Debate kicks off again...
By silicon.com
Published: 6 October 2005 15:30 GMT
The arguments for and against teaching students the techniques of the malware community have kicked off again this week, at the Virus Bulletin conference, after a PhD candidate from the University of Calgary walked delegates through a technique for keeping attacks anonymous and undetected.
Andreas Hirt detailed methods for "covert propagation" and in doing so raised more than a few eyebrows around the auditorium.
Hirt's presentation and subsequent failure to clarify which elements of his techniques, if any, have been shared with the security industry drew accusations of irresponsible disclosure from the floor.
This isn't the first time the University of Calgary has drawn fire for controversial teachings in the disciplines of the malware community.
'Know your enemy' is the defence and the university reasonably says it is better equipping future generations of security professionals. So it's interesting that the security industry is so divided on the real value - above the kudos of a headline-grabbing syllabus - of courses on topics such as virus writing, spam and spyware.
The debate goes beyond the obvious and slightly tired arguments about what happens when one or two students go bad.
One security professional talking to silicon.com at Virus Bulletin said, "Everybody has their price", and students' services will typically come at less of a premium.
But the question here is whether there's enough value in such courses to make that negligible but very real risk worthwhile.
There are those in the security industry who argue against the courses on offer in Calgary on a practical, rather than emotive, knee-jerk level.
It is often said most students learn more in their first month 'on the job' than they did during their entire degree course.
Similarly with the rate at which the threat landscape and response techniques are currently evolving, some of the skills and techniques they learn on the course are going to have become obsolete before they serve any long-term professional value.
So the questions have to be: does this kind of course offer any real value? Not really. Does it create an added element of risk? Absolutely.
Looking for a a native French speaking Community Support Lead to work with a popular online game played by millions of children worldwide. The role ...
Enterprise Infrastructure Services to include: Directory, Messaging, Updates, Anti Virus and Malware, Network, PKI, Redundancy / Clustering, Backup ...
A successful Private Training Provider is looking for an Assessor in Electrical Installation to join their team of lecturing staff to provide ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business