Want to Write a Virus? Take a Class.
A college computer course that teaches students how to write computer viruses is riling up security companies once again, according to a story in a local California paper today.
Per the story, a computer science professor at Sonoma State University in California is teaching the course in order to train his students how to design better defenses. Security companies, on the other hand, have always vigorously decried any attempts to create new malware as automatically unethical, no matter the end goal. And at least three companies are sending Ledin letters saying they will boycott hiring Ledin's students, according to the story.
This is an ongoing debate. Other colleges have previously taught such classes, and Consumer Reports took major heat when it created new malware to test antivirus software.
So who's right? Is Ledin violating an unwritten Hippocratic oath of computer security? Or is this an important thing to teach, and learn, and test?
Personally, I think the genie's out of the bottle. Unlike with biological viruses, it's not hard to create a new piece of malware. You don't need a lab, expensive equipment or even much techie know-how; There has long been software available that allows any aspiring online thug to easily create a new piece of malware.
What's more, malware writers are constantly spewing out new variants in an attempt to evade antivirus programs. The recent Storm Worm blast was a great example.
So I don't really think it makes us less safe if a few students create new malware in order to learn how they're built. Even if one of them escapes its protected environment, it will be a drop in the bucket compared to the already existing deluge of new virus variants that come out all the time.
And such training may help with what's really important: Developing effective proactive defenses that can block attacks whether they're old or brand new.
PC World's Marketplace
PC World's Free Whitepapers
tech news tech blogs community & forums laptop prices software reviews downloads
I believe that anyone who criticizes Ledin should meditate whether the action of forbidding virus lessons could lead to a more secure computer world. This story remembers me something that I have experienced in my childhood. I was a teenager, I was supposed to have a lecture in human reproduction, but a group of parents have come to my school to complaint about the subject and the school representatives decided to eliminate the subject in the program. That was a similar situation, do those parents have educated their children with a strong moral? Do the companies who disagree with the classes would hire students with more strong ethics and moral because they couldn't learn how to program a virus at the university? Do they know there are a lot of documents to do that? Are they trying to cover the sky with their hands?
Besides, the advantage of learning something with the guidance of someone with expertise is worth value. Should the academic members have the knowledge? Yes, they should!