Malicious Life Podcast: The Jerusalem Virus Part 2

How did the Jerusalem virus trigger the birth of the entire Anti Virus industry in Israel? A high-stakes wager on Live TV, and more...

Yuval Rakavy
About the Guest

Yuval Rakavy

Founder - BRM

Renowned Israeli “technology guru”, Mr. Yuval Rakavy serves as the advisor to the BRM Group on technology issues. He is particularly effective at identifying cutting-edge development tools and integrating them into a company's technological plan at an early stage.

Yuval was one of the co-founders of BRM Technologies, and its Chief Technology Officer. For over a decade, he played a central role in the R&D and product architecture of CheckPoint Software Technologies, BackWeb Technologies and numerous other startup companies.

ran-levi-headshot
About the Host

Ran Levi

Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.

In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.

About The Malicious Life Podcast

Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.

Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:

All Posts by Malicious Life Podcast

Malicious Life Podcast: The Jerusalem Virus, Part 2 Transcript

Just as his company was finishing their shiny new product’s logo–a white syringe with a computer background–Ofer Ahituv saw an article about the Jerusalem virus in a national newspaper. The article laid special emphasis on the activation date of the virus–Friday the 13th–which would next come around in about half a year’s time, May 1988. Ofer knew that he could delay no longer, and he came up with an ingenious plan to get his product’s name out quickly. Ofer approached a technology journalist for a competing newspaper, telling him that Iris had a solution to defeat the Jerusalem virus. Ofer’s bet was that by pitting competing newspapers against each other his name would get more attention, and he was right: the competing paper published his story on the back page of their weekend edition. It was the best advertisement Iris could’ve hoped for, free of charge. Their small team was about to become flooded.

Iris went into a frenzy. With only three people on the payroll, Ofer had to get creative. He and his programmer worked on their software–which was almost but not quite ready yet–well into the night, while Ofer’s wife, his mother and his daughter copied it to discs as quickly as they could. On the floor of the home that Ofer, just months before, was considering taking a second mortgage out on due to lack of business, he and his family spent the whole weekend coding, copying, and printing and inserting pages with the company logo on it into the outer pockets of the disc covers. In some cases, the printed paper was so fresh that customers would receive their Iris logos with smeared ink.

All the while, the Iris company phone did not stop ringing. The news stories created alarm for computer owners throughout the country, many of whom not only wanted anti-AIDS, but wanted a representative from Iris to come to install and operate it at their locations. Ofer sent his only remaining employee–his sales manager–out to customers who were willing to pay a premium, and he rushed from office to office, home to home. Very little sleep was had during those following weeks, as Iris’ huge debt did a 180-degree turnaround, and the company began making staggering profits.

Ofer himself turned into something of a cult hero in the field. As Iris’ name spread, Ofer became an internationally sought-after entity any time the threat of a new virus popped up. A rumor was even floated that Ofer himself had written the Jerusalem virus. It actually made a lot of sense: his whole life turned around as a result of the profits he made off this computer virus–nobody stood to gain more from it, and nobody was better prepared for its arrival, than he. Foreign journalists tended to skirt the subject, but Israeli journalists–in typical Israeli fashion–took no qualms in pressing him on the conspiracy theories. In interview after interview, Ofer was asked if he wrote the Jerusalem virus. In one, for the IDF Army Radio, a young journalist came to him:

“No one can hear us, Ofer…” the young man said, quietly, “Tell me – is it true that you are making these viruses?”

Ofer turned to him and asked: “Your promise not to tell anyone?”

The journalist was eager. “I promise,” he replied.

Ofer looked the young man in the eyes: “It’s true.”

The young interviewer ran back into his studio, shouting. “I have a scoop!” he said. “He confessed it, he confessed it!”. The conspiracies turned into a running joke in Iris’ office.

A Revolutionary Anti Virus
But while Ofer was making the moves that would define his early career, Omri Mann, the co-founder of BRM alongside Yuval Rakavi, was thinking ahead. Omri was a cunning computer scientist, and predicted that even though there were but a handful of computer viruses out in the world in late 1987, many, many more would be born in years to come. He set out to create a program that wouldn’t just defeat the Jerusalem virus, but potentially any other new, unpredictable viruses characteristically dissimilar to those he’d already seen.

Omri’s idea was for an antivirus software that could detect a malicious program on a computer, even if that program’s signature was not previously known to the antivirus. Remember that issue with Carmel and Elyashim’s programs, that prevented them from being effective long after the Jerusalem virus was gone? Those programs could only address what viruses they already knew about, and therefore required near-constant updates. Omri’s antivirus would be the fix to this very problem. His idea was fairly simple: scan and document all the data on a computer when it’s clean, and compare it with the information gathered in any future scan. Any virus will result in changes to the original data, so identifying these changes means you can snuff out a virus even without knowing its particulars. An added benefit to this method is the ability to remove a virus by reverting your computer to its former state, at the quick click of a button.

Running with this idea, in early 1988–a few months following the breakout of the Jerusalem virus–BRM announced its new product, called “V-Analyst”. BRM’s staff were very excited about V-Analyst, to the point where they began to brag about it in public. Members of BRM told journalists that their software could detect any possible virus out there. It was a big claim, and many in the industry were suspicious. To prove their point, Yuval and Omri came up with a marketing scheme. Little did they know at the time that it would lead them to cross paths with a very prominent colleague, and cause a media firestorm the likes of which none of the three men had ever experienced before.

A Wager On Live TV
It’s April 1988, when Ofer Ahituv receives an unexpected phone call. On the other end of the line was a producer for a popular national television show called “A New Evening”. The producer told Ofer that earlier in the afternoon her team had spoken with Yuval Rakavi and Nir Barkat of BRM, who intended to make a dramatic announcement on live TV. They were getting ready to tell the country that their new program, V-Analyst, was able to detect any possible computer virus–an antivirus for any virus imaginable.

The producer requested whether Ofer, now an established celebrity in the computer world, would come on air to offer a counterpoint. She herself was no computer scientist, so she couldn’t offer any specific information about BRM’s program. Ofer had a hunch, though, that Yuval and Omri had gone too far. As a former army man, he knew the never-ending technological battles between enemy sides, arms races that sway back and forth as opponents try and outdo one another. For every new missile there’s a new missile-defense system, and like weapons of war, there can be no single virus unstoppable, no single program uncircumventable. Ofer agreed to be on the show, which would take place in less than three hours’ time. So he rushed home, changed into nicer clothes, and hurried to the filming studio. On his way over, he had an idea for how to demonstrate his point–an idea that would be sure to put Yuval and Nir on their toes.

Here’s Yuval Rakavi:

“[Yuval] We actually went out to the very bold claim that we have a software that can detect every virus. Of course it caused some interest from the media and I was invited to be interviewed in a news program and while I was sitting there, while I was interviewed, I didn’t know that he was going to appear there.”

Ofer arrived to the set at the very last minute, taking his place alongside Yuval and Nir, who were already seated at the panel. The interviewer spoke with Yuval and Nir about their new program, and the BRM executives explained the principle behind their new product that Omri Mann had conceived of just a few months earlier.

All the while, Ofer sat and listened. He wasn’t impressed. He began expressing his view that BRM’s claims were reckless–that it is simply not possible to create a perfect antivirus program.

“[Yuval] He said that – our claim that we can detect every virus – I don’t want to be rude but bullshit.”

But Ofer wasn’t just going to talk. While the cameras rolled, on live television, Ofer whipped out a check for 10,000 shekels (about $2,500 U.S. dollars). He displayed the check for the cameras, and made Yuval and Nir a bet in real time: if within two weeks he could not design, at least in principle, a virus that could beat their program, he would give them all of the money.

The nation’s tech community was enthralled. Sure this was a modest TV show in a small country, but a real live wager between the man who became famous for discovering the Jerusalem virus, and the man who became famous for defeating it, was enough to make waves.

“[Yuval] Now 10,000 shekels was more than the – it was a lot of money. But I had no – basically I couldn’t say no in front of all the Israeli public. So I said, “OK, yes. We will have a wager.” So we had – about a week, we found – agreed upon an arbitrator and basically we gave them a very, very early version of our software and we wrote or actually Eli who’s a very good mathematician started to – wrote mathematical proofs that our software indeed detects any virus.”

For most onlookers, it seemed Ofer was the favorite to win his bet. Despite Yuval’s newfound reputation, and the little experience people had thus far with viruses, most shared Ofer’s view that it was only a matter of time before a larger battle was to break out, between the world’s virus writers and security researchers. Even Fred Cohen, an American, and one of the most influential virus researchers of all time–the man who literally created the definition of what constitutes a “computer virus”–was intrigued, and decided to offer his view. He wrote of the bet going on across the Atlantic Ocean: “The Israeli defense [of Rakavi] is useless against most of the viruses we have experimented with, and I wish I were on the offensive side of the bet.”

The Only Losing Side
Upon receiving a copy of V-Analyst, Iris got to work–they divided themselves up into small teams, each trying a different approach to cracking the program. The overall theme was to try and circumvent the software’s capacity to detect changes in information inside of a computer’s files. One approach they tried was to design a virus that would only infect new files yet unknown to the program.

By the end, there would be some dispute as to whether Ofer and his team truly did exploit the method of BRM’s software, or merely the software itself. According to Yuval at least, it wasn’t that Ofer disproved their theory of how to stop viruses–what he did accomplish was exploiting their still early-version program for its bugs.

I remember we went to sit on the – to sit somewhere and Omri was thinking very, very, very hard. How did the – again, we didn’t know – we didn’t see the virus working. All we knew that there was some way that they managed to bypass the software and suddenly Omri got – so I know what they did and I don’t want to go – to be too technical but the way that MS-DOS was booting at those days was that it read some – specific sectors of the disk and there were files that were always sitting on the sectors. We read the file and not check physically the sectors.

The virus could copy those sectors to another place and basically we read the wrong data. So we fixed the bug and we resubmitted the software and two weeks later, we meet again and the arbitrator said, “Look, you detected the virus. However, I don’t think that your proof is correct.”

In the end, the result of the bet was a draw. The opinion of the arbitrator was that Iris had not sufficiently demonstrated they could beat V-Analyst. However, they did in the process give evidence to the fact that BRM’s program was not, in fact, capable of detecting any possible virus.

It appeared both sides were content with the results of the bet. Ironically, there was one person who lost out: the arbitrator himself. According to the parameters of the bet, the loser was liable to pay the arbitrator for his help in deciding the outcome. However, because there was no loser, neither side was made to pay him.

Iris and BRM, the two software companies whose leaders would come to define the story of the Jerusalem virus, decided to conclude their own story with a truce: using the money they didn’t spend paying the arbitrator, everybody got together for a friendly dinner celebration.

The Israeli Anti Virus Industry
In the years that followed, Israelis were among the world’s experts in handling viruses. Several American and European antivirus companies opened up shop in international markets, but none made much of a mark. The market leaders, foremost among them Finland’s F-Secure and Sophos, were just beginning to come into their own. IBM released its own antivirus in 1989, but never gave it the resources or attention it needed to become competitive.

And yet, despite the advantages Israel’s tech community had in knowing of and dealing with viruses, Israeli companies couldn’t break into international markets. Sometimes, it feels like everyone in Israel knows each other–it’s a small country, so social and business ties between those who served in the army together, studied in college together, allowed for small business to thrive. Companies had open-door policies and wide availability to clients: not only could companies like Iris afford to send someone traveling home-to-home installing antivirus for customers, but it was also quite common that individuals would walk right into a company’s offices, a disk in hand, asking for help eliminating a new virus they’d encountered.

Out in the world, where the antivirus scene was very different, these same companies were tiny and unheard of. Viruses themselves were not quite so well known yet in most countries, likely because the pirated copying of software–one of the most prevalent causes of virus replication–was not yet as common in Western countries as it was in Israel.

Elyashim, the software company that built “VirusSafe” shortly after the Jerusalem virus proliferated, was one of the first to try and reach into the U.S. market. Eli Gamush, one of the company’s founders, was in the midst of establishing an independent subsidiary of the company in the States when he died suddenly of cardiac arrest. Eli was only in his thirties, and the branch shut down soon after.

Ofer Under Pressure
It was Ofer Ahituv, always a man of extreme good and bad fortunes, who made the biggest waves in overseas. He’d set his mind on European and American markets, but these were the days before the Internet Era: without connections, the only way to really get your name out in other places was to set up booths at large tech conferences. And cultural differences made the problem even worse. Upon spreading his company’s brand to clients in the U.S. and Europe, Ofer found to his surprise that the name of his flagship program, “anti-AIDS”, was not being received well…to say the least. These were the tail-end days of the AIDS epidemic, and some interpreted Ofer’s product’s name as an affront to those who lost their lives to the disease. Realizing his mistake, Ofer swiftly rebranded, changing the name to something more neutral: “Anti Virus Plus”.

Opportunity struck for Iris in early 1991, after they hired an American salesman. Just a few weeks after joining the team, the American successfully established contact with an American company called Cheyenne. Cheyenne’s primary business was in data backup software for businesses, but they now sought to add a quality antivirus software to their product lineup. Adding antivirus, for them, meant providing a more comprehensive protection for their existing data backup solutions. They were interested in Iris not just because the software was good, though–Cheyenne wanted to break into international markets, and its executives (including the president of the company) just happened to be predominantly Jewish. There were also less obvious factors at play. Saddam Hussein had just dropped missiles in Israel, so buying Israeli technology at the time felt like something of a patriotic act. All things came together, and it lead to a direct meeting between Ofer and Cheyenne’s president.

After an initial meeting in Iris’ suburban offices, Ofer, his American salesman, and Cheyenne’s president got together in the lobby of the Tel Aviv Hilton. They ended up closing a deal, written out on a napkin over breakfast. Anti Virus Plus was to be integrated into Cheyenne’s primary software, “Inoculan”, and Iris would receive royalties on future sales.

The napkin deal was a success for both parties: Cheyenne acquired the backing of a reputable antivirus company, and as their business grew in orders of magnitude over the coming years, Iris’ cut of the profits grew proportionately. While the cash rolled in, though, the rest of the country was catching on to the profits that could be made in antivirus. Competitors with real chops entered the market, most notably McAfee and Symantec.

A few years following their initial deal, Ofer Ahituv was summoned to a meeting with Cheyenne’s new president, who had an unexpected proposition: he wanted to abandon the royalties model they’d been operating with before, and instead buy Iris’ software outright. The money on the table was nothing to scoff at, but Ahituv, ever paranoid and forward-thinking, felt he shouldn’t agree to the first offer presented to him. He remained defiant when he was informed that Cheyenne would soon be acquired by CA, another major tech corporation. CA, the president tried to argue to Ofer, would not be so kind as he with their offer.

In 1996, when Cheyenne was bought out by CA, the pressure on Ofer to sell his software only got worse. Ofer continued to press for a better offer than what Cheyenne’s president had offered, but CA did not look kindly on the current payment model that tied them to the little Israeli firm indefinitely, and the two sides weren’t coming together. Not only that, but Anti Virus Plus was already over six years old now, beginning to exhibit fundamental performance issues resulting from the innumerable changes and updates made to it over the years. The software was first written at a time in computer history when you could expect one new virus on any given week, so the program was written to hold signatures for only 20,000 viruses in total. The database was already full, so any time a new virus was coming onto the scene now, Iris had to delete the data on some other, older virus.

By the end, Ofer was being pressured from all directions. On top of the demands of his product, he became worried that the tech bubble, being what it was, might soon burst, and prevent him from ever selling Anti Virus Plus if he didn’t act soon. He observed CA shopping other anti virus options, including the possible acquisition of an Australian software firm. If they finished a deal with anyone else, Iris would be left entirely in the cold.

Two weeks after declining the new deal, Ofer’s phone remained silent. He could barely sleep at night.

Then, finally, a CA rep called to inquire about the outcome of their deal. It was a relief, but also suspicious. Ofer was quite aware about their dealings with that Australian company, and asked why they were still interested in Iris. The representative wouldn’t give him any details about their business with the Australians, and even claimed the company might purchase both. Ofer smelled insincerity.

“How many motors do you have in your car?” Ofer asked.
“One, of crouse,” the CA rep replied.
“So why do you want two antivirus softwares? They both do the same job.”

The representative didn’t have a good answer to his inquiry. Instead, he reiterated their initial offer, except with a lower amount of money. Ofer didn’t buy any of it. He estimated that if CA still wanted Iris’ product, they’d have to have a reason: that it’s far superior to what they’d get from Australia.

Eventually CA surrendered, and later in 1999, signed a deal to buy out Iris. According to a report by the business newspaper “Globes”, Ofer received four million dollars in the deal. As part of their agreement, CA instituted a “cooling off period” whereby Ofer would remain employed at their company without a job for a whole year, to ensure he couldn’t go back to the drawing board and draw up a competing company. In the end, Ofer didn’t really mind: he just wanted to go home and get away from the pressures of the business world.

But Ofer wasn’t out of it yet. The day after the sale, CA’s board of executives opted to fire him as the CEO of his own company. Perhaps he’d fallen out of good fashion with the CA executives he so pushed on their deal, but after all the time he’d given to building relationships and ingratiating himself to their company representatives, the decision left him deeply bittered.

As soon as his cooling off period ended, Ofer left Iris, left CA, and didn’t look back. He picked up a painting hobby, and in the time since has spent much of his available days painting, studying, writing poetry and playing sports. Still, the memories of his wild ups and downs at Iris still haunt him. Ofer claims to have occasional nightmares about returning to his office, to all the viruses, and all those boardroom negotiating tables.

The Beginning Of The End
The sale of Iris to CA may have marked the beginning of the end of Israel’s wider antivirus industry. The local companies that so thrived during the peak of the Jerusalem virus either all got swallowed up, or bought out by large multinationals.

BRM, for their part, went in a similar direction. Their V-Analyst software was marketed in the U.S. by another company called 5th generation, which itself got bought out by Symantec in 1993. Symantec then sought to buy V-Analyst for themselves–not because they needed it, but in order to get rid of a competitor to their own Norton Antivirus. BRM was happy enough with their offer, and Yuval and those who remained at the company had felt too that they wanted to move into other domains within the computer industry.

With some of the money they got from Symantec, BRM invested in a nascent Israeli startup called “Checkpoint”. The decision paid off when Checkpoint became one of the pioneer companies in the domain of computer firewalls. Today, BRM is a successful investment company.

Nir Barkat, co-founder of BRM, serves today as the mayor of Jerusalem, the city where it all started.