News
News
3/4/2003
02:07 PM
Connect Directly
RSS
E-Mail
50%
50%

University Defends Virus-Writing Class

Safeguards will prevent malicious software from causing problems on the Internet, the school says.

Despite harsh criticism from some security professionals, the University of Calgary isn't backing down from its plan to have students develop viruses and malicious software as part of a course. The university says its "Computer Virus and Malware" course will take place this fall.

"After consideration of all the facts, the University of Calgary's Department of Computer Science will continue to offer the 'Computer Virus and Malware' course as originally planned," wrote Dan Seneker, coordinator of community relations, faculty of science, for the university, in an E-mail to InformationWeek.

Besides defending its decision to go ahead with the course, the university also outlined safeguards it will put in place so the viruses written by students in the lab don't end up wreaking havoc on the Internet.

"Is there another way to teach about stopping viruses without providing adequate knowledge so that the students could write a virus? The answer is simple: No. Anyone who claims they can fight a virus but could not write one is either uninformed or trying to mislead for other reasons," the statement reads.

"That is utterly ridiculous," says Pete Lindstrom, research director for Spire Security. "There are plenty of ways to gain the same level of knowledge other than the destructive knowledge of having students create new viruses. We don't teach sex education by having students have sex in class."

Students should spend their time studying how to write secure applications and operating systems and dissecting the tens of thousands of existing viruses instead crafting new viruses, worms, or Trojans, he says. "The tactics and techniques of destruction are not the same as those for control and protection," Lindstrom says. "It's a myth and misguided to believe that you have to be a hacker or a virus writer to stop hackers and viruses."

Others also see risk. "The interesting thing about a virus is not how it is written, but how it behaves in a network," says Bill Murray, senior research executive for security firm TruSecure Corp. "Many of the viruses currently in the wild exist because the virus author couldn't resist the temptation of seeing how it would act in a network environment. The problem is that college students are not well-known for their ability to resist temptation, and so it is just a matter of time before one of them turns one loose."

The university said the students will get training in ethics from philosophers, lawyers, and business professionals as part of the course. To keep viruses from escaping, the university said the computer lab will be locked at all times, no storage media will leave the lab, and the network in the lab will not be connected to any outside systems. As an additional precaution, the university said it will destroy all removable media, and each hard disk will be "scrubbed" at the end of the course, presumably to ensure that all viruses created will be wiped out.

Asks Lindstrom, "Are they going to erase the student's brains at the end of the course?"

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.