Home Page
Site Contents

Why Computer Viruses Are Not -- And Never Were -- A Problem

By Sarah Gordon
[email protected]

The following is an edited version of a paper presented by Sarah Gordon at the EICAR '94 Conference in St. Albans, United Kingdom.

Reprinted in Capital PC User Group Magazine "Monitor". Used with permission.

© 1994 Sarah Gordon. Based on a paper originally presented at EICAR 1994, St. Albans, UK. EICAR (European Institute for Computer Antivirus Research) is one of several annual international conferences with a primary focus on computer viruses. This document may not be reproduced in whole or in part, stored on any electronic information system, or otherwise be made available without prior express written consent of the author.

  1. Introduction
  2. Trends
  3. Computer viruses are not a problem: the experts
  4. Viruses are not a problem: arguments and counterarguments
  5. Our own worst enemy syndrome
  6. Conclusion
  7. Bibliography
  8. About the Author


Computer viruses are not a problem. At least, that is what one would believe if he or she listened to various security experts, lawyers, and anti-virus product developers. For instance, at a well-known conference held in the United States last year, one of the legal tracks was promoted as featuring information about viruses. Attendees at the session were informed that viruses were mainly a matter of a few guys in Bulgaria trying to outdo one another -- not a real problem.

The conference was supposed to deal with viruses in one of its "Legal Tracks". Nothing was mentioned about legal consequences of intentionally infecting someone's computer, or the problems of developing laws which really work in these complex situations. Not a word was mentioned about possible legal redress for people who may have been harmed in some way by a virus, or the problems of legally obtaining some form of satisfaction from virus writers who are in many cases not of legal age. No mention of the legislation being undertaken internationally (and in some cases perhaps hastily with little thought to the ramifications of such legislation!) to deal with the virus problem; no discussion of the problems of such legislation; no mention of even the few existing virus specific laws. There was no mention of the source code versus binary debate which usually comes into play during any serious discussion of laws which could affect the virus 'situation'. At the conference, which was designed to deal with ethical and technical issues, there was no mention of the fact that not all rights are positive rights; there was no word about moral rights, or ethical action and the place of legislation in this cyber-society. Viruses were glossed over as a minor annoyance. How accurate was this portrayal of the virus situation?

A prominent security expert recently told attendees at a technical conference "viruses are not really any problem. The real problem is jobs". It has become politically incorrect in some places to admit you are not in favor of viruses being written and/or distributed. When someone mentions "computer virus" what is your first reaction?

"Viruses are not a problem on the internet", according to self-proclaimed experts you can find in Usenet news forums. Yet, on July 24, 1994, a 12 part uuencoded file titled SEXOTICA, infected with a virus, was distributed over the Internet to unsuspecting users via the newsgroup alt.binaries.pictures.erotica. Any unsuspecting user who saved and uudecoded this file would be the unknowing posessor of a virus. Fortunately, it was not a very well written virus [Virus Bulletin, 94] and it is not predicted to cause a large amount of damage. Do you usually think to check for viruses in files you get from the Internet?

Virus FTP sites on the Internet are not uncommon; these sites present legal and ethical dilemmas for Internet services providers. Recently one such provider was questioned by some members of the anti-virus community for allowing viruses to be ftp'ed from their site. The following electronic mail was posted publicly on the Usenet comp.virus newsgroup:

(to the company)

It is now more than a month since xxxxxx and others alerted your service to the fact that your site was used for distribution of viruses and export-restricted cryptographic material, and still there is no action.

The most offending account belongs to user 'xxxxx'. It contains 40Hex, Crypt, and Nuke InfoJournal - underground magazines known to contain viruses. It also has links to another account (belonging to 'xxxxxx', which contains export-restricted cryptographic programs). The 'xxxxxxxx' account (ftp.xxxxxxxx.xxx:/pub/xxxxx) contains also the infamous KOH virus. [Skulason, 94]

The response from the provider illustrates the sort of dilemma viruses create for public access providers who obviously want to provide the best services for their customers:

Viruses and information relating to viruses are not, at this time, controlled code. We allow users to make available via anonymous FTP any and all data as long as it is legal, which viruses, viral source code, and newsletters published by virus groups are. It is not placed there by xxxxxxxx, and it's distribution is not necessarily endorsed by xxxxxxxx.

To assume that it IS endorsed would be to assume we also endorse Doom, GIF's of nude males and females, various programs, concerts, or any other of the hundreds of megs our users choose to make available through public FTP directories.

Making software using encryption available for download does not violate international cryptography laws, only the act of someone receiving them in another country is. If you have concrete proof this software is being distributed to users outside the US, and wish to press charges against those users (Difficult, considering you're not yourself in the US.) you are welcome to do so and xxxxxxx will assist in the prosecution of such illegal activities. But until then users who wish to make legal software available to Internet users are free to do so, from xxxxxxx.

Thank you,
[Skulason , 94]

Some public providers allow distribution of various counter-culture journals, with the condition that actual virus source code be removed prior to release of the publication from their site. In this way, freedom of "speech" and dialogue are supported, while the questionable virus code problem is eliminated.

The debate over the responsibilities of public access providers is growing. It is clear that legal does not mean "right" to all persons involved. Whether or not it is "right" for a commercial provider to allow itself to be used for virus distribution is a question each provider must answer for itself, at least for now. It is often the case that when a community does not police itself, it finds itself in the awkward position of having laws foisted upon it by a governmental body which is perhaps not in the best position to determine what (if any) law is actually necessary.

Return to Top


"They don't do much, and anyway, we have some anti-virus software!"

The scenario varies, but the common theme is that viruses really aren't 'that much of a problem'. To some extent this is true. Some viruses are relatively benign. Some viruses are not that much of a problem. However, a very disturbing trend seems to have developed in the scene surrounding viruses, and that is, users expecting software manufacturers to "solve the problem" in its entirety.

Computerworld, June 1993: "The majority of users regard antivirus software as a complete cure," according to Virginia Hockett, IT manager of 3M and alumna of the NSA. [Computerworld, 93]

Anti-virus software is certainly a good defense against viruses, but it is not the only defense. Likewise, workable, effective policies and procedures set in place are a good defense against viruses, and necessary to ensure damage control; they are, however, not the only defense. We need public discussion and dissemination of accurate information!

When we do see the public engaged in discussions, we often find them in less than full posession of factual information. We sometimes find them dashed to pieces by some defenders of the virus as God's gift to mankind or pseudo-intellectuals who sound as if they really know what they are talking about. We hear things like "Viruses never really did any harm to any individual, not in a real sense"; "Viruses have never even come close to causing a major disaster"; "Viruses don't cost anyone very much, they are just minor annoyances"; "One product is as good as another, the anti-virus guys are just out to make money -- they even WRITE and distribute viruses to rip off users"; "Not many people ever get a virus. Users cause more damage than viruses"; "It's my right to free speech, writing viruses. You can't take away my Constitutional Rights!". These are not the only minimization of the virus threat that we hear, but they are among the most common. Letting people know your feelings is one important thing you can do to help stop viruses; however, feelings alone are not quite enough. You need facts. With that in mind, we will take a look at some of these arguments in detail, and provide documentation which supports the position that viruses are in fact a problem.

Return to Top

Viruses Are Not a Problem: The Media

News media seemed to gloat over the fizzle of Michelangelo in 1994, and while we certainly are happy that it was not a major cause of data loss, we question whether this means viruses are not a problem. The media seem to think they are not. The virus didn't go off on that day, and as we all know, because the media have told us so repeatedly, the days viruses can (and do) actually activate and/or do damage are limited to certain well publicised days of the year. The other 364 days of the year, it's only replicating, spreading, infecting, and preparing to do some form of damage, if it has any payload at all [Ducklin, 94].

One popular magazine featured an article recently on virus writers. Despite its relative lack of bias and attention to detail, it contained allegations commonly fostered by some virus distributors and uniformed sources, as well as factual errors [Sandler, 94].

Among the allegations:

  • "Some of those same developers whisper that some academic virus researchers are actually creating the strains they claim to study."
  • "Other denizens of this world claim that Vesselin Vladimirov Bontchev, currently a member of the University of Hamburg's Virus Test Center, is none other than the Dark Avenger himself.."
  • (a consultant).."blames the antivirus software developers for priming the market with cash bounties"....
  • "It is absolutely in their best interests to keep the viruses flowing".
  • "Stitch together a picture of young, disaffected rebels, vicious and without remorse, describe them to a Harvard headshrinker..."
Among the errors:
  • "A virus replicates itself to overwrite other data."
  • "In the virus community, the people who write viruses are called virogens."
  • "Scanners are essentially useless."
  • "By the time their work is discovered, they're long gone."
Several of the errors concern the portion of the article on Dark Avenger. The magazine author drew heavily on a well known [Gordon, 92, 92-93] interview with the virus writer. All of the statements "from" Dark Avenger are actually from this interview. His comments are, however, taken out of context in the article. For example:

Dark Avenger boasted,"The American government can stop me from going to America, but they can't stop my viruses".

That statement was never made as a boast. The original interview made this clear.

"Tips from the virus writers" presented a "tip" from Dark Avenger, as if he "advised" users for this article. He never spoke to the author, and the "tip" was not given as advice, but as part of the aforementioned interview.

However, the most disturbing aspect of the article is its presentation of Dark Avenger as still writing and releasing computer viruses, although it is well known that he has not released a computer virus for over two years.

It remains to be seen if any clarifications and retractions are issued by the editors.

Return to Top

Viruses Are Not a Problem: Virus Writers

Security experts and the media are not the only ones who think viruses are not a problem. Some virus writers have had a common thread in some of their communications. Viruses are only a problem for lamers. Viruses only hurt the uninformed. Viruses only hurt those who deserve to be hurt. "They were asking for it. They had a computer for God's sake!". Some virus writers state that they are not responsible for their virus once it leaves their own computer, justifying the operation of virus exchange bulletin board systems. From these systems, knowing/willing persons can obtain computer viruses. Because the persons receiving the viruses know what they are getting, the viruses are not a problem from the standpoint of their creator. "I'm not saying viruses don't hurt people, but usually when they affect people, it's almost always the person's fault." (Sandler, 94]

Return to Top

Viruses Are Not a Problem: Educators

Schools know that viruses aren't a problem. While there may be an occasional outbreak, it's nothing really that serious. Nothing that merits any concern. You certainly should not discuss viruses in any detail with students. It could "give them ideas". Yes, this line of thinking is a reality in more than a few institutions of higher learning. It is also a reality in the education departments of governmental computing facilities.

Return to Top

Viruses Are Not a Problem: Arguments and Counterarguments

Here are some of the arguments often used to support the claim that computer viruses are all hype, and not worth worrying about. Following the argument, we present the facts. The two do not always match up!

Return to Top

Critical Systems

"Viruses are not a problem because they have never been known to cause any problem affecting ANY critical system. We all know that no critical system is vulnerable to viruses."

In early 1992, an atomic power plant was infected with a virus by an employee. Both reactors were shut down and the Swedish government announced that it would pay to correct the twenty "small problems" that had emerged. This incident was documented in the Berliner Zeitung, and translated by Debora Weber-Wulff. (Morrison and Forester, Software Engineering Notes).

The next phase of this argument is "Well, any critical system that uses DOS or that lets viruses have access to it deserves to be damaged".

It may be irresponsible administration to have an insecure system; however, the fact is "Viruses can and have affected critical systems".

Return to Top

Threats to Human Life

"Viruses have never been known to harm any person, or threaten the life of any human being."

In three incidents at Michigan hospitals, viruses have threatened the health and wellbeing of patients. In these documented incidents, virus attacks delayed patient diagnosis, shut down hospital computers, created files of non-existent patients and garbled patient names. The patient information fortunately was not lost. If it had been, doctors would have had to repeat tests, exposing patients to more radiation. Fortunately, the incident was "caught in time" according to Jack Juni, staff physician at two of the involved hospitals. (Los Angeles Times, 89).

Return to Top

Educational Institutions

"Viruses arent a problem for educational institutions, other than the occasional case of Stoned or some other 'harmless' virus a student may bring in accidentally."

The effect a reputation for being a "virus haven" can have on the willingness of certain business and industry to hire students of that particular school is a problem for the school and the students. This is an economic issue.

There is also the issue of the work lost by students. One University of XXXXX (Name of University deleted at request of Student) graduate student lost her thesis due to the Michelangelo virus. She did not have a backup. She did not know what a backup was. By the time she contacted me for help, she had already formatted her hard drive several times.

An engineering student in England recently was banned from his computer centre, and threatened with disciplinary action for allegedly writing and distributing a virus. He had anti-virus utilities on his disks, which pointed suspicion at him. He was told the administrators were not sure he could use these "powerful tools", despite the fact he had written most of them himself. If his account of this incident is accurate, it would appear that knowing "too much for your own good" is as bad as total ignorance. [Virus News International, 93]

Return to Top

Computer Science Only

"Viruses are only a problem for people dealing with computer science."

Viruses are also an issue for those involved with ethics and philosophy. Viruses are not an isolated problem, to be dealt with by solely technological means.

Scientists are beginning to pay particular attention to this aspect of viruses. In his paper "Computer Viruses as AI", Gene Spafford states

"The origin of most computer viruses is one of unethical practice. Viruses created for malicious purposes are obviously bad; viruses constructed as experiments and released into the public domain would likewise be unethical, and poor science besides.." [Spafford, 94].

In 1993 the National Conference of Lawyers and Scientists/AAAS Conference on Legal, Ethical and Technical Aspects of Computer and Network Use and Abuse commissioned a paper dealing with computer viruses [AAAS, 93].

In 1994, the Journal of Science and Engineering Ethics named viruses as part of the Computer ethics issues it would explore [Journal of Science and Engineering Ethics, 94].

Sec 94's Curacao conference awarded the "Best Paper" award to a paper dealing with ethical implications of technology [IFIP, 94].

Virus Bulletin commissioned a paper on the issues surrounding ethics as related to virus writers themselves. [Virus Bulletin, 94].

Viruses -are- a recognised concern for people who are concerned with ethical behaviour and ethical models in science. Science and technology do not exist in a vacuum. Viruses are not solely an isolated technological phenomenon.

Return to Top

Big Business Can Afford the Loss

"Viruses only affect big businesses which can afford any loss they may cause."

It is true that viruses affect big businesses. Rob Slade estimated the cost of Michelangelo from reports he received on businesses affected at over 2 million dollars. The largest oil company in Houston was hit, as well as NJIT [Slade, 92].However, non-commercial operations have been affected by viruses. Organizations which could not afford equipment to do automated backups have been affected. Groups with insufficient resources for time/personnel have been affected.

The non-profit group "Save the Whales", located in Venice, California, lost its membership list, correspondence and current newsletter as a result of the Michelangelo virus in 1992. The virus also affected the New Salem Baptist Church in Kennesaw, Georgia and Vigil Printing, a small firm in Chicago. It is not just "big businesses" which are affected by viruses. [Clark 92].

Small businesses have been affected, not always in the most obvious ways. According to the owner of a small business in Plaisir, France, his business and entire personal assets are being wiped out due to the accidental transmission of the Frodo virus via some disks his company distributed. He is being prosecuted by the French courts as a virus distributor.

Return to Top


"I don't call BBS'. So, I am not at risk. How likely is it that I would actually get a virus??"

From Computerworld, March 1992:Intel ships virus in print utility Computerworld, February 1992: Davinci Systems Corp mailed 900 infected demo disks; Leading Edge shipped 500 computers with infected hard disks Computerworld March, 1992: Novell announced it had sent out infected disks. Time, September 1991, World Bank hit by Traveller 1991 VNI: Virus put into Aldus Freehand, costing company $7,000.00 [Computerworld, 92] [Castro, 91] [Virus News International, 93]

There are dozens more commercially released programs that could have given you a virus. [Gordon, 93]

Return to Top

Bad Anti-Virus Guys

"Anti-virus product developers write viruses and distribute them to make money selling their product."

There is no documented proof that this has been done by any of the major anti-virus product developers.

Return to Top

They Only Work on DOS

"Viruses aren't a problem because they don't work on any thing but DOS computers."

This argument in itself seems rather silly, since many computers both free standing and connected are running on DOS. However, the argument is used frequently to argue why viruses aren't a problem. A variant of this argument is "Viruses don't run on UNIX and the Internet is mostly UNIX". While it is true that many systems connected to the Internet are not run on DOS, some are. Additionally, viruses are possible that run under UNIX. Another variant of this argument is the "viruses for OS/2 and LANS and WINDOZE are pretty rare" argument. In "Future Trends in Virus Writing", we find that while such viruses are rare at this time, there is no reason to believe they will not become more common. The dozen or so viruses that are now Lan-aware will no doubt increase. [Bontchev, 94].

Return to Top

It's My Right!

"Virus writing is my right, and they don't cause anyone much of a problem."

Items 3.1-3.8 have illustrated some of the very real problems and issues surrounding viruses. Now we will examine the issue from a different viewpoint. The issue of virus writing and public dissemination of viruses as a "right" is an interesting one. While the U.S. Constitution certainly offers protection for freedom of speech, there is the matter of what is a Constitutionally protected "right" and what is not. Pure speech has almost without exception been held to be a "right", protected by the Constitution; however, there are those who argue that virus writing and distribution are not pure speech. The United States Supreme Court recognizes that speech and action, while closely entertwined, are not one and the same. It is also a matter of historical record that speech and action, or symbolic speech, are not always protected. Just because something is not (yet) illegal, it does not follow that it is a Constitutionally protected "right". Those who would say they have a "right" to write and distribute viruses may wish to consider the types of cases which have established which forms of speech are protected and which are not. Cases such as United States v. O'Brien (United States v. Obrien, 68), Tinker v. Des Moines School District (Tinker v. Des Moines Community School District, 69) and Spence v. Washington (Spence, 74) illustrate the types of arguments for and against using 'First Amendment Rights' as an argument to protect the unregulated dissemimation of virus programs.

In the development of the legal concept of 'symbolic speech', there has been no real stare decisis (an element of common law where a decision applies in similar cases and is binding on lower courts) [McGaffey, 72]. Virus writing/distribution, even to willing persons, is not clearly analagous to other cases which the Court has decided. There don't appear to be any cases establishing anyone's "right" to write and distribute a virus at this time; however states are making laws which would significantly restrict the right of dissemination of viruses. Of course, the State laws cannot violate the Constitution with impunity. Historically, speech plus action (sometimes called speech plus) is entitled to far less protection than plain spoken speech; it is also likely that the Court is likely to give less weight to symbolic expression than it did in the past [Tedford, 85]. This is a very complex, and is very much an unresolved issue.

Return to Top

Viruses Are Cool

(This space intentionally left blank.)

Our Own Worst Enemy Syndrome

We have our own overzealous moments, promoting sometimes the ultimate antivirus utility. Such a utility does not exist, but is referred to by some as TOAST -- "The Only Anti-virus System That....(insert outlandish claim here, i.e. that can protect you from all viruses, known and unknown, now and forever, amen)" [Peterson, 94]. The insistence of some that TOAST does exist hasn't helped our credibility. We must remember that we are part of a larger picture, and that what one of us does affects all of us.

We've also had a few product fiascos. According to a report in ACM Sigsoft's Software Engineering Notes volume 17, number 2, Norton Antivirus' special "Michelangelo fix" free program was more dangerous than the virus for many people. This was, according to author David Leslie, [Leslie, 92] a problem if a user had a hard drive with more than one partition. The media announced this free product during the "scare" but by and large neglected to announce the problem. We should not be afraid to admit our mistakes.

One aspect of the "own worst enemy syndrome" is the "wolf crying syndrome". While we don't see it much anymore, it is worth mentioning because of the impact it has had on the anti-virus world's credibility.

Return to Top

The Wolf Crying Syndrome

As you can see from earlier comments on the types of information being given out by the media, and other individuals, all of the information making the rounds about viruses is not accurate. In the past, anti-virus product developers have given some misleading information to the media regarding the potential threat of viruses; they have predicted scenarios close to Armegeddon when the facts dictated otherwise [Gordon, 94]. Hopefully, we are past this state and the wolf crying syndrome is a thing of the past.

Now, we come to the crux of the problem. The ethical dilemma. The Big Question that we have to answer if we are to begin addressing The Big Lies.

The question we must ask ourselves here is from whom do we want computer users to get information about viruses, and what do we do about all of the misinformation being circulated?

  1. Everyone has a right to listen to whomever they choose.
  2. The problem arises when the only sources, or the loudest sources, of information are the incorrect or misleading ones.
  3. No source of information should be silenced.

Words are tools. Tools shape and build images. That is the point of communication -- to communicate ideas. Some communicators need to build strong cases, using not just facts, but appeal to the heart. There is nothing wrong with word play or emotionalism in communication as long as it is not dishonest. It is not wrong to talk about "what is right" or "honourable". It is wrong to lie. Facts should be represented accurately at all times. In the case of viruses, many people have ideas and opinions; they have the right to their opinion, and to express their opinion. They even have the right to convey misinformation in many cases; We as responsible persons, have a responsibility to see that the misinformation is balanced with correct information. Until now, the "misinformation proponents" have not been only those with the loudest voices"; in many cases they have been the only voices the general public has had to listen to.

People have a right to listen to whomever they choose; they also have a right to know the motives of the persons they are relying on for information, whether that reliance is passive or active. One problem, that of "new" participants in the public debate (sometimes old participants using a new identity) can be addressed by questioning motives. If a person is not a publicly known figure whose motives and affiliations are well known to the general public, it is a duty to question, respectfully, their qualifications and affiliations. We must be willing to state our motives and affiliations as well, and to question the motives of others. If someone is not willing to discuss their reason and motivation for for a particular opinion, it is a duty to question that opinion.

Opinions however, are not facts. Many times misinformation is presented as "fact", followed by "well, I am entitled to my opinion". There is a difference. We must be careful to make the distinction, and to make others aware of the distinction.

We should adhere to certain principles of ethical communication when attempting to use information to cast light on "The Big Lie". We have an obligation to seek out accurate information and make sure that the information we distribute is as factual as possible; we need to be accurate, fair, and just in our treatment of ideas and arguments; we must be willing to submit private motivations to public scrutiny, and we must be, finally, willing to tolerate dissent with respect. These four principles, outlined by Karl Wallace in "An Ethical Basis of Communication" [Wallace, 55] can help establish the facts about computer viruses in the minds of the public.

We must be careful to not try to silence what we view as "the opposition" but to engage in productive, public debate. By doing this we can also possibly help teach those who honestly believe the Big Lie and the little lies that grow from it. We have passed the time where we can deal with the virus problem as passive bystanders dependent on software to solve "the problem" for us. Let the facts speak for themselves.

Return to Top


  1. AAAS/NCLS. The Use and Abuse of Computer Networks: Ethical, Legal and Technological Aspects, Preliminary Report. American Association for the Advancement of Science - American Bar Association Section of Science and Technology, National Conference. Beckman Science Institute. Irvine, California. 1994
  2. Bontchev, 94. Bontchev, Vesselin. Future Trends in Virus Writing. Proceedings, 6th Annual Virus Bulletin Conference. Jersey. 1994
  3. Castro, 91. Hey! Let's send a couple of billion to Wolfgang. Time Magazine., v. 138. September 23, 1991
  4. Clark, 92. Clark, Don. Report in San Francisco Chronicle. March 1992
  5. Computerworld, 92-93. Computerworld.
  6. Ducklin, 94. Ducklin, Paul. Anti-virus education: Have we missed the boat? Proceedings. 6th Annual Virus Bulletin Conference. Jersey. 1994.
  7. Forester and Morrison, 94. Tom Forester and Perry Morrison. Computer Ethics: Cautionary Tales and Ethical Dilemmas in Computing. MIT Press. 1994.
  8. Gordon, 92. Gordon, Sara. Dedicated. Virus News International. 1992-93
  9. Gordon, 93 Gordon, Sara. Inside the Mind of Dark Avenger. PC World, UK. August 1993
  10. Gordon, 93. Gordon, Sara. Virus Exchange BBS: A Legal Crime?. Proceedings, AAAS/ABA/NCLS Conference "Legal, Ethical and Technological Aspects of Computer and Network Use and Abuse". Beckman Science Institute. Irvine, CA. 1993
  11. Gordon, 94. Gordon, Sara. Technologically Enabled Crime: Shifting Paradigms for the Year 2000. SEC 94, TC/11. Curacao, NA. 1994
  12. IFIP, 94. Proceedings, IFIP 94/TC11 Conference. Curacao, NA. 1994
  13. Jordan, Glenn. Electronic mail correspondence. 1994. Used with permission.
  14. Leslie, 92. David Leslie. in Software Engineering Notes, 92
  15. McGaffey, 72. McGaffee, Ruth. Toward a More Realistic View of the Judicial Process in Relation to Freedom of Speech. Free Speech Yearbook, 1972. in Tedford, Makay and Jamison. 1987
  16. Software Engineering Notes, 92. Nuclear Disaster Averted. Software Engineering Notes, vol. 17., no. 2. April 1992
  17. Peterson, 94. Peterson, Padgett. Private e-mail conversation. 1994. Used with permission.
  18. Readings for Speech Communication, 74. Spence v. Washington;. U.S. 405. 1974. Trustees of Indiana University. 1990.
  19. Sandler, 94. Sandler, Corey. Virus, They Wrote. PC Computing. September, 1994
  20. Skulason, 94. Skulason, Fredrik. V-Forum Correspondence with xxxxxxx. Comp.Virus Newsgroup, Usenet News. August 1994.
  21. Slade, 92. Rob Slade. in Software Engineering Notes
  22. Software Engineering Notes, 92. Software Engineering Notes;. pp 20-22. ACM Sigsoft. April 1992.
  23. Spence, 74. in Readings for Speech Communication, 74.
  24. Tedford, Makay and Jamison, 87. Tedford, Thomas; Makay, John; and Jamison, David. Perspectives on Freedom of Speech. Southern Illinois University Press. 1987
  25. Tinker v. Des Moines Community School District, 69. Tinker v. Des Moines Independent Community School District. United States Reports, volume 393, page 503. 1969
  26. United States v. O'Brien, 68. U. S. v. O'Brien. United States Reports, volume 391. page 367. 1968
  27. Virus Bulletin, 94. Virus Bulletin. August 1994
  28. Virus Bulletin Proceedings. 6th Annual Virus Bulletin Conference. Jersey. 1994
  29. Virus Hits Hospital Computers;, Los Angeles Times, March 27, 1989
  30. Virus News International, 93. News. S&S; International. 1993
  31. Wallace, Karl. Karl Wallace. An Ethical Basis of Communication. in Tedford, Makay and Jamison. From The Speech Teacher, 1955

Return to Top

About the Author

Sarah Gordon's work in various areas of IT Security can be found profiled in various publications including the New York Times, Computer Security Journal and Virus Bulletin. She is a frequent speaker at such diverse conferences as those sponsored by NSA/NIST/NCSC and DEFCON. Recently appointed to the Wildlist Board of Directors, she is actively involved in the development of anti-virus software test criteria and methods. She may be reached as [email protected]

Return to Top