[ISN] Controversial course teaches spyware writing

From: InfoSec News (alerts@private)
Date: Thu Nov 02 2006 - 03:07:52 PST


http://www.azcentral.com/news/articles/1101gns-spamcollege01-ON.html

By Nicole Gaudiano
Gannett News Service
Nov. 1, 2006 

College student Nathan Friess recently designed a computer spyware 
program that could invade your computer, log your keystrokes and even 
collect the password to your bank account.

"It did a good job of hiding itself," said Friess, 23. "It also made 
itself relatively difficult to remove."

If you think his sinister-sounding creation got Friess into trouble, 
think again. The spyware program was homework for the graduate student 
at University of Calgary in Canada. And it earned him an A.

A hands-on computer security course at the school teaches students in a 
secure lab how to write spyware and spam -- and how to defend against 
them.

It's the latest controversial class taught by John Aycock, a computer 
science professor who inspired outrage and an online protest from more 
than 100 industry experts when he introduced his computer virus-writing 
course in 2003.

Aycock followed up with the "Spam and Spyware" class last year. He said 
the class gives students "a solid base upon which to construct better 
defenses."

"Given that spam and spyware are frequently touted as major problems for 
our computer-dependent society, universities should be lining up to 
teach students about spam and spyware," he wrote in a July abstract on 
the course.

Other computer security professors say Aycock's class is the only one 
they know of that actually teaches students how to write spam and 
spyware in a lab.

Professor Richard Fordteaches a detailed course on malicious code at 
Florida Institute of Technology in Melbourne, Fla., and has walked his 
students through an analysis of the "SQL Slammer" computer worm that 
overwhelmed servers and slowed worldwide Internet traffic in 2003.

"However the emphasis is understanding how it works instead of, 'This is 
how you do it,' " he said. "I don't think the students need to implement 
the virus to understand the virus."

Aycock's critics question the security of his classroom lab and the 
benefit of such teaching methods. Representatives from McAfee and Sophos 
Internet security companies have vowed never to hire his students.

"It's kind of like saying, In order to be a better doctor you have to 
learn how to torture people,' " said Joe Telafici, director of 
operations at McAfee Avert Labs.

Aycock's students work in a laboratory with computers in padlocked cases 
operating on an isolated network. Security is even tighter in the 
virus-writing lab, with no electronics allowed in or out.

But Ron O'Brien, a senior security analyst at Sophos Inc., warned that 
accidents can still happen.

"There is a concern that something created in the lab could escape into 
the wild, whether it happens intentionally or unintentionally,"he said.

Aycock said he knows of no students who have misused what they learned. 
Students must sign a legal agreement that they will abide by lab 
protocol. They also write an essay about why they want to take the 
course and get their photo identification checked at the door.

"These are our best students," Aycock said. "They're well-grounded in 
law and ethics. I don't have any trouble sleeping at night."

Friess, who may pursue his doctorate or a cyber security job, calls the 
criticism of Aycock's course "unfair." He said he has a duty to properly 
use his new skills, just as a chemistry student has a duty not to make 
pipe bombs.

Another of Aycock's graduates, Reg Sawilla, said the malicious software 
he wrote in class helps him understand whether he's proposing effective 
solutions on the job at a research and development agency of the 
Canadian defense department.

"The people taking this course are not people who want to learn how to 
do harm with it," said Sawilla, 33. "Their interest is in understanding 
how these things work to further the research."


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Nov 02 2006 - 03:22:41 PST