Spyware School at Canadian University
When the University of Calgary introduced its virus/malware course in the fall of 2003, news of it spread like spam.
Many in the security industry questioned why the Computer Science department would encourage its students to design and write viruses. They wondered if these future IT professionals would use their knowledge to do more harm than good.
Professor John Aycock has always stressed that hands-on learning is the best way to teach and does not see a threat to the security industry.
"Just the opposite: this is a huge benefit to the security industry," he tells Lavasoft News. "Imagine hiring people out of university who have a deep understanding of threats and how to counter them. The savings on training alone would be considerable."
After teaching the malware/virus course for a couple of years, Aycock realized there was plenty of material to add a full course on spam and spyware, both major problems for computer users today. In the fall of 2005, students began learning how to write spyware and the tools to send and propagate spam. The course was the first of its kind in the world.
The research conducted anticipates, rather than follows, the next move of spyware and spam writers. Students test computer programs that mimic or anticipate potential threats in an effort to better understand their inner workings and mount a defense. All this is done in a secure environment.
Restrictions for entry into these courses are tight. Along with meeting certain ethical requirements, a subcommittee reviews the academic record of each applicant. All students must also sign an agreement that any misuse of the information in the course can lead to course failure and even criminal prosecution.
There may always be critics, but Aycock likes to focus on the positive. "Regardless of opinion about the courses, I'd say that we've become a part of the anti-virus landscape after this many years. The reaction from anti-spam companies has definitely been more positive from the outset," he says.
Security providers like Lavasoft, the makers of Ad-Aware SE anti-spyware, think it is a brilliant way to teach.
"The hands-on approach is the only way to teach in this business," says Christopher Allansson, Manager, Lavasoft Security Center. "I would definitely hire a graduate of this program knowing that he or she knows the inner workings of spyware, both how to implement it and reverse it. A person like that would be invaluable to us."
The first graduates of the program hit the job market last spring and so far, the reaction has been positive. Some students are working in the security and defense industry, while others are doing graduate research in security.
The U of C Computer Science department shows no signs of slowing down. A research chair in security has been hired, an undergraduate concentration in information security has been added and more faculty and computer security courses are in the works.
Read more about the school and the department here.