Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!sharkey!atanasoff!jwright
From: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Newsgroups: comp.misc
Subject: Re: Right of reply, virus- public, private- a thin line
Summary: a difficult choice
Message-ID: <827@atanasoff.cs.iastate.edu>
Date: 21 Feb 89 04:17:52 GMT
References: <415@odin.cs.hw.ac.uk>
Reply-To: jwright@atanasoff.cs.iastate.edu (Jim Wright)
Followup-To: comp.misc
Organization: Iowa State U. Computer Science Department, Ames, IA
Lines: 33

Let me start out by saying that I in no way want to question Dave's
motives, ethics, etc.  I just believe the question of hiding/publicizing
virus information warrants at least a little discussion.

In article <415@odin.cs.hw.ac.uk> davidf@cs.hw.ac.uk (David.J.Ferbrache) writes:
|Firstly, I have never in the past tried to hush up the virus issue, in fact
|I distribute the virus-l public mailing list to the UK, and have set up an
|informations server to distribute details of known viruses, disinfection
|software and general information on viruses to any site in the UK.

I like this.

|Anyone involved in the virus field will know the widespread outrage that
|followed the release of the source code of even benign viruses. The entire
|field is very sensitive, and any person writing a report treads a wary line
|between being flamed for being secretive and being flamed for being to open.
|Sigh. 

And so the question becomes, where to draw the line.  I have no ready
answer.

|There are strong indications that each time a viruses source code is
|published either in academic journal or popular journal, a large number
|of mutant strains pop up.

I believe this.  Unfortunately it seems typical of the virus-writing
vermin.

Hence the open question for net.discussion: At what point does information
about viruses become too sensitive to be openly discussed?  How much
information do *you* want?  Would you feel safer if only those who
wrote protection software (plus the virus writers) knew what was going
on?  Does anybody care?