Hoaxes, myths,
urban legends





About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

'The mother of all viruses'

Rob Rosenberger, Vmyths co-founder
Sunday, 26 July 1998 IF YOU CAN read this, it means your computer somehow survived the "worldwide epidemic" of Win95.CIH, which the media calls "the mother of all viruses." This hysteria caught me off-guard — I didn't expect news outlets to orgasm again so soon after the Hare media fiasco of 1996. If you use quicknet.com or wyoming.com as your ISP, or if you work for Boeing or the Fannie Mae mortgage foundation... then shame on you for using a computer today! Didn't you heed the warnings to leave it turned off? Who authorized you to gamble on the utter physical destruction of the computer sitting in front of you? Will these organizations urge people to leave their computers turned off every 26th of the month when Win95.CIH strikes? Of course, we could assume they urge people to leave computers turned off on days when other viruses strike. Since at least one virus payload triggers every day, we could assume these organizations urge people to never turn on a computer. Makes you wonder how Boeing gets anything done, eh? Oh well, at least fearless wyoming.com & quicknet.com customers will find it easy to get on the Internet today... Central Command calls CIH an epidemic I got flooded with email this week when the media latched onto Win95.CIH. Unfortunately, too many people think "epidemic" if a virus appears on a couple of computers scattered over five continents. "It's everywhere! It's everywhere!" (sigh) Antivirus vendor publicity doesn't help, either — Central Command used the "epidemic" trigger-word on their home page, for example. But does Win95.CIH qualify as an epidemic? Symantec calls it a "rare" virus; Carey Nachenberg told InternetWeek "that Microsoft Office macro viruses are far more likely to be transmitted than a virus that infects executable code, like Win95/CIH." Symantec calls CIH rare And let's get an important misconception out of the way: Win95.CIH does not qualify as a "FlashBIOS virus." An executable-file virus infects executable files. A boot-sector virus infects boot sectors. Likewise, a FlashBIOS virus would infect FlashBIOS chips. I also seriously question Eugene Kaspersky (AVP), quoted by Central Command in a press release saying "most antivirus developers will have to re-engineer there [sic] applications to effectively detect and remove this virus." Say what? Multiple vendors released Win95.CIH solutions, leading me to believe the virus uses typical infection methodologies. Kaspersky's statement sounds like competitor bashing to me.
Eugene Kaspersky's statement sounds like competitor bashing to me.
Then we need to look at the all-important "time factor." Hare had more time to spread, yet it flopped. Ask yourself: why would this new virus fare any better? Jonathan Wheat (ICSA) questions whether Win95.CIH "damages hardware" as the media claims. It does to BIOS chips what Michelangelo does to hard disks — it erases data. You can erase CMOS data too, you know. It'll take a serious debate to resolve the issue of "damage." If you force me to choose between a wiped BIOS or a wiped hard disk, I'll ask a simple question. "Do I have backups of the hard disk?" If yes, I'll choose a wiped hard disk; otherwise I'll choose a wiped BIOS. In either case, I can recover my data — truly the most valuable asset of my computer. Use antivirus software correctly, folks. Keep it updated. Look both ways before crossing the Information Superhighway. Learn to recognize media-induced hysteria when you see it. What more can I say?
VARIOUS PSEUDO-EXPERTS recommend setting your computer's clock to a different date if you simply can't afford to leave the computer alone today. I just want to know if these same people plan to stockpile canned soup & Clorox bleach for the coming Y2K armageddon. Fearmongers claim you can't temporarily reset clocks to avoid Y2K: too many programs need to know the correct date. But why can you temporarily reset clocks to avoid virus payloads? Computers in the banking, accounting, and finance industries can't skip over a day when it comes to accuracy.
Fearmongers say we can't reset computer clocks to avoid the Y2K disaster — yet we can reset clocks to avoid any given virus disaster. Did I miss something obvious here?
Or can they? Mainframes need to know the correct date — but PCs tend to serve generic administrative functions, e.g. word processing & email. In case you didn't know it, PCs seldom came with an onboard clock ten years ago. The next time someone claims you can't temporarily reset computer clocks to avoid Y2K armageddon, say "yet we can temporarily reset them whenever a virus armageddon approaches. Did I miss something obvious here?" (Please note: I wrote COBOL from 1982-89 but I don't consider myself an expert on Y2K. This guy holds a Ph.D. in the field of history and says "I'm betting my life on" the end of western civilization. He may know the answer to the above question.)