krvw@cert.sei.cmu.edu (Kenneth R. van Wyk) (07/25/90)
This subject comes up here and in private conversation from time to time, so I'm going to open the can of worms... :-) Should we or should we not be reporting virus infections and other related information? And, if so, how much information is enough? I don't really know if I have the right answers to those questions, but I'll try to address them by giving you folks my personal _opinions_ on the matters. I believe that it is useful to publicly report major virus sightings in a forum such as this (and/or VALERT-L) - to a degree, at least. Obviously, if we were reporting every infection of the Jerusalem B virus, things would get rather boring (not to mention the wasted network bandwidth). However, major infections of new viruses, such as with this business regarding the 4096 in the States, may be worthwhile to report. I believe that there are folks out there (please correct me if I'm wrong) who would want to know some basic information regarding major changes in events such as this. By "basic information", I'm referring to geographic location, number of infections, number of sites, and (when possible/allowable/appropriate) names. My feelings are that this type of information would supply administrators with useful "heads-up" warnings. This is the sort of thing that I believe VALERT-L is ideally suited for (with re-postings going to VIRUS-L/comp.virus). Now, I'm not collecting statistics on these things, and I do know that there are folks who are doing just that. What sort of information would you folks like to have? How about other people, like system administrators, would you find the above info valuable? Regards, Ken van Wyk