There has been, of late, considerable interest in the topic of computer viruses. The debate has been especially brisk since the so-called "Internet Virus" of November 1988. At one extreme are those who declare that viruses are an essentially new phenomenon, against which we are powerless. At the other end of the spectrum are those who treat viruses as more of a semantics problem than a technical one, claiming that the problems they pose have already been solved under different terminology. Where then is reality? This paper makes the case that the situation, while certainly not ideal, is not nearly as bleak as some of the alarmists would claim, and that existing technology and security-oriented procedures are extensible to the virus threat. Further, these are largely captured in the DoD Trusted Computer System Evaluation Criteria (TCSEC). However, while the available techniques are relevant, they supply only partial solutions; perfect and universal countermeasures against all possible virus scenarios do not exist. If we are to determine whether or not such are possible, much less develop them, further R&D activity is required.