Though Steve's already stated the basic reason, I'll extend the discussion to explain why they were likely only recently added.
The specific tools mentioned, RealVNC and UltraVNC (I don't personally recognize Angryscan.A) have long been installed as a side effect by a few malware or more commonly by more manual methods once a PC has been compromized. This has lead to their detection by various anti-malware products as 'Hacking Tools' or the like, even though these VNC tools themselves are simply well known remote control products often used by organizations for indvidual PC remote control.
Though there's nothing really wrong with these products themselves, if the PC owner didn't install them and is unaware of their presence they might be a danger. So most likely, the Microsoft detections have recently made a policy change toward these products, especially when they are found only in a 'packed' state such as the zip file where you discovered them. It's also possible that this very 'Ultimate Boot Disc' has just recently been included within the delivery system of a new malware strain, so it's been included within the detections for that malware as a side effect.
There's nothing abnormal about any of this, it just creates the unplanned side effect that those already having the package will also see the detection. Since as with your other Linux tools, the number of OneCare users having such a package on their PC would usually be tiny, there are likely to be very few such detections by OneCare. However, if these same detections exist within the ForeFront business anti-malware the numbers are likely to be much higher there, since many businesses use these VNC tools for remote management of at least their Linux servers if not other systems.
OneCareBear
Windows OneCare Forum Moderator
