The University of Calgary is at it again. A mere 19 months ago, they decided that it was important to teach kids how to write viruses. Here is what I said then:
"That is utterly ridiculous," says Pete Lindstrom, research director for Spire Security. "There are plenty of ways to gain the same level of knowledge other than the destructive knowledge of having students create new viruses. We don’t teach sex education by having students have sex in class."
Students should spend their time studying how to write secure applications and operating systems and dissecting the tens of thousands of existing viruses instead crafting new viruses, worms, or Trojans, he says. "The tactics and techniques of destruction are not the same as those for control and protection," Lindstrom says. "It’s a myth and misguided to believe that you have to be a hacker or a virus writer to stop hackers and viruses."
I guess the U. probably hasn’t done enough damage (or gotten enough press) lately, so they need to add spam and spyware. Yay.
I sure hope the security community holds them "liable" when we catch the first miscreant. I wonder if they’ll retroactively give him an "F".
I tend to agree with the teachers on this one. I see your piont 100% but know from experience the only way to right secure software is to understand how a virus is written and acts. Only then can you stop expliots. Pros and cons to both sides. In a perfect world we would not have to worry about these kids turning malisious. As long as they undrstand the punishment for such crimes we should be ok.
Some of the best computer security experts were former hackers (crackers). By learning the internals of virusses and other malicious software these next generation software engineers will know how to put barriers in their software to prevent exploitation.
@ASSR -
Yes, and some of the best weren’t hackers/crackers. I suppose this is a “tragedy of the commons” problem – is the increase in risk to the world worth an individual learning how to hack? Given the plentiful alternatives, I think the answer is no.