labs, and 
"hundreds" of infected disks were found and DESTROYED.  ZERO copies were 
retained for ANY analysis.  Nor was even a count kept, nor followup to try 
to get students with infected disks to scan their home machines.

John McAfee predicted that 5 million computers would be wiped out.
The press were called in.

On March 6, there were apparently DOZENS of drives wiped.  Few, if any 
records kept to verify numbers.
McAfee, as expected, took full credit, and declared that the REASON why it 
was dozens, instead of millions, was because his warnings were heeded.

Six months later, when he took his company public, he raised 42 million 
dollars.

He is currently a fugitive as the "prime suspect" in the murder of his 
neighbor in Belize  (apparently NOT virus related)

The "Alameda" virus, with some similarities, but no payload, was 
discovered at Merritt College.  At sister campus, College Of Alameda, 
an employee who is the brother of an ant-virus author requested naming 
rights, and we all were glad to let him have that moment of family glory.
Later, after one of our students transferred to Yale, it was discovered 
again, and named "Yale" virus.