[unisog] University virus-writing course?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed May 28 17:49:10 GMT 2003


On Fri, 23 May 2003 15:22:59 BST, Martin Sapsed <m.sapsed at bangor.ac.uk>  said:
> Friends,
> 
> I've just noticed this snippet referring to a longer article in a Sophos 
> E-news bulleting. Is this really news and do people here have opinions?

Opinions here (here, have some, everybody *knows* I'm well-stocked with them ;)

Although at first glance the U of Calgary's position seems unsupportable,
there's actually some good sense in having a course in creating malware
as part of a curriculum on computer security.

You can't build defenses against something you don't understand.

It's as simple as that.  Any fool can deploy AV software from a vendor,
but in order to *create* this stuff, you really need a deep understanding
of how it works.  You can deploy software to guard against buffer overflows
in programs without understanding, but you can't *create* something like
StackGuard unless you understand the problem in detail.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20030528/361fd18b/attachment-0003.bin


More information about the unisog mailing list