University Defends Virus-Writing Class - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


University Defends Virus-Writing Class

Safeguards will prevent malicious software from causing problems on the Internet, the school says.

Despite harsh criticism from some security professionals, the University of Calgary isn't backing down from its plan to have students develop viruses and malicious software as part of a course. The university says its "Computer Virus and Malware" course will take place this fall.

"After consideration of all the facts, the University of Calgary's Department of Computer Science will continue to offer the 'Computer Virus and Malware' course as originally planned," wrote Dan Seneker, coordinator of community relations, faculty of science, for the university, in an E-mail to InformationWeek.

Besides defending its decision to go ahead with the course, the university also outlined safeguards it will put in place so the viruses written by students in the lab don't end up wreaking havoc on the Internet.

"Is there another way to teach about stopping viruses without providing adequate knowledge so that the students could write a virus? The answer is simple: No. Anyone who claims they can fight a virus but could not write one is either uninformed or trying to mislead for other reasons," the statement reads.

"That is utterly ridiculous," says Pete Lindstrom, research director for Spire Security. "There are plenty of ways to gain the same level of knowledge other than the destructive knowledge of having students create new viruses. We don't teach sex education by having students have sex in class."

Students should spend their time studying how to write secure applications and operating systems and dissecting the tens of thousands of existing viruses instead crafting new viruses, worms, or Trojans, he says. "The tactics and techniques of destruction are not the same as those for control and protection," Lindstrom says. "It's a myth and misguided to believe that you have to be a hacker or a virus writer to stop hackers and viruses."

Others also see risk. "The interesting thing about a virus is not how it is written, but how it behaves in a network," says Bill Murray, senior research executive for security firm TruSecure Corp. "Many of the viruses currently in the wild exist because the virus author couldn't resist the temptation of seeing how it would act in a network environment. The problem is that college students are not well-known for their ability to resist temptation, and so it is just a matter of time before one of them turns one loose."

The university said the students will get training in ethics from philosophers, lawyers, and business professionals as part of the course. To keep viruses from escaping, the university said the computer lab will be locked at all times, no storage media will leave the lab, and the network in the lab will not be connected to any outside systems. As an additional precaution, the university said it will destroy all removable media, and each hard disk will be "scrubbed" at the end of the course, presumably to ensure that all viruses created will be wiped out.

Asks Lindstrom, "Are they going to erase the student's brains at the end of the course?"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll