McAfee & Michelangelo


Without breaking any confidences, it’s fair to say that the present troubles of John McAfee, founder of the AV company that still bears his name, has inspired a lot of comment in the security industry, a lot of it not particularly complimentary to him.
Despite having been connected with security in general and anti-virus in particular since my first direct brush with malware in 1989, I have no personal anecdotes to relate as regards the man himself. In fact, by the time my writings on the subject began to appear in contexts where members of the research community might possibly happen across them, he had effectively left the industry. I have, of course, heard stories from people who were in the industry when he was and who did know or have dealings with him, but apart from that I don’t know much beyond what has appeared in the media recently.
While I’m not inclined to comment on the accuracy or inaccuracy of these reports in general, I feel obliged to comment on a meme that has come up time and time again in those same reports: it seems to have become ‘historical fact’ that (a) McAfee announced that 5 million PCs were infected with the Michelangelo boot sector virus, whose highly destructive payload would trigger on March 6th (b) that when March 6th actually rolled round, the predicted devastation proved to be ‘hype’ or ‘a dud’.
My friend and colleague Aryeh Goretsky, who worked closely with McAfee at McAfee Associates between 1989 and 1995, actually remembers this differently, as he recounted in his ‘personal retrospective’ view of the development of the anti-virus industry ‘Twenty Years Before The Mouse’:
A reporter contacted John McAfee about the Michelangelo virus to ask him for an estimate of how many computers were infected by the virus. John replied that he didn’t know; that it could be 5,000 or five million, but that due to the lack of data there was no way to be certain. What otherwise would have been a footnote in a conversation became a statement. In much the same way that viruses “evolve” and “mutate” through modification by virus writers, John McAfee’s statement “evolved” from “as many as five million” to a hard figure of “five million” infected PCs.
In fact, this is one of those bizarre cases the AV industry refers to as a ‘media virus’, implying a threat hyped by the press for its shock effect, while the media complain of having been misled by industry hype.
The fact is, we can’t know with great accuracy how many PCs were infected with Michelangelo, and how many were cleaned by some means or other before the trigger date. We can’t even be sure how many machines were still infected on March 6, 1992, and had their hard disks effectively trashed, but it was certainly far fewer than the millions many expected. However, Michelangelo was no dud. Dr. Alan Solomon, whose anti-virus company and technology was later acquired by McAfee, estimated that between 5,000 and 10,000 machines were brought down that day, though I don’t know how he came to that estimate. Curiously, a trickle of incident reports was seen in subsequent years on the same date, in some cases perhaps because people weren’t using AV because of the ‘Michelangelo is hype’ media backlash. In fact, for years afterwards journalists were asking me after March 6th how many PCs I’d seen trashed.
At the organization where I was responsible for anti-virus administration, no PC was ever trashed by Michelangelo, but not only did it turn up occasionally on floppy disks, but a couple of brand new PCs arrived in my office pre-infected with the thing. Fortunately, new machines that went through my hands were routinely checked for viruses even before an anti-virus product was installed.
There were in fact viruses that infected and in some respect damaged many more PCs than Michelangelo did. But if you were unfortunate enough to be one of the people who lost data and the use of a PC because of it, you certainly wouldn’t think it was a dud.


What’s Hot on Infosecurity Magazine?