Idle hands are the devil's playground
, or so the saying goes. This is particularly apt for hackers and virus writers, whose activities are, I believe, born largely out of boredom rather than malice. Their decidedly antisocial behavior aside, many virus writers and hackers begin as well-intentioned individuals with no outlet for their intense curiosity about computers and the Internet.
I'm not going to defend every hacker out there. Nor will I defend script kiddies, who generally have no programming skills whatsoever. I do, however, think that a fair number of exploits are the result of curious individuals testing their skills and seeing what they can get away with. Some youths commit hacks only as a rite of passage to distinguish themselves from the ranks of other self-taught programmers.
Like toddlers, hackers-in-the-making break things and make messes, but often there is no evil intent behind their actions. I believe that, with a little effort, we can nudge these youths toward a more productive future. Virus 101
What brought all this to mind was the recent news
that the University of Calgary plans to offer a course on virus writing, with an eye toward virus prevention. Titled "Computer Viruses and Malware," the course will require students to write and test their own viruses on a closed network to ensure that none of their creations spread beyond the classroom.
We need a paradigm shift in antivirus technology --soon.
The announcement drew the ire of some in the security community, with many antivirus vendors saying they would not consider job applicants with such a credential on their resume.
It's unwise for vendors to make such pronouncements. Simply put, current antivirus technology is not keeping up with virus trends. Using virus signature files worked fine in the pre-Internet 1980s, but it isn't all that effective against rapidly spreading polymorphic viruses, such as Bugbear.b
, and is totally ineffective against memory-only worms, such as Code Red
. We need a paradigm shift in antivirus technology--soon.
The Calgary course could produce fresh thinking about viruses and ultimately, better virus prevention. Let's face it: young people have a lot to offer when it comes to computing. Self-taught 15-year-olds could give a different perspective on the Internet than the one held by those of us who learned formal computing skills in our 20s and 30s. And if kids are going to experiment anyway (which you know they are), providing a safe forum for their activities makes sense. Maine's after-school program
Another program in rural Maine allows high school students who are performing poorly in academic subjects but have an aptitude for computers to hack test systems in a controlled environment. As reported
in the New York Times
, the intent of the Maine program is to foster awareness of computer security as a career choice and perhaps to turn some of these students into Maine-based computer security specialists. I applaud these and other efforts to help kids realize that their computer skills have marketable value.
It's time for the security community to become more proactive.
I'm the first to admit that some hackers and virus writers are criminals who act with malicious intent. But those who aren't, those who are simply antisocial misfits looking for a way to express themselves, represent a wealth of untapped talent and potential.
If we foster safe environments for these would-be hackers to learn in, the entire computer industry could benefit. It's time for the security community to become more proactive--and perhaps learn how to stop viruses from ever being written.
Should virus classes be taught in schools and universities? Why or why not? How do you think we can cut down on computer crime? TalkBack to me.