Online business Toolkit

Learn virus writing skills in Canada

Tags:
Virus Writing Course,
Viruses,
Virus Lesson,
Virus Course

Ian Fried, CNET CNET News.com

Published: 28 May 2003 13:50 BST

While many students would be expelled from their computer science programs for writing a virus, the University of Calgary plans to make writing such malicious programs a part of the curriculum.

This autumn, the Canadian school is offering a class for fourth-year students titled "Computer Viruses and Malware", in which students will write and test their own viruses. The move has touched off a wave of criticism within the antivirus community.

Ken Barker, head of the school's computer science department, contends that such a class is needed to better understand what motivates those who write malicious software, which he says is a growing problem. In just the past 24 hours, McAfee has discovered some 190,000 new infected files, Barker said.

"Somebody who is suggesting we are doing enough really has their head in the sand," Barker said. Plus, school officials note that information on how to write viruses is already easily accessible.

Both those in favour of the class and those opposed agree that virus infections are costing corporations billions, particularly in the lost productivity that comes when an infection brings email servers to a halt.

But David Perry, global director of education for antivirus software maker Trend Micro, said encouraging people to write more viruses is a bad idea.

"Why not have classes in hacking?" Perry said. "Why not have classes in all kinds of malicious computer activity?"

Perry rejects the idea that such training could lead to better bug fighters.

"I don't see there to be any educational value at all," Perry said. "You don't send somebody out to shoot someone so they understand what happens when somebody gets shot."

On the other hand, computer virus expert Fred Cohen contends that it makes sense to let students interact with viruses firsthand -- even creating their own -- provided that enough safeguards are in place to make sure that the computer bugs don't leave the classroom. A class of graduate students taught by Cohen did just that this past semester at the University of New Haven.

Cohen said that, by writing their own viruses -- as well as antivirus software to stop their creations -- his graduate students learn how easy it is to create such bugs, how quickly they spread and other knowledge of how such code operates.

At the same time, he rejected the University of Calgary's notion that students can get in the mind frame of those who distribute malicious code by writing viruses of their own.

Cohen's main focus is assuring that schools like the University of Calgary that offer such classes make sure to set up safeguards to prevent the students' work from getting out of the classroom.

"It's not -- in general -- a very safe thing to write viruses," said Cohen, who also works for market analysis firm Burton Group. "It's easy to make a mistake".

Calgary officials say the school has taken appropriate precautions, with plans to use a closed network and prohibiting students from removing disks from the virus-infected labs, which will be secured 24 hours a day.

For his part, Trend Micro's Perry said there is little need to study virus writing at all, given the simplicity of most malicious code.

"Generally speaking, the people that release viruses into the wild are not very good computer programmers," Perry said. "If you are a very good programmer, somebody hires you to write programs."

But it is that very financial motive that Barker said will keep his school's students focused on preventing viruses rather than launching them.

"They are not really employable as virus writers," Barker said.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.