Antivirus vendors and security experts were this week quick to offer their opinions against the University of Calgary’s Department of Computer Sciences decision to offer a virus and malware course.
The course, which will be open to fourth-year students in the school’s undergraduate program, will commence this fall and will be taught by Professor John Aycock. Along with focusing on legal, ethical and computer security issues, students will be shown how to develop malicious software such as computer viruses, worms and Trojan horses. Sixteen students are expected to enrol in the class.
According to the university, the subject is intended to help students understand security issues and assist them in preparing for a career in computer security. The university also said it has the goal of potentially providing the software industry with more secure software products as a result of the course teachings.
The announcement has raised a few eyebrows. Antivirus vendor Sophos Inc.’s CEO Jan Hruska, for example, said in a statement that those who have engaged in writing viruses need not apply to the company for a job.
“You are of no use to us. The skills required to write good antivirus software are far removed from those needed to write a virus. With 80,000 viruses in existence there can be no excuse for teaching students on how to create more,” he said in the statement.
One industry expert noted that taking a proactive educational process could be dangerous.
“It’s sort of like asking if you provide people with the recipe for how to build an atomic bomb, what will they do with it,” said Jim Hurley, vice-president of security and privacy at Aberdeen Group Inc. in Boston. He added that it will be very difficult to determine if teaching students how to write malicious code would lead to “good hackers or bad hackers” after completing such a class.
In a statement on the university’s Web site, Aycock outlined the rationale for offering the course.
“In order to develop more secure software, and countermeasures for malicious software, you first need to know how malicious software works and the mindset of its creator.” The university will allow students to create “malware under controlled lab conditions” where “STRICT lab protocols will be in effect; failure to adhere to these protocols will result in an ‘F’ in the course.”
A global survey conducted by Information Week and Price WaterhouseCoopers LLP in 2000 estimated computer viruses and hacking engulfed US$1.6 trillion from the worldwide economy.
For more information about the course, visit the university online at www.ucalgary.ca.