Announcement

Collapse
No announcement yet.

Teaching Virus/Malware creation/design in colleges

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Teaching Virus/Malware creation/design in colleges

    Professor to teach Computer Virus/Malware to CS students in Security course.

    Not yet on slashdot:
    http://blogs.pcworld.com/staffblog/archives/004452.html
    http://www.hardocp.com/news.html?new...VzaWFzdCwsLDE=

    This professor has received letters from antivirus businesses threatening to not hire people from his universty if the class was taught.

    (Related:)
    You may remember a similar story discussed on the forums about a Canadian University:
    http://chronicle.com/weekly/v50/i19/19a03301.htm : google cache
    http://news.com.com/2100-1002_3-1010538.html
    http://www.zdnet.com.au/insight/soa/...0274911,00.htm

  • #2
    Re: Teaching Virus/Malware creation/design in colleges

    This is exactly the type of thing that really pisses off folks like myself and Render and some others who have talked about this subject. Many antivirus companies and security software developers are drastically stuck in the mud with old ways of thinking. instead of trying to develop products that identify suspicious behaviors they commit themselves whole hog to simply doing pattern analysis.

    Any sort of class like this guy is teaching is a genuine threat... but not to public safety, it's a threat to the old software model and the companies that are entrenched in a revenue-stream built upon selling update subscriptions.

    It's a bit moot in my mind, however... software developers who learn the nitty-gritty of malware authoring aren't going to be working for the companies who are pitching a shit fit about this guy's class... they're going to start new and better companies that will (hopefully) send the old ones packing one day.

    Why does the security software industry think that it should have special rules which aren't obeyed by any other security professionals? You don't see the makers of Dragon Skin armor telling independent testing centers "no no no! you're not allowed to evaluate our vests using hand-loaded ammo or custom-brewed explosives! you must use only off-the-shelf ballistics to see how well our product holds up!"

    Insurgents who are trying to harm our men and women in uniform don't buy their IEDs and their ammo at Wal-Mart... they make them with whatever they can improvise. Conesquently, it's best that body armor gets tested in as many innovative and unconventional ways as possible. Authors of viruses don't just download pre-packaged code*, they make their own. Consequently, it would be best (in my opinion) for antivirus software to be tested and designed around viruses that are innovative and unconventional, as well.


    * well, heh... ok. that's sort of wrong, loads of script kiddies do just that
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: Teaching Virus/Malware creation/design in colleges

      Originally posted by Deviant Ollam View Post
      This is exactly the type of thing that really pisses off folks like myself and Render and some others who have talked about this subject. Many antivirus companies and security software developers are drastically stuck in the mud with old ways of thinking. instead of trying to develop products that identify suspicious behaviors they commit themselves whole hog to simply doing pattern analysis.

      Any sort of class like this guy is teaching is a genuine threat... but not to public safety, it's a threat to the old software model and the companies that are entrenched in a revenue-stream built upon selling update subscriptions.

      It's a bit moot in my mind, however... software developers who learn the nitty-gritty of malware authoring aren't going to be working for the companies who are pitching a shit fit about this guy's class... they're going to start new and better companies that will (hopefully) send the old ones packing one day.

      Why does the security software industry think that it should have special rules which aren't obeyed by any other security professionals? You don't see the makers of Dragon Skin armor telling independent testing centers "no no no! you're not allowed to evaluate our vests using hand-loaded ammo or custom-brewed explosives! you must use only off-the-shelf ballistics to see how well our product holds up!"

      Insurgents who are trying to harm our men and women in uniform don't buy their IEDs and their ammo at Wal-Mart... they make them with whatever they can improvise. Conesquently, it's best that body armor gets tested in as many innovative and unconventional ways as possible. Authors of viruses don't just download pre-packaged code*, they make their own. Consequently, it would be best (in my opinion) for antivirus software to be tested and designed around viruses that are innovative and unconventional, as well.


      * well, heh... ok. that's sort of wrong, loads of script kiddies do just that
      You're making them think outside the box. These AV companies are so big they can't do that anymore.
      "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

      Comment


      • #4
        Re: Teaching Virus/Malware creation/design in colleges

        Originally posted by theprez98 View Post
        You're making them think outside the box. These AV companies are so big they can't do that anymore.
        Of course. There are dangerous unknowns outside the box. CyberTerrorists that want to cause them harm are all plotting to get them.

        The most dangerous thing outside their box is knowledge. Very scary. Do you know what kind of damage peple can do when they have knowledge??!?!
        Last edited by TheCotMan; May 25, 2007, 19:36.

        Comment


        • #5
          Re: Teaching Virus/Malware creation/design in colleges

          Originally posted by TheCotMan View Post
          This professor has received letters from antivirus businesses threatening to not hire people from his universty if the class was taught.
          Typical corporate bull-shit.

          Comes close to the line used, "We don't employ hackers". How many times has a suit come into my office and spouted that crap to clients.

          Comment


          • #6
            Re: Teaching Virus/Malware creation/design in colleges

            First off, cotman, please don't use the term cyberterrorist in any context. it just hurts to read. Second, thank you Deviant for remembering my position.

            Behavior analysis does loads more than pattern analysis and one can assume that the instructor shares his class lessons with the anti-virus community on some level, so any threat directly generated by his class is mitigated.

            As someone who paid for norton.com years ago, I think that most of these companies are just crying foul that the next gen researchers might actually think of something that would put their business in jeopardy.

            The whole industry has it's knickers around it's head and it's not going to change until it's forced to
            Never drink anything larger than your head!





            Comment


            • #7
              Re: Teaching Virus/Malware creation/design in colleges

              Originally posted by renderman View Post
              First off, cotman, please don't use the term cyberterrorist in any context.
              I love the way the word cyberterrorist is used to install vague paranoia in the public/goverment.

              Comment


              • #8
                Originally posted by renderman View Post
                First off, cotman, please don't use the term cyberterrorist in any context. it just hurts to read. Second, thank you Deviant for remembering my position.
                Oh. You didn't like that eh? ]:>

                The use of the word was meant to be difficult and awkward to read.

                I thought about using EvilHackers instead, but thought that going over the top with "CyberTerrorists" seemed more appropriate since they are more than dangerous, they are electronically dangerous! They are going to open the flood gates to the dams and flood people to death! They are going to cause Nuclear Power plants to burst into flames and melt! They are going to make Y2K happen all over again! They will steal the letter "e" from everyone's computer and stop them from sending email!

                Maybe I should have gone back to using the War-Verbing with terrorism...

                WarTerrorizing

                Yeah. That is even better.

                The AntiVirus, anti-MalWare companies are worried about people that might be WarTerrorizing with their mad malware skills.

                Better? ]:>

                Someone's opinion about the course which is more caution and wait-and-see than knee-jerk reaction:

                http://www.avertlabs.com/research/bl...iting-classes/

                Comment


                • #9
                  Re: Teaching Virus/Malware creation/design in colleges

                  Its a simple answer: To prevent danger, one must learn to defend against danger.


                  Do most businesses assume the people they hire just 'know' about virus' and malware? Or any sort of hacking/problems that may persist in the 'real/virtual' world? Thats pretty naive, I'd rather trust a person who has actually studied this stuff...
                  A paranoid is someone who knows a little of what's going on.
                  -
                  William S. Burroughs

                  Comment

                  Working...
                  X