[win2kpro]

George Ledin teaches students how to write viruses, and it makes computer-security software firms sick.

"In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software."

http://www.newsweek.com/id/150465?GT1=43002

IMO, and I"m sure some will disagree, Sonoma State University should fire this "professor" today.

[CrazyComputerMan]

Agreed with Intel's suggestion about firing the professor

[dan_mccartney]

Also agree 100%

[briealeida]

Don't want to start a war but I disagree.

AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!

In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?

[new tech guy]

Quote:

Originally Posted by briealeida

Don't want to start a war but I disagree.

AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!

In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?

Have to agree with that. Just look at statistics, blackhats who are caught making bigtime hacks like the attack on the TJ Maxx servers are brooded over by security companies and private security workers to work for them in creating network defense systems. This is because they know how the other side works. Therefore know exactly how to shut down those vulnerabilities which is what this person wanted to do in this case. Also, having doing this, the new students now know the insides of the code for the programs and can customly modify them to possibly amplify security.

[Chrismichael]

Knowledge is paramount. Denying knowledge is wrong. You can find most if not all the information this man is teaching on the internet. Should we censor the internet also?

[win2kpro]

Teaching virus writing as a college course has no more place in a curriculum, than teaching students how to build an IED.

Companies that deal with viruses and other malware should be the ones teaching their employees how to recognize and deal with viruses and other malware, just as the military teaches their personnel how to deal with IEDS.

Why would anyone believe that a college student learning to write viruses and other malware would go on to use their knowledge working for a company designing antivirus and other malware software, than a college teaching students to build an IED would go on to use their IED knowledge for military or peaceful purposes?

[webaddict]

Quote:

Originally Posted by briealeida

Don't want to start a war but I disagree.

AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!

In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?

Agreed. This highlights the importance of including ethics as part of all subjects. There's no need to deny them the gift of knowledge. Along with knowledge build their character that minimizes the possibility of taking the wrong route to success.

[MikeSwim07]

Quote:

"You can't really have a defense plan if you don't know what the other guy's offense is," says Lincoln Peters, a former Ledin student who now consults for a government defense agency.

I definitely agree

[new tech guy]

Also to win2kpro, what makes u think just because the guy already works at a security software developers company who learned how to work with malware wont reverse engineer that knowledge to make a nasty themself. I think its smart to teach both spectrum's and give the student the choice on what to do with the knowledge. The best way of learning is self teaching. You learn fast when you are forced to decide for yourself then when someone dictates what you should do to you.

[tomdkat]

Interesting article. Since this is taking place in an academic setting, I'm wondering if they are focusing on Windows or "surveying" other OSes as well.

Peace...

[win2kpro]

I just don't personally believe that an institute of higher education should be teaching students techniques that MAY be utilized for criminal activities (cyber crimes or otherwise).

Just a small example of trying in a small way to prevent criminal activity can be found right here at TSG. In forums, we can no longer provide information for cracking passwords.
While most of the information necessary is available on the net, most criminals without some background of computers may have a difficult time cracking a password. Should TSG freely provide information to assist in possible criminal activity?

From life experience I have the knowledge and know how that I could teach a person with a little mechanical knowledge how they could steal a specific "object" (that will go unnamed), and with an investment of approximately $20,000-$50,000 could sell that "object" within approximately 18 months for $300,000-$1,000,000 with less than a 1% chance of being caught.

Because I have this particular knowledge, should I teach others, and thereby increase the rate of crime in this Country? I think not.

With identity theft and other cyber crime rising at a significant rate, I just don't believe a college professor should be providing this type of knowledge to his students in this particular area, anymore than I should provide information on how to steal a specific "object" and make a tremendous profit at the expense of the public.

[JohnWill]

I have to come down on the side of not teaching this, we have enough people doing that kind of activity already. I'm not buying the part about "the gift of knowledge".

[MikeSwim07]

In my opinion it's not like these students are going to use this info for bad. They are going to university to study security. They probably will work for some AV company etc where they can use this to possibly improve the avs.

[guitar]

this has been going on for years all computer security workers military and business have taken virus/hacking courses
hack into a web page eg bank put something on their front page contact said bank tell them how it was done and get offered a job its been goin on for years and i agree that the course should be held people taking these courses are then accountable for how they use this knowledge or do you all think we should turn a blind eye and not teach this skill to honest law abiding security personel