May 28th, 2003 06:15 PM
I'm with you msmittens. most people don't go through four years of college to turn stupid a few months before they grauduate. (and by turn stupid, I mean do foolish and eeeeevil things with their virus knowledge.)
also, i didn't insinuate the class was easy. In fact, I was insinuating that it was not easy, and that most skript kiddies would prefer sub 7 and netbus to learning how to program.
i\'m starting to think that i\'m bound to always be the first guy on the second page of the thread.
May 28th, 2003 06:28 PM
Personally, I think that those who are bent toward doing evil with their programming knowledge will do so with or without a class being taught. The information is out there.
I also think that books like Hacking Exposed, Hack Attacks Revealed, Counter Hack and the like are essentially based on the concept that to be a good security administrator it helps to know exactly how the hackers/crackers are attacking in the first place.
It seems logical on those same lines that learning advanced virus-writing techniques may prove valuable in defending against those same techniques or even possibly coming up with the next generation AV software that will protect better. The current virus-signature based protection can only go on so long. What happens in a year? 5 years? 10 years- when the number of viruses and worms grows exponentially and the signature/footprint database is 150Mb? There has to be another way to catch and block these threats other than signatures.
I also think that by knowing exactly how the viruses and worms work it may be more possible to create the vaccine or anti-worm that could be unleashed on the Internet to eradicate and counteract these threats (although counter-hacking is still a controversial topic of ethics and legality).
AVIEN / EWS of which I am a member has issued a press release strongly advising against this class or teaching this sort of material. Here is an article about this topic: Article
June 3rd, 2003 10:22 PM
I just posted my own article on this topic:
Click here to read the full article at About.com: Virus Writing 101
The University of Calgary will be teaching some students how to write viruses. Some of the security community vehemently oppose sharing this knowledge and would prefer to practice security through obscurity when it comes to virus defense.
June 4th, 2003 12:57 PM
Heh heh, I got drive by'ed. . .gotta love this place. . . btw, That was an excellent article tonybradley!!
Every now and then, one of you won't annoy me.
June 4th, 2003 02:45 PM
Many many good points in this thread.....
As Tony pointed out, the knowledge is out there and as the old saying goes, "People do what they want to do." I'm sure some of you have seen the Virus Lab Kit right? For those who haven't it basically has point-and-click virus creation capabilities while at the same time generates and displays the code used to perform the action. With programs like this available, what is the sense of not offering a course that actually teaches *proper* coding techniques in a controlled environment?
Trying to discourage people from taking courses like this, in my opinion, is closed minded and backwards. I have a lab here at my facility where I teach my junior security technicians the mechanics of high profile exploits. After that, I show them how to use those skill sto identify unpublished vulnerabilities. Once they have a true understanding of how an exploit works, I believe that they will be better technicians. Will they or could they pump this info into the underground? Sure, but to me the benefits of them knowing far outwiegh the potential damage they could do with their new skills. How many people here get pissed off when a netadmin doesn't understand how domain broadcast traffic is handled? Same idea here folks. Sure, by knowing exactly how domain broadcast traffic works, you can potentially hose up WINS resolution but wouldn't you want the admin to know how this works should your PC stop performing lookups across network segments? See my point here?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden