Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

'The mother of all viruses,' part 2

Rob Rosenberger, Vmyths co-founder
Saturday, 15 August 1998 WIN95.CIH GARNERED INTERNATIONAL media attention in the week-or-so leading up to its 26 July trigger date. Reporters grimly called it "the mother of all viruses" because it "damages hardware," literally turning computers into nothing more than "door stops." Multiple antivirus firms offered free software to check for Win95.CIH, but pundits warned everyone to leave PCs turned off on 26 July as the best safety precaution.
Boeing avoided Win95.CIH by ordering employees to stop using PCs. Did they shut down all email services when the latest long-filename email exploit came to light? Did Boeing at least shut down all Usenet services?
(Leaving a computer turned off certainly qualifies as the best safety precaution. No argument there!) Boeing's computer emergency response team took this advice to heart as I mentioned a few days ago. "Alert G-8535-1998-04" ordered all employees to stop producing work on PCs for 24hrs. The alert mentioned free software capable of detecting Win95.CIH — but Boeing ironically forbid the use of such software. Their alert raises philosophical questions:
  1. How many Boeing employees spammed coworkers (not to mention all of their friends on AOL) with redundant copies of the alert?
  2. Can Boeing's computer emergency response team actually order all employees to stop producing work on PCs?
  3. Will they likewise forbid employees to use PCs on the 26 August trigger date?
  4. Will Boeing's computer emergency response team use the "better safe than sorry" response if somebody accuses them of overreacting?
  5. Did Boeing shut down all of its PCs for Michelangelo in 1992 and Hare in 1996?
  6. Did Boeing shut down all email services until further notice when antivirus firms & news outlets screamed about the latest long-filename email exploit? Did they at least order a complete shutdown of Usenet services?
How many PCs go belly-up at Boeing on any given week for reasons having nothing to do with a virus? How many employees lose valuable data at Boeing on any given week? Ooops, I forgot to save a file before shutting off my computer. Ooops, did I just kick the power cord under my desk? Ooops, I copied an older file over a newer file. Ooops, I knocked a soda all over my keyboard... The antivirus firms I keep in contact with reported no confirmed cases of FlashBIOS corruption on 26 July. Some (not all) confirmed a few scattered cases worldwide of erased hard disks at the hands of Win95.CIH. This latest round of hysteria looks like a twin of the Hare virus media fiasco of 1996 if you ask me. Unconfirmed reports from China put the computer death toll in the "thousands," but Alex Haddox (Symantec) expressed skepticism. Unconfirmed reports from Korea put the toll in the "hundreds." When I first heard this, I assumed a bunch of naïve users blamed Win95.CIH for every unexpected computer behavior they noticed.
Unconfirmed reports say "thousands" of Chinese & Korean computers went belly-up on 26 July. Or did they? What if somebody used Win95.CIH as an excuse to swipe a box for the black market?
But then I came up with a disturbing theory. Did thousands of Chinese & Korean computers wind up on the black market? "Memo to headquarters: our only office computer was physically destroyed by a malicious virus. We discarded the computer. Please send another..."