Hoaxes, myths,
urban legends




About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

AVHQ hides its ties to Cheyenne

Rob Rosenberger, Vmyths co-founder
Wednesday, 4 February 1998

"AVHQ.ORG" RECENTLY APPEARED with "the latest, most up-to-date Anti-Virus test information... We pull no punches in our anti-virus tests and reviews and when we find poor performance we will let you know about it fast!" A person named Richard Levey announced its existence on 8 January in an NCSA forum on CompuServe.

This in itself didn't grab my attention — but then Solomon's employee Graham Cluley asked the person a simple question. Is he the same Richard Levey who works for Cheyenne, the antivirus firm now owned by Computer Associates? Levey didn't respond to the query (CompuServe data shows he hadn't returned to NCSA's forum to read messages as of today).

avhq.org purposely hides its ties to Cheyenne. Why?

www.avhq.org doesn't mention a relationship with Cheyenne. Furthermore, InterNIC lists a company in Chicago as the domain owner and a "Robert Strabismus" as the administrative contact. But a close inspection of InterNIC data reveals interesting coincidences:

  1. Phone numbers for Robert Strabismus and Cheyenne share the same New York area code.
  2. InterNIC created the domain record on 12/11/97, then updated it on 1/16/98 — eight days after Levey posted his announcement on CompuServe. The update shows a New York zip code, not a corresponding Illinois zip code. Cheyenne operates out of New York, too.

Further research uncovered the following:

  1. When you call the phone number for Robert Strabismus, you get an answering machine voice which sounds identical to the Richard Levey who works for Cheyenne.
  2. Cheyenne's software came out as the winner in every single test performed so far by avhq.org.
  3. avhq.org offers a number of links to other sites, but only two of them lead directly to antivirus vendors. Those two? Cheyenne, of course — and iRiS, based thousands of miles away in Israel.

Conclusion? avhq.org purposely hides its ties to Cheyenne. Questions immediately follow:

  • Did Levey raid Cheyenne's virus library for avhq.org tests? (It would explain why Cheyenne wins so consistently.)
  • If Levey raided Cheyenne's virus library, did Cheyenne authorize it?
  • Did InterNIC originally identify Cheyenne as the owner of avhq.org? Did they originally identify Levey as the administrative contact?

Ask yourself these questions whenever you see test results produced by "Anti-Virus Headquarters Inc."

Some trivia: John McAfee used the same trick in the 1980s when he formed the "Computer Virus Industry Association" as a publicity vehicle. And since I mentioned iRiS, I can't help but notice they recently acquired the virusmag.com domain...

[continued in part 2]