09.17.07
A virus on a computer… that must be Microsoft’s fault.
Wow... a 13 year old virus makes it's way onto computers that happen to have a Microsoft OS pre-installed and suddenly it's an embarrassment to Microsoft that the virus was on there? It seems that a German laptop manufacturer shipped somewhere between 10,000 and 100,000 laptops with Stoned.Angelina, a virus first released in 1994. I first read about this on the McAfee Avert Labs blog, but mention of it is popping up everywhere (Virus Bulletin, The Register, Liquid Matrix).
I find a couple of things that have come out of this funny...
- The PR rep for Bullguard (the AV software installed on the machines) said, "that the 'unfortunate' issue could cause embarrassment for Microsoft and Bullguard but also pointed out that the anti-virus firm's development team had quickly provided a "tailor-made" Vista fix as soon as it learned of the problem." Why will this cause embarrassment for Microsoft? They decided not to ship Vista with AV, instead you purchase OneCare... these computers didn't have OneCare subscriptions... you also don't install Vista via boot disk... so how could anyone, in any way, shape or form, say this is an embarrassment for Microsoft?
- Additionally we have Joel Esler's blog post; Mr. Esler lists his work experience as Sourcefire, ISC Incident Handler and GIAC Gold Advisor. His post is fairly useless, stating "wtf ever that mean" (in regards to 'Windows Vista Home Premium') and asking "What happened to that MSFT anti-virus?". How am I supposed to take anything he's associated with seriously at this point, given that he's just come out as a Mac Zealout and asked completely ridiculous questions.
While there's no real way to be 100% polite... I'll try to be as polite as possible... If you feel that in any way this is Microsoft's fault... turn off your computer and throw it out... You don't deserve to own it or use it... in fact the world is probably a safe place with you not using it.
As for the AV vendor not detecting the virus... I've actually had AV Vendors tell me that they pull old and out-dated virus signatures... The company's AV found it, it just couldn't remove it... This is at most, as Dave from Liquidmatrix put it a mild embarrassment... so I'm not sure why everyone keeps writing about it and making a big deal about it.
kurt wismer said,
September 17, 2007 at 5:39 pm
i don’t really see anybody blaming microsoft over this, but i have seen the question raised about what happened to their boot sector change detection routines which existed in previous versions…
Dave Lewis said,
September 17, 2007 at 5:40 pm
I agree. It’s odd that folks are going after Microsoft on this one. To be fair it really has zilch to do with them. I’m a Mac fan but, I gave up disparaging Microsoft some time ago. It’s tiresome.
The part of this story that struck me as amusing with the fact that this virus was loaded at all. This would seem to point to some interesting practices at Medion, the laptop company. Some antivirus vendors remove older signatures from their detection but, it still looks bad when it hits the press.
And yes, the sky is not falling.
Tyler Reguly said,
September 17, 2007 at 5:42 pm
I’d say that Joel was taking a shot at Microsoft over this… as was Bullguard.
As for the boot sector change detection…. There’s a good chance the virus existed prior to Vista (given that Vista doesn’t require a boot disk to install)
kurt wismer said,
September 17, 2007 at 6:08 pm
my mistake, you’re right, joel was taking a shot at microsoft…
on reading the comments on the register article i found a bunch more people taking shots at microsoft while obviously oblivious to the nature of boot infectors…
as for a pre-existing infection, windows writes to the mbr during install - if angelina survived that it would imply that it’s stealth functionality (redirecting io to the relocated mbr) was still operational, which would require that the pre-install environment wasn’t in 32bit protected mode (which doesn’t sound right to me, having used PE disks in the past)…
joel esler said,
September 18, 2007 at 8:36 am
I was making fun of several things.
#1 that the virus got on there in the first place. (bullguard)
#2 microsoft’s overly convoluted naming structure. Home premium.
I dont think its microsofts fault at all. Its the manufacturer’s fault.
Really has nothing to do with vista. I only posted it because i thought it was funny. Other than that, you are right…. The post has no point.