[unisog] University virus-writing course?

Jim Dillon Jim.Dillon at cusys.edu
Wed May 28 22:53:05 GMT 2003

I basically agree with the comments put forth previously on the "Virus and Malware" course.  One observation I had countering this was this quote (if indeed it is accurate outside of its context.)

"developing malicious software such as computer viruses, worms and Trojan horses that are known to wreak havoc to the tune of billions of dollars world-wide on an annual basis." 

The wording is unfortunate, in that it seems to be encouraging the study of developing "malicious" software and "wreaking havoc".  It does appear to me that Universities do have some responsibility to support social ethics.  Acting in a malicious manner and wreaking havoc should not be supported.  Understanding how viruses and malware are created is useful.  A virus or application really isn't a "bad" thing in and of itself (its really neutral) until it is executed or handled irresponsibly and causes someone else harm.  Academic freedom should not include the freedom to encourage malicious and damaging social activity.  I'm pretty sure that with full context this class wouldn't really support such activity.  If it did, then SOPHOS would have a case.

I think the advertisement for the class, if it did carry the tone SOPHOS proposes, could have been done more responsibly.  I don't think that's an argument that should be used to say such a class is bad.  On the contrary, understanding your "enemy" is a key skill in negotiating, and in war and conflict.  To not gain such knowledge leaves you at a disadvantage. Like the rest of the commenters, SOPHOS is being a bit self serving, and I don't agree that having classes that teach about virus creation is irresponsible, rather, it really is necessary to build good defenses.  The university might have been a bit more careful in its wording/approach.  Of course again, this is assuming that the phrase quoted would hold up as an affirmation of malicious behavior if read in context.  I have a feeling it wouldn't carry that tone if you read the whole context.  My vote, SOPHOS gets the egg on their face this time.  You can assert almost anything out of context.

Best regards,


Jim Dillon, CISA
IT Audit Manager
University of Colorado
jim.dillon at cusys.edu
Phone: 303-492-9734
Dept. Phone: 303-492-9730
Fax: 303-492-9737

-----Original Message-----
From: Martin Sapsed [mailto:m.sapsed at bangor.ac.uk]
Sent: Friday, May 23, 2003 8:23 AM
To: unisog at sans.org
Subject: [unisog] University virus-writing course?


I've just noticed this snippet referring to a longer article in a Sophos 
E-news bulleting. Is this really news and do people here have opinions?

Sophos reacts with surprise and disappointment to the news that
the University of Calgary in Canada is offering its students a
course in malicious virus-writing.




P.S. This isn't intended to be marketing for Sophos, I'm just a customer...

Martin Sapsed				
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

More information about the unisog mailing list