This fall, the Canadian school is offering a class for fourth-year students titled "Computer Viruses and Malware," in which students will write and test their own viruses. The move has touched off a wave of criticism within the antivirus community.
Ken Barker, head of the school's computer science department, contends that such a class is needed to better understand what motivates those who write malicious software, which he says is a growing problem. In just the past 24 hours, McAfee has discovered some 190,000 new infected files, Barker said.
"Somebody who is suggesting we are doing enough really has their head in the sand," Barker said. Plus, school officials note that information on how to write viruses is already easily accessible.
Both those in favor of the class and those opposed agree that virus infections are costing corporations billions, particularly in the lost productivity that comes when an infection brings e-mail servers to a halt.
But David Perry, global director of education for antivirus software maker Trend Micro, said encouraging people to write more viruses is a bad idea.
"Why not have classes in hacking?" Perry said. "Why not have classes in all kinds of malicious computer activity?"
Perry rejects the idea such training could lead to better bug fighters.
"I don't see there to be any educational value at all," Perry said. "You don't send somebody out to shoot someone so they understand what happens when somebody gets shot."
On the other hand, computer virus expert Fred Cohen contends that it makes sense to let students interact with viruses firsthand, even creating their own--provided enough safeguards are in place to make sure the computer bugs don't leave the classroom. A class of graduate students taught by Cohen did just that this past semester at the University of New Haven.
Cohen said that by writing their own viruses--as well as antivirus software to stop their creations--his graduate students learn how easy it is to create such bugs, how quickly they spread and other knowledge of how such code operates.
At the same time, he rejected the University of Calgary's notion that students can get in the mind frame of those who distribute malicious code by writing viruses of their own.
Cohen's main concern is that if other schools like the University of Calgary want to offer such classes, that they make sure to set up safeguards to prevent the students' work from getting out of the classroom.
"It's not--in general--a very safe thing to write viruses," said Cohen, who also works for market analysis firm the Burton Group. "It's easy to make a mistake."
Calgary officials say the school has taken appropriate precautions, with plans to use a closed network and prohibiting students from removing disks from the virus-infected labs, which will be secured 24 hours a day.
For his part, Trend Micro's Perry said there is little need to study virus writing at all, given the simplicity of most malicious code.
"Generally speaking, the people that release viruses into the wild are not very good computer programmers," Perry said. "If you are a very good programmer, somebody hires you to write programs."
But it is that very financial motive that Barker said will keep his school's students focused on preventing viruses rather than launching them.
"They are not really employable as virus writers," Barker said.
Play video
There are currently no comments for this post.