“The Growing Harm of Not Teaching Malware”

This fellow (warning, PDF file) claims that all computer science graduates should take a course in writing Trojans, viruses, worms, and the like — “malware” — or at least that it should be offered as a regular part of an elective security course.

At first, I was taken aback by the suggestion. You don’t want to encourage people to write malware! But a second’s thought told me that that was foolish. In order to fight anything effectively you’ve got to know how it works (which is the author’s primary point), and people who would write malware would learn to do it regardless of whether it’s part of a course or not (a point he also addresses, near the end).

My opinion, for what it’s worth: he’s right. Teach computer security students how to write malware. Wider knowledge of it in that group can only help.

(Via Schneier on Security)

8 Comments

  1. One thing it would teach students more than many assignments is creativity and efficiency, skills useful in many fields of programming.

  2. They already learn efficiency. And creativity can’t be taught, it can only be demonstrated by example — a few will be able to pick it up, most likely won’t.

    • I think it’s a given, at this point, that there won’t be any more Sun Java courses.

      • As I’m sure you know, Oracle has no interest in Java. They only bought it so they could sue Google. Once that lawsuit is over, if they can’t see any way to make more money off it, they might drop it entirely.

        • That should take a few years, and educational curiculums in computer science don’t exactly turn on a dime. When I went to college, they were still teaching COBOL and FORTRAN.

        • As it turns out, that was a good thing, given that it wasn’t much later that short-sighted cheapskate banks had to scramble to prevent a financial meltdown and needed all those COBOL programmers. But I think that was COBOL’s last hurrah, it pretty much went out in a blaze of glory at midnight on New Year’s Day, 2000.

Comments are closed.