,, MMP""MM""YMM `7MM P' MM `7 MM MM MMpMMMb. .gP"Ya MM MM MM ,M' Yb MM MM MM 8M"""""" MM MM MM YM. , .JMML. .JMML JMML.`Mbmmd' `7MMF' `7MF' `7MMF' `7MMF' `MA ,V MM MM VM: ,V `7M' `MF' MM MM .gP"Ya ,6"Yb.`7M' `MF'.gP"Ya `7MMpMMMb. MM. M' `VA ,V' MMmmmmmmMM ,M' Yb 8) MM VA ,V ,M' Yb MM MM `MM A' XMX MM MM 8M"""""" ,pm9MM VA ,V 8M"""""" MM MM :MM; ,V' VA. MM MM YM. , 8M MM VVV YM. , MM MM VF .AM. .MA..JMML. .JMML.`Mbmmd' `Moo9^Yo. W `Mbmmd'.JMML JMML. ,, ,, ,, .g8"""bgd `7MM `7MM mm db .dP' `M MM MM MM dM' ` ,pW"Wq. MM MM .gP"Ya ,p6"bo mmMMmm `7MM ,pW"Wq.`7MMpMMMb. MM 6W' `Wb MM MM ,M' Yb 6M' OO MM MM 6W' `Wb MM MM MM. 8M M8 MM MM 8M"""""" 8M MM MM 8M M8 MM MM `Mb. ,'YA. ,A9 MM MM YM. , YM. , MM MM YA. ,A9 MM MM `"bmmmd' `Ybmd9'.JMML..JMML.`Mbmmd' YMbmd' `Mbmo.JMML.`Ybmd9'.JMML JMML. -- Contact -- https://twitter.com/vxunderground firstname.lastname@example.org
heya Alan, Lots of interviews exist with virus writers, yet few exist with those on the av side of the fence, so I was wondering if I could throw some questions at you? I'm going to try and get some from other AV people too, and they will be put in Insane Reality #8, that is, if you do answer, and agree to let me put them in it.... If you did agree to answer the questions and didn't mind them being put in IR#8, I don't plan on commenting anything you say, nor alter anything and so on.
OK; I'd like it if you could email me a couple of copies of your newsletter.
Who are you exactly? Introduce yourself.
Alan Solomon. Who am I exactly - hard to answer such a philosophical question. I'm a father of two girls, I'm a person who loves to play with computers, programming, internet, games (currently Command & Control), I'm British and don't plan to move, I'm a mathematician, I drive a Mazda MX5 (called the Miada in the US, the car that I hear most of the programmers at Microsoft drive, but I heard that *after* I got mine).
What did you get your doctorate in?
Econometrics. My first degree (BA) was in Mathematics (Cambridge give a Batchelor of Arts no matter what subject you do). Then I got an MSc in Management, then the PhD. Cambridge also give out MA's to anyone who gets a BA, so I also collected one of those.
How many years have you been part of the anti virus scene?
What first got you started in it? Did you start out writing a stoned remover at university like everyone else?
I was at university 30 years ago! No, a lady at a university came to me, she had Brain virus and wanted help to get rid of it. So I helped her. Then someone had Pingpong. Then someone sent me Stoned. Then Vienna, then Cascade, then Jerusalem, and that infected a site with 1,000 computers, and we spent a couple of weeks getting rid of it (there days, it would be easier, but there were no tools then). The one of the guys in MIS worked so hard, he collapsed and was taken away ill for a few days.
I realised that what people needed was the tools to deal with viruses. So, I wrote Dr Solomon's Antivirus Toolkit. It was the first packaged AV in the world, I think. We made 500 copies in the first run, and before we'd advertised it, before it was ready, people heard about it somehow and started trying to buy it from us. We sold a couple of dozen with photocopied manuals. They'll have rarity value today!
The expression "anti-virus" is one that needs explanation. I'm not against viruses, as such. If someone wants to write a virus, on their own computer, that's up to them. Well, if someone wants to smash up their own computer with a hammer, that's fine by me. It's damaging *other* people's property that's wrong. What I'm against, is people spreading them onto other people's computers. To me, an antivirus is something that people use to get rid of something they don't want. And, even a virus like Form or Concept, with a trivial payload, if people have to spend time and trouble to get rid of it, that's a cost, so that's damage.
Its believed that you 'head hunted' with Scotland Yard for Christopher Pile. How big was your role in his prosecution?
None whatsoever, Zero. You're thinking of Jim Bates, he was the guy worked with Scotland Yard; it was written up in Virus Bulletin. All I do is tell people that he got 18 months, because it would be a shame for someone to get put in prison for doing something they didn't realise was wrong. Because ignorance of the law doesn't keep you out of prison. And most countries have similar laws (I've got a section on my personal web site with the laws of various countries, http://www.ibmpcug.co.uk/~drsolly/).
You should get the transcript of that case. I think it could have been defended better, but I wasn't asked to appear for the defence, either. You know, part of what S&S does, is work with various authorities (police, VAT etc) on cases where a computer is important. This mostly means fraud, of course, but I once did an interesting blackmail case.
I know you've told me before, but could you sum up exactly why you played your part the way you did.
Why I played my part in what, in the Christopher Pile case? Because the answer to that is as above, I had no part.
Your still a programmer, with 50 odd people in the R&D department, so what part do you play in programming the toolkit at present? or do you just do the boring virus analysis?
My role is not in actually coding any more, I'm part of the design team, pushing for new (faster, better) ways to find and repair infected files. Although I still do bits of programming, but not for the Toolkit. I don't think I'm very good at being a member of a large programming team. When I used to write Findvirus, I did it single-handed, including the virus disassemblies and database.
How many viruses per month would you receive?
Maybe 100 or 200; it's irregular.
Do you see this number increasing or decreasing over the coming months, to a year?
About the same, but who knows? It's not a natural phenomenon like rain. I've noticed a lot of people getting out of the virus writing scene, so maybe the number of viruses will decline.
IMO the virus scene has been in major decline and is still going, Have sales of your AV products increased or decreased?
Increased. The decline you're seeing is in the number of people writing new viruses. The increase I'm seeing is in the old viruses still spreading. Form (5 years old) is probably still the commonest. Since all AV products detect it, that means that most people are not running an AV. It's those people, getting a virus and wanting to get rid of it, that drives sales of AV products, not the number of new viruses. If there were no new viruses from today on, that would be great. Less work to do!
I know your company produces an Audit program or something (Gee great research on my part neh? :), do you feel the need to branch out into other programming streams in order to keep S&S going?
No, but Audit looked like a useful program, potentially profitable, and of interest to the sort of people (big companies) whoi buy an AV. S&S can do fine just selling Dr Solomon's Antivirus Toolkit.
In some email to me you wrote of future things such as a Macro heuristic engine, now with future trends pointing towards the interpreted text form of www\java, do you feel that the text type style of macro virus, compared to the traditional executable binary style of virus, will play a much bigger role?
In my email to you, I suggested that a Macro heuristic engine might be an interesting project to do, if you were looking for a project. I think macro viruses are interesting, and Concept is already very widespread.
If you could change anything about the Anti-Virus industry, what would it be?
It would be nice if products paid more attention to avoiding false alarms. But until the users rise up and demand it, that won't happen.
Ditto for the virus industry (Assuming there cannot be one without the other and that both will always exist)
Get virus writers to keep their creations to themselves, not spread them around.
Approximately how many hours of man-power would you say has gone into the development of the tool kits heuristic engine?
Several hundred. It isn't just a matter of writing an engine, you also have to integrate it with the rest of the product, across several platforms.
Do you have any future plans computer wise beyond viruses? ie: Interactive Fiction with Graham? back to Fortran stuff?
I'm writing for magazines more. And exploring the internet.
Do you feel the window into anti virus programming is still open or has the ship left the dock already, its too steep a learning curve for beginners?
I doubt if anyone can write a new scanner, including the companies already selling them. It's too big a development job. All companies can do now, is use the design they last did, and tweak it. I'm very lucky, I think I did the design of Findvirus, in 1991, at *just* the last time it was possible to re-design the engine, so I think our underlying design is better than the others, for all sorts of reasons, most of which aren't obvious on the outside.
If the anti virus people went by handles, what would you call yourself?
drsolly. Hadn't you noticed? Sometimes I get called "the juggler", on account of a thing I do at conferences sometimes.
There has been a lot of noise about your White elephant and Mahout(?) lately, do you have a Froobious Bandersnatch you could ship down here ^_^
That's Frumious. Carroll explained it as a combination of fuming and furious.
Anything you wish to add or comment opon?
I'm happy for people to email me, but if I get a lot of emails, I might not reply to them all.