A Special Needs Class

The University of Calgary's new course in virus-writing begs the question: is it a cheap publicity stunt or just boneheaded educating, asks SecurityFocus columnist George Smith.

Did you hear the one about the college professor and his virus-writers course? For the final exam students had to work up viruses that land them in jail for eighteen months. Ta-dump!

It's a valid requirement for getting inside the mind of the virus-writer. It sufficed for virus-writer Chris Pile and would be sure to separate the men from the boys in any such class, guaranteeing that if they talked the talk of the malicious code programmer, they could walk the walk, too.

But I doubt whether John Aycock of the University of Calgary will make his Fall semester virus-writing students do that. Angry parents, outrage, lawsuits, ejection from the academy.

Outrage alone is good, though. It means publicity, and the University of Calgary's press release on its new virus-writing course explicitly promises "[i]nterviews and photo opportunities can be made possible subject to availability."

The computing men of UCal want notice and they should have it. And not just kudos for dreaming up an exciting curriculum but admonishments, too, because real virus-writers revel in their bad notices.

The aim of the UCal course is to get a personal look through the eyes of the malware maker, the reasoning being that only by generating nasty code can one understand and fight digital disease.

"This attitude is similar to what medical researchers do to combat the latest biological viruses such as SARS," blabbers the UCal statement. Absolutely! Everyone knows that the doctors who fought smallpox invented new brands of it and that all medical students specializing in infectious disease have to spend a semester cooking up new ailments.

However, a virus-writing course shouldn't be dumbed down with only milk-liver assignments like the programming of new computer viruses.

The technique of virus-writing is only about ten percent of the mind of the virus-writer and, truth be told, it's the most easily duplicatable and boring part. In addition, the programming is ephemeral: what makes a good Klez now will be no damn good in five years, and students deserve to be given skills that will last them a lifetime.

The good professor, wishing to fathom the motivations of virus-writers first-hand, will have to reproduce in the class some true virus-writer orthodoxy. Aycock, however, may not be able to fulfill this since it is alleged that students who take their work outside the lab will flunk. He might wish to think twice about that penalty.

You see, virus-writers have traditionally been stoked to produce more by observing the success of their creations in the real world. Priest, a San Diego-based virus-writer, was particularly thrilled when anti-virus companies would include the names of his viruses in ads placed in the trades. Others gained inspiration from seeing their creations appear in the anti-virus industry's "Wild List."

As a student, Harry McBungus released his work onto the computing devices of his peers in Australia and, of course, a university presents many opportunities of this nature, too.

Midterm Worms

To build esprit de corps, the class could divide into competing virus-writing claques, with names chosen with an eye toward virus history -- like NuKE[Calg@rEe] or Northern Corrupted Programming.

A week or two could be reserved for devising means of baiting victims with virus-infected porn-loaders, or the launching of mass mailing worms from an anonymous computer in the school library.

Another portion of the class could be used to build a virus-writers' website, perhaps named The Hellacious Pit, in honor of one of the largest virus exchanges of pre-World Wide Web days. A system of digital barter would be set up so that one could download viruses only by contributing new viruses. Verification could be strict or non-existent, depending on the rigor of the exercise.

Some students, for example, might want to take a digital fingerprint of all original viruses before stocking, and then scan uploads for minor variants, duplicates, non-functional "intended" viruses or dummy files. Using the fruit of this labor, viruses could be burned to CD as a unique collection and sold, the cash collected going into a fund that could be used as hush money for angry students and administrators involuntarily enrolled in the class as logical end points of a virus-writing experiment.

Viruses written during the course could be collected and published by the university press. A good title would be "The Little Red Book of Computer Viruses." I would suggest the color black but it's already been used.

By nature, virus-writers love to imagine themselves as nemeses of the anti-virus industry. The UCal course is off to a good start with its initial press, but to fully carry out this delving into the virus-writing persona it will need to continue its bonehead boasting through the semester. The school is well-suited for this capacity because it can issue inflammatory can't-miss press releases like: "Elite Aycock group produces midterm worms that could cause [fill in the blank] billion dollars in damage to world economy if released."

Students should be prepared, with knowledge born from course experience, to also explain how virus assaults to the US economy -- $266 billion, according to the UCal press release -- are over three hundred times more destructive and dangerous than the September 11 attack on the Pentagon, which resulted in $800 million in damages. If they can't do this, they'll become the object of jests, their faculty regarded as buffoons. Perish the thought.

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.