'Computer virus 101' raises eyebrows

The Digital Collegian (Penn State) ^ | Monday, Jan. 26, 2004 | Holly Rosene

[Willie Green]

For education and discussion only. Not for commercial use.

Uproar about a 'virus-writing' class at the University of Calgary, Canada has caused speculation regarding its educational value in the computer science and engineering department here at Penn State.

Some professors have different views on whether offering a course that included instruction on how to write virus code could be beneficial to computer security.

"The University of Calgary had the right to do so in interest of academic freedom," John Domico, assistant director of information technology, said.

Some faculty members in the department don't think teaching students how to write viruses is necessary in teaching computer security.

"Literature has shown us that you don't need to teach how to write a computer virus," Raj Acharya, head of the computer science and engineering department, said.

While the purpose of the class offered at the University of Calgary was to help prevent viruses and teach computer security, Don Heller, associate professor of computer science and engineering said he doesn't agree with the course.

"My reaction to a student who signs up for an explicit course on virus software would be to dismiss them," Heller said.

While Heller said he isn't fond of a class simply on writing viruses, he sees a need for computer security courses.

"It would be valuable to have a course in virus protection, to recognize problems," Heller said.

Heller said there would be interest in a course like that at Penn State and it is already a topic in operating systems courses.

"What you see at Penn State is how to write, not malicious code, but secure code," Domico said.

Both professors agree that the key to computer security is not knowing how to write a virus, but rather knowing how to write a code that is secure.

"Money and resources are better spent in securing and prevention," Domico said.

Heller said he wonders about the safety of the University of Calgary course, which used a separate computer lab and network, and students were not permitted to take anything in or out of the classroom.

"The idea that you can confine software in a lab setting and study it without letting it get out to the rest of the world has been proven wrong many times," Heller said.

The security of the isolated setting depends on the human element, which is why he would not attempt to offer a class like this, Acharya said.

"It is very difficult for a bunch of students to remain disciplined," said Acharya.

One issue raised about such a class is whether a student would be employable afterward.

"They would certainly be employable," Domico said.

Acharya said he agrees.

"If I was an employer, I would hire them. I don't think they should have anything against them," he said.

Heller isn't as confident as Domico in whether students would be better able to obtain jobs after taking a virus-writing class for prevention.

"In the context of prevention and analysis, it looks a little better," Heller said.

[joesnuffy]

It used to be that prisons were the colleges for criminals...its nice to see that in this case
the university has learned to cut out the middle man....

[camle]

why not vandalism 101? similar thing.

[sigSEGV]

This is a good thing. Computer security teaching is non-existant in academia. You can't write secure software unless you know how people exploit it.

[xrp]

Maybe we should have scientists and companies stop researching and learning about bacteria and virii?

The best way to combat a problem is to learn how it festers.

[zx2dragon]

Nothing new. A friend of mine attended a US college back in 90 or 91 and part of one of the computer classes was learning how to write a virus.

[isom35]

as my class project, I would test mine on the University of Calgary's computers

[martin_fierro]

FREE PC PROTECTION: (Not an exhaustive list. Your results may vary. Void where prohibited. For entertainment purposes only. No wagering, please. Whattayawantfernuthin'.)

Alternative browsers: Mozilla Opera AVG Anti-Virus Free Edition: Free anti-viral protection Popup ad killers: Bayden Systems Popup Popper: Blocks popup ads well in MSIE Shoot the Messenger: Close that friggin' Messenger in Windows XP Spyware removers: Spybot S&D AdAware MailWasher: Good for pre-screening & bouncing SPAM Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Test your firewall from without with ShieldsUP! Test your firewall from within with LeakTest

[CommandoFrank]

How about:

Bomb Making 101
The Art of Snipering 101
Destroying Free Enterprise 101
How to Kill Government Officials 101
Terrorism Training 101
Sustaining Lies About Enviornmentalism 101

...and we could go on.

[DMCA]

You do know there isn't much difference between writing a distributed agent and writing a virus save that a virus can be destructive, don't you?

[CommandoFrank]

Excuse my ignorance, but what in the hell is a 'distributed agent'?

A CIA agent assigned overseas? :)

[DMCA]

http://csdl.computer.org/comp/proceedings/ss/2001/1092/00/10920007abs.htm

Abstract: Distributed agent systems derive much of their power to solve complex, large-scale and open-ended problems because the agents within the system can communicate in highly flexible ways and patterns. However, before these systems can be widely deployed it is necessary to be able to precisely understand how different agent communication architectures perform in practice. This paper presents a methodology and performance evaluation study of agent communication architectures that use shared coordination spaces. We first propose a general performance model used to evaluate large systems of communicating agents. By defining several interaction styles our model can describe a wide variety of agent interaction patterns. We use this model to generate a synthetic workload measurement to evaluate the performance of an actual distributed agent system that uses a tuple-space type of coordination space. Our results show that the use of coordination space technology is a viable alternative for many types of communicating agent systems.

http://zen.ece.ohiou.edu/~robocup/papers/HTML/SSST/SSST.html

Agent based computing offers the ability to decentralize computing solutions by incorporating autonomy and intelligence into cooperating, distributed applications. It provides an effective medium for expressing solutions to problems that involve interaction with real-world environments and allows modelling of the world state and its dynamics. This model can be then used to determine how candidate actions affect the world, and how to choose the best from a set of actions. Most agent paradigms overlook real-time requirements and computing resource constraints. In this paper, we discuss the application of agent based computing to RoboCup and examine methods to improve it. In particular, we discuss the incorporation of a meta-level reasoning mechanism that handles individual agent organization, plan generation, task allocation, integration and plan execution. We also propose an architecture where a meta-agent is further enhanced by combining it with system-level resource allocation and optimization. The approach adopted by us unifies agent based computing with adaptive resource management for dynamic real-time systems. The goal is to build and implement a distributed, intelligent, agent based system for dynamic real-time applications.

[rdb3]

The Penguin Ping.

Wanna be Penguified? Just holla!

     .-.
     /v\    L   I   N   U   X
    // \\  >Phear the Penguin<
   /(   )\
    ^^-^^

Got root?

[stainlessbanner]

Universities continue to legitimize subjects that need not be accepted. Virus scripting, sexual disorders, racism, etc.