College Classes On Malware Writing Still Piss Off Anti-Virus Firms

from the security-through-obscurity dept

Over five years ago, we wrote about a college that was starting to offer a new computer science class in writing computer viruses. And, of course, various anti-virus companies went ballistic, claiming how dangerous it was. Yet, as we pointed out at the time, anti-virus companies don’t have the greatest track record in actually stopping viruses — so it seemed only reasonable to teach people to better “think like the enemy.” Anyway, it appears not much has changed. Theodp writes in to let us know about an article in Newsweek about a very similar course being taught at Sonoma State University by George Ledin, where students are tasked with creating their own malware.

Once again, various security companies are condemning the technique, even sinking so low as to compare Ledin to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea. They even insist they won’t hire his students — which seems particularly short-sighted. As Ledin points out, it appears that this is really more about the security companies wanting to keep the world more scared than they need to be of malware, so as to pretend that they’re the only ones who can solve the “problem” — when the truth is they’re not very effective at it. He complains that anti-virus firms keep their code secret (thank you, DMCA). He points out that if they were willing to open it up, and let lots of folks work on improving it, it would get much, much better. All he’s trying to do is help more people understand the enemy without first having to work at one of those companies that’s been so ineffective in stopping malware — in the hopes that maybe some of his students can actually come up with a better soltuion.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “College Classes On Malware Writing Still Piss Off Anti-Virus Firms”

Subscribe: RSS Leave a comment
Anonymous Coward says:

It's the beginning of the end.

The Anti-virus companies are just trying to protect their primarily fear-based monopoly on the market. This is just another example of the growing trend towards open source solutions. When the businesses and the public realize that viruses are just clusters of code and not some demonic force the anti-viruses are goingto be in quite a pickle.

Mike (profile) says:

Re: Re:

Funny that Theodp hasn’t posted anything on TD since January, but still is quick to tell TD about a malware class.

Actually, he regularly submits stuff, some of which we post, some of which we don’t. But there have been plenty since January, so not sure where you got your “stat” from.

Ferin (profile) says:

must be something in the water

Why is it people seem to think if you hide something and don’t teach people about it somehow the problem will go away? It’s like these morons think saying “Don’t do that, it’s bad” and refusing to educate people about an issue is gonna make everythign all right. Cripes, haven’t they learned enough from the lame attempts as such an approach with sex education?

chris (profile) says:

Re: must be something in the water

Why is it people seem to think if you hide something and don’t teach people about it somehow the problem will go away?

half the reason is that people are happy being ignorant and half the reason is that the “protectors” of the world (cops, feds, security vendors) want to keep their clients and the competition as ignorant as possible.

people always freak over youtube videos on lock picking, or TV shows that teach people about how the drug trade works, because they don’t understand that all information is good.

there is this stupid idea that you can protect people by burying information. that’s ridiculous. you protect people by putting information out in the open where anyone, good or bad, can find and fix the problem.

the criminals already have the information. they already know how to pick locks, or make crystal meth, or sneak metal onto an airplane. the rest of us need this information too, so we can figure out how to protect ourselves effectively.

Nagolod says:

Maybe if malware-curious students can try their skills for an proper school assignment they won’t feel the need to test their stuff in the open field of the internet.

Given that AV/security companies make their living from fighting malware, sometimes I wonder whether they might have a secret “branch” that actually funds or develops malware itself. This way, they make sure they don’t run out of business, while at the same time aid their “effectiveness” claims by developing thing the cure together with the disease… Hey, maybe that is the real reason why they are pissed off?

Haywood says:

The only thing keeping big AV alive now............

Is inertia and product placement. People used to associate AV protection with Norton and McAfee, they were Hertz and Avis, there was nowhere else to go. In their day, they were great, but they lost focus & started pushing all in one security packages. This lead to bloat and resource hogging, most want to be free from virus and malware, but few are willing to give up a good portion of their processing power for it. Enter the lean mean & free group, like the free versions of Avast and AVG.
The biggest threat to computer security is IMO; the trial versions included on retail computers. Once the trial runs out, the average user just keeps on going with no shield at all. I’ve repaired quite a few of these. Once they get so laden that they take an hour to boot up fully, they come crying for help, & I clean it up give them a good free AV and firewall & never hear from them again.

chris (profile) says:

signature based detection doesn't work

anti virus software was fine when most attacks were highly automated and written and released by one person.

usually that one person was not very skilled and the software was [somewhat] quickly identified and updates released to handle the outbreak.

malware today is far more complex, and has been for about 4 years.

in the last couple of years, malware has taken a different turn. it’s not nearly as automated, it’s written/modified by teams of professionals who are financed by criminal organizations or rogue nations, and its intent is to do more than annoy.

the result are releases and variants that are re-tooled manually and aren’t identified before widespread release. they often slip right by anti-virus software because the user gets suckered into installing it: i.e. vundo, virtumonde, or any of the numerous phony anit-virus or anti-spyware packages that end up on machines. the signatures are at best not detected, and at worst ignored by the user.

there is a reason there are hundreds of thousands of zombies in the the storm and kraken botnets: using anti-virus software to protect your computer from tampering is like giving your child antibiotics to protect them from kidnappers.

Chris says:

We need more than AV

I say the more educational sites doing this the better. SANS has offered this kind of training for years ( We need new minds and new innovations because the entire industry has become stagnant.
AV software was fine in the 20th century as most malicious code writers were interested in little more than mass propagation. Under that model the statistical chances of an infection being identified and reported to an AV vendor (so the rest of us get a signature) were pretty favorable.
The problem is the model has changed. Malware writers now leverage their skills to make money. Under that model spear attacks are used rather than mass propagation. This dramatically reduces the statistical chances of a useful signature being created. We’ve had a number of incidences where systems have been infected for 2+ years before being detected.
So why do AV vendors refuse to adapt? One word, “money”. A signature based model generates a reoccurring revenue stream month to month. What we need is better HIPS and app control technology which does not lend itself to a reoccurring revenue stream. So if they fix what ails us, AV vendors end up hurting their bottom line. Not much of a business motivation there.
So the more bright folks we can have up to speed on malware who have learned their skills outside of the AV bubble, the more likely someone is going to hit on and actually release something that will address the current model.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...