foxsteve Premium Member join:2001-12-28 Campbell, CA |
foxsteve
Premium Member
2003-May-23 6:08 pm
Students offered virus writing course» www.vnunet.com/News/1141141A university course in Canada teaching students how to create computer viruses has been met with derision by angry industry watchers, who believe it will create a pool of future virus writers. The 'Computer Viruses and Malware' course will begin next autumn at the University of Calgary. It is described as focusing on "developing malicious software such as computer viruses, worms and Trojan horses that are known to wreak havoc to the tune of billions of dollars worldwide on an annual basis". The thinking behind the course is that educating students in virus writing will lead to a greater understanding of how to stop viruses. The teaching will also cover legal, ethical and computer security issues. The University's Department of Computer Science explained that it "explores new territory as it becomes the first institution in Canada to offer such a course as part of its undergraduate programme". Dr John Aycock, professor for this course, likened it to medical research. "This attitude is similar to what medical researchers do to combat the latest biological viruses such as Sars," he said. "Before you can develop a cure, you have to understand what the virus is and how it spreads. Why should combating computer viruses be any different?" But Graham Cluley, senior technology consultant for Sophos Anti-Virus, dismissed the course as a bad idea. "Should we teach kids how to break into cars if they're interested in becoming a policeman one day?" he asked. "Creating new viruses is of no benefit at all, but could lead to greater danger. "One wonders if the university will be held legally and financially responsible if any of the viruses written on their course break out and infect innocent computer users." |
|
Allnew MVM join:2003-02-01 Denmark- EU. |
Allnew
MVM
2003-May-23 6:30 pm
Or what about a course in " how to rob a bank" or " how to kill your mother in law" Its really a strange world sometimes. Totally agree with the Sophos guy who dont like the idea. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
3 recommendations |
to foxsteve
Hi Steve, I think those course in a University are a good idea...if you know how to write them..you know how to stop them..and where to look.
Do you want a comparison?
Just think what you or I could do with the background we had in University.
It is not the education you worry about..it is the Application.
Be Well John |
|
MattUK Premium Member join:2003-03-23 UK |
to foxsteve
Learn "how to rob a bank" so you can build protection and to prevent the bank being robbed.
The same principle is being exercised here, and has been for a very long time on some websites generally seen as security sites, not 'hax0rz sites' |
|
Allnew MVM join:2003-02-01 Denmark- EU. |
to Name Game
Name Game, you do have a point, but still i really dont like the idea of educating viruswriters. |
|
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
said by Allnew: Name Game, you do have a point, but still i really dont like the idea of educating viruswriters.
I am really also thinking that they could change the name of the course...teach the same thing..and it would not get media attention. But then I think they wanted it..what better way to sell the school. LOL wonder how many credit for that one. I even think they taught the same stuff before..and now they change the name.... |
|
Allnew MVM join:2003-02-01 Denmark- EU. |
Allnew
MVM
2003-May-23 7:09 pm
Could be. |
|
tklown join:2000-09-17 Sayreville, NJ |
to foxsteve
It's not like it really matters. You could search on google and find tons of sites on it anyway |
|
MapleLeaf Premium Member join:2001-09-04 Burnaby, BC |
to foxsteve
I am with John on this one. Knowledge is a two-edged sword. It always was and it always will be. And let us not jump on conclusions - we don't know exactly what this course actually offers and what or how it teaches. |
|
StraitShootWho Loves Ya Baby? - Theo Kojak Premium Member join:2003-02-08 Clinton, MA |
to foxsteve
Where are they teaching that course about "killing your mother-in-law"? LOL... |
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
to foxsteve
It should be noted that the course is probably not being offered to just anyone. My guess is there are many prereqs that will exclude the business major that says "hey that looks like fun." This probably an upper division course. 30 years ago a Computer Science major could learn everything there was to learn in the field. Today, it's just like medicine: you have to specialize. For the CSc major seeking a career in security, this sounds like a good first course. |
|
Big TimePull My Finger Premium Member join:2002-10-19 Washington |
to foxsteve
said by foxsteve:
The thinking behind the course is that educating students in virus writing will lead to a greater understanding of how to stop viruses. The teaching will also cover legal, ethical and computer security issues.
Hopefully they will focus strongly on the legal and ethical issues. I share the opinions of a lot of the people that posted, and I also think this has a little "know thy enemy" in it. |
|
robre join:2002-08-01 Lebanon, TN |
to foxsteve
1214-142 - Introduction to the x86 32-bit protected mode assembly language - Aycock, John
1214-142 - Computer Viruses and Malware - Aycock, John
Hey, whatever it takes to get the CS majors to take the class...
|
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA |
said by robre:
1214-142 - Introduction to the x86 32-bit protected mode assembly language - Aycock, John
1214-142 - Computer Viruses and Malware - Aycock, John
Hey, whatever it takes to get the CS majors to take the class...
Hey, the first one looks more interesting to me. |
|
poiwv join:2002-06-07 Belington, WV |
to foxsteve
said by javaMan:
quote: said by robre :1214-142 - Introduction to the x86 32-bit protected mode assembly language - Aycock, John
1214-142 - Computer Viruses and Malware - Aycock, John
Hey, whatever it takes to get the CS majors to take the class...
Hey, the first one looks more interesting to me.
Yes, but not to a reporter.... |
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
to foxsteve
What a waste of taxpayers money. I only hope that anybody who attends this course has to fund the whole cost themselves. I doubt that there would be many takers in those circumstances. |
|
foxsteve Premium Member join:2001-12-28 Campbell, CA |
foxsteve
Premium Member
2003-May-24 9:51 pm
Creating of the computer viruses is criminal. I think that this course is bad because Dr John Aycock and his students will get legal right for discussing techniques and creating new viruses. Team can generate "products" which are unreachable for single designer. |
|
wormie join:2000-11-19 Lowell, MA |
wormie
Member
2003-May-24 11:37 pm
said by foxsteve: Creating of the computer viruses is criminal.
Writing a virus isn't illegal, or even immoral. Infecting others with it may be. There are plenty of "proof of concept" viruses written simply to expose security holes, but never distributed. I don't see it as radically different from any other security course, it just has a sensationalized name. |
|
1 recommendation |
to foxsteve
I personally think this to be a great idea. Like it or not, this could help prevent big viruses where the students if working at a security firm may create a virus and then have that one already patched up because they created it ahead of time. There's too much negativity around this course. Consider this, if someone joins the army (like this course in certain respects) they have the knowledge to kill a civilian anywhere, but that doesn't mean they will. Like this course they will be able to create viruses, but mainly to prevent such devastating viruses from occuring.
|
|
IGGY9No Guru Just Here To Help Premium Member join:2001-03-30 Chatham, IL |
to foxsteve
Further discussion can be found here » Malware 101 |
|
djaHappy to Help Premium Member join:2002-03-25 Niagara |
to foxsteve
For the (1) student out of (100) that applies this knowledge in a responsible, and ethical manner, there will be (99) that will create, and release malicious code, into the wild.
Many University courses are for the most part a 'work-avoidance-tax'. They think-up pointless programs that will be cool, or hip, and reap hundreds of thousands of dollars for absolutely nothing! |
|
POBRes Firma Mitescere Nescit Premium Member join:2003-02-13 Stepford, CA |
POB to Allnew
Premium Member
2003-May-26 4:32 pm
to Allnew
said by Allnew: Or what about a course in " how to rob a bank" or " how to kill your mother in law" Its really a strange world sometimes. Totally agree with the Sophos guy who dont like the idea.
Don't be ridiculous. Millions of people die each year in auto accidents and schools continue to to teach new batches of people how to drive and auto manufacturers continue to make more vehicles, so your bank analogy falls short. The virus writing course is an outstanding idea because the best defense is a good offense. Same goes for hacking. Who do you think the white hats are, anyway - do you think they simply read about hacking theory and/or heard quaint hacking anecdotes and that's all they've ever done. You cannot protect against something which you know nothing about. |
|
djaHappy to Help Premium Member join:2002-03-25 Niagara |
dja
Premium Member
2003-May-26 4:37 pm
Do we know the responsibility levels of the individuals who wish to participate? NO.
Are they taking the course because they admire 'white-hats', or because they want to show-off and code cr@p? CAN'T SAY.
Will this cause more harm, than good. LIKELY. |
|
Allnew MVM join:2003-02-01 Denmark- EU.
|
to POB
Major marco. You do have a point too. I can see both the pro & cons, but still i dont like the idea of educating viruswriters. [text was edited by author 2003-05-26 16:42:37] |
|
Kibbles Premium Member join:1999-07-31 Mission Viejo, CA |
to POB
said by POB:
said by Allnew: Or what about a course in " how to rob a bank" or " how to kill your mother in law" Its really a strange world sometimes. Totally agree with the Sophos guy who dont like the idea.
Don't be ridiculous. Millions of people die each year in auto accidents and schools continue to to teach new batches of people how to drive and auto manufacturers continue to make more vehicles, so your bank analogy falls short.
But Driving schools teach you to avoid accidents..not get into them.;) OT..the Buck Fush..should be Cuck Flinton. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to dja
said by dja: For the (1) student out of (100) that applies this knowledge in a responsible, and ethical manner, there will be (99) that will create, and release malicious code, into the wild.
Many University courses are for the most part a 'work-avoidance-tax'. They think-up pointless programs that will be cool, or hip, and reap hundreds of thousands of dollars for absolutely nothing!
Oh bolderdash..where are you getting this one out of a hundred numbers in the first place.. |
|
djaHappy to Help Premium Member join:2002-03-25 Niagara |
dja
Premium Member
2003-May-26 5:17 pm
Experience with humans. |
|
Big Bob0 Premium Member join:2002-04-12 Scarborough, ON
2 recommendations |
to foxsteve
|
|
javaManThe Dude abides. MVM join:2002-07-15 San Luis Obispo, CA
|
said by Big Bob0: From: »pages.cpsc.ucalgary.ca/~ ··· /599.48/
As I stated earlier and you can see from the class prerequisites, this is not a lower division course that just anyone may take. The disclaimer is probably included at the urging of the university's legal department rather than a fear about possible abuse by students. Those qualified to take this course will also be more than qualified to develop hacking skills on their own, and quite easily and quickly, if that were their desire. As I also stated earlier, any skills obtained through the course will be invaluable for the student seeking a career in IT security, no doubt the reason for the course in the first place. These classes are not unique and I doubt you would find a real hacker who has ever taken one. Unfortunately, too many are easily swayed by media sensationalism and they know it, hence the story in the first place. I really don't understand the objections to this, no one objects to medical students operating on poor hapless corpses deprived of a decent burial; why is there no moral indignity against that--no one has written a newspaper story about it I guess. |
|
|
to foxsteve
In order to understand and analyze viruses (at least the low-level ones, not like vbscript junk stuff) you need to know polymorphic engines, anti-debugging methods and how to get around them, encryption/decryption, exe packing etc.
I don't know any university course that would teach all that. Heck they don't even teach them in advanced assembly.
I think it is a great idea to come up with a course like this. Perheps one of those who take the class can come up with a good heuristic engine that would help us all one day. |
|