Re: Teaching Virus/Malware creation/design in colleges

This is exactly the type of thing that really pisses off folks like myself and Render and some others who have talked about this subject. Many antivirus companies and security software developers are drastically stuck in the mud with old ways of thinking. instead of trying to develop products that identify suspicious behaviors they commit themselves whole hog to simply doing pattern analysis.

Any sort of class like this guy is teaching is a genuine threat... but not to public safety, it's a threat to the old software model and the companies that are entrenched in a revenue-stream built upon selling update subscriptions.

It's a bit moot in my mind, however... software developers who learn the nitty-gritty of malware authoring aren't going to be working for the companies who are pitching a shit fit about this guy's class... they're going to start new and better companies that will (hopefully) send the old ones packing one day.

Why does the security software industry think that it should have special rules which aren't obeyed by any other security professionals? You don't see the makers of Dragon Skin armor telling independent testing centers "no no no! you're not allowed to evaluate our vests using hand-loaded ammo or custom-brewed explosives! you must use only off-the-shelf ballistics to see how well our product holds up!"

Insurgents who are trying to harm our men and women in uniform don't buy their IEDs and their ammo at Wal-Mart... they make them with whatever they can improvise. Conesquently, it's best that body armor gets tested in as many innovative and unconventional ways as possible. Authors of viruses don't just download pre-packaged code*, they make their own. Consequently, it would be best (in my opinion) for antivirus software to be tested and designed around viruses that are innovative and unconventional, as well.


* well, heh... ok. that's sort of wrong, loads of script kiddies do just that

Re: Teaching Virus/Malware creation/design in colleges

You're making them think outside the box. These AV companies are so big they can't do that anymore.

Re: Teaching Virus/Malware creation/design in colleges

Of course. There are dangerous unknowns outside the box. CyberTerrorists that want to cause them harm are all plotting to get them.

The most dangerous thing outside their box is knowledge. Very scary. Do you know what kind of damage peple can do when they have knowledge??!?!

Re: Teaching Virus/Malware creation/design in colleges

Typical corporate bull-shit.

Comes close to the line used, "We don't employ hackers". How many times has a suit come into my office and spouted that crap to clients.

Re: Teaching Virus/Malware creation/design in colleges

First off, cotman, please don't use the term cyberterrorist in any context. it just hurts to read. Second, thank you Deviant for remembering my position.

Behavior analysis does loads more than pattern analysis and one can assume that the instructor shares his class lessons with the anti-virus community on some level, so any threat directly generated by his class is mitigated.

As someone who paid for norton.com years ago, I think that most of these companies are just crying foul that the next gen researchers might actually think of something that would put their business in jeopardy.

The whole industry has it's knickers around it's head and it's not going to change until it's forced to

Re: Teaching Virus/Malware creation/design in colleges

I love the way the word cyberterrorist is used to install vague paranoia in the public/goverment.

Oh. You didn't like that eh? ]:>

The use of the word was meant to be difficult and awkward to read.

I thought about using EvilHackers instead, but thought that going over the top with "CyberTerrorists" seemed more appropriate since they are more than dangerous, they are electronically dangerous! They are going to open the flood gates to the dams and flood people to death! They are going to cause Nuclear Power plants to burst into flames and melt! They are going to make Y2K happen all over again! They will steal the letter "e" from everyone's computer and stop them from sending email!

Maybe I should have gone back to using the War-Verbing with terrorism...

WarTerrorizing

Yeah. That is even better.

The AntiVirus, anti-MalWare companies are worried about people that might be WarTerrorizing with their mad malware skills.

Better? ]:>

Someone's opinion about the course which is more caution and wait-and-see than knee-jerk reaction:

http://www.avertlabs.com/research/bl...iting-classes/

Re: Teaching Virus/Malware creation/design in colleges

Its a simple answer: To prevent danger, one must learn to defend against danger.


Do most businesses assume the people they hire just 'know' about virus' and malware? Or any sort of hacking/problems that may persist in the 'real/virtual' world? Thats pretty naive, I'd rather trust a person who has actually studied this stuff...