Let's not muzzle SSU prof who aims to stop hackers
Published: Saturday, May 26, 2007 at 3:43 a.m.
Last Modified: Friday, May 25, 2007 at 9:00 p.m.
Three software companies that develop computer security are bugged that a Sonoma State University professor is teaching students how to create computer viruses. But we're less than sympathetic with these complaints.
Professor George Ledin has made it clear that his plan is to teach students -- in a controlled environment -- how to create these viruses as a means of teaching them how to prevent and kill them.
This is hardly a novel approach to attacking a problem. For generations, medical researchers have known that the first step toward developing an inoculation, medication or cure is to recreate the virus.
Just as in a medical lab, Ledin needs to employ safeguards to ensure these viruses do not get out into the real world and are snuffed out when the assignment is completed. In addition, he needs to make sure his students understand their ethical obligations to use the information they learn in class for constructive purposes. But Ledin has addressed all of these concerns.
Even with these measures, the risk remains that a computer science student will use this information for wrongdoing. But that was true whether this class exists or not. Hackers are still finding ways to ply their trade as an estimated nine out of every 10 computers are infected with a program that was installed without the user's knowledge.
Ledin points out that must of the malware now circulating is written overseas. Hoping these hackers will go away by preventing the study of viruses at American colleges is simply sophomoric thinking. It's also counterproductive.
Computer science professors from four universities, including University of California at Berkeley and Carnegie Mellon University, recently announced they had developed new software that not only blocks malware but attacks any new variations on the virus that may follow.
And creating this software required testing variations of new viruses on existing security systems.
These three security businesses may chose to blackball SSU graduates because of this course, but before they take such a dramatic and unfair step they should ask consumers one question: Would they rather buy computer security software supported by someone who knows how to create a virus or software supported by someone who doesn't?
All rights reserved. This copyrighted material may not be re-published without permission. Links are encouraged.
Comments are currently unavailable on this article