NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY 09/23/04 Today's focus: Creating viruses in a university course, Part 1
Dear [EMAIL PROTECTED], In this issue: * University professor draws fire for virus course * Links related to Security * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Aventail Challenging the Myth of IPSec Security While giving more users remote access increases productivity, it also exposes your network to malicious attack. For remote access, clientless SSL VPNs provide stronger security, while reducing administration and support costs. Before buying IPSec, consider the security challenges posed by today's users, devices, and locations, in the paper "Challenging the Myth of IPSec Security." http://www.fattail.com/redir/redirect.asp?CID=81417 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on Mobility, IP Telephony Security, the State of Wireless LANs and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=81393 _______________________________________________________________ Today's focus: Creating viruses in a university course, Part 1 By M. E. Kabay A storm of criticism washed over a University of Calgary professor last year when he announced his intention to teach a fall course entitled "Computer Viruses and Malware." Assistant Professor John Aycock shocked the anti-virus world by including his intention to have his undergraduate students write some malicious code. Many experts objected on the following grounds: * Writing malicious code is unnecessary in teaching how viruses, ��worms and Trojan horses work or how to fight them. * Keeping the malicious code contained within the class of ��laboratory would be difficult or impossible. * Some students would take the wrong message home about the ��ethical implications of creating malicious code. * Students with experience writing malware would be unemployable ��by anti-virus firms, always concerned about the widespread rumor ��that they engage in writing viruses for profit. Supporters of the course rejected these arguments, assuring critics that the laboratory would be well secured and insisting on the pedagogical value of such exercises. In addition, they stressed that virus writing would be only a small part of the course, which would also teach students about the history of malware, economic consequences of these programs, countermeasures, legal and ethical considerations, and wider principles of computer and network security. After the course was over, there appeared to have been no breaches of security and university spokespersons insisted that they would offer the course again despite their critics. It seems to me that writing real viruses may be less valuable to the students than analyzing a wide range of existing viruses and thinking about, designing, and implementing anti-virus mechanisms. However, given the relatively minor part that this exercise plays in the overall course, it also seems to me that critics may have overreacted. More about this issue in the next column. RELATED EDITORIAL LINKS How to Write a Computer Virus, for College Credit The Chronicle of Higher Education, 01/16/04 http://chronicle.com/free/v50/i19/19a03301.htm College plans virus-writing course CNET, 05/28/03 http://news.com.com/2102-1002_3-1010538.html Security Experts Blast Virus Class Computing Canada, 06/06/03 http://www.itbusiness.ca/index.asp?theaction=61&sid=52619# Virus Writing 101: Students to Receive College Credit for Writing Malicious Code About.com http://antivirus.about.com/library/weekly/aa052303b.htm _______________________________________________________________ To contact: M. E. Kabay M. E. Kabay, Ph.D., CISSP, is Associate Professor in the Division of Business and Management at Norwich University in Northfield, Vt. Mich can be reached by e-mail <mailto:[EMAIL PROTECTED]> and his Web site <http://www2.norwich.edu/mkabay/index.htm>. A Master's degree in the management of information assurance in 18 months of study online from a real university - see <http://www3.norwich.edu/msia> _______________________________________________________________ This newsletter is sponsored by Aventail Challenging the Myth of IPSec Security While giving more users remote access increases productivity, it also exposes your network to malicious attack. For remote access, clientless SSL VPNs provide stronger security, while reducing administration and support costs. Before buying IPSec, consider the security challenges posed by today's users, devices, and locations, in the paper "Challenging the Myth of IPSec Security." http://www.fattail.com/redir/redirect.asp?CID=81416 _______________________________________________________________ ARCHIVE LINKS Archive of the Security newsletter: http://www.nwfusion.com/newsletters/sec/index.html Breaking security news: http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE GETTING AHEAD OF SARBANES-OXLEY The Sarbanes-Oxley Act of 2002, which was passed in the wake of accounting scandals at firms such as Enron and WorldCom, is one of the greatest challenges to companies' corporate reporting and compliance efforts. Find out how Thermo Electron's Michael Kamens is meeting the requirement for having a properly audited system of internal controls and processes is in place by November. Click here <http://www.nwfusion.com/news/2004/092004yourtakethermo.html?ts> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
