Lavasoft News - November 2006

Spyware School at Canadian University

When the University of Calgary introduced its virus/malware course in the fall of 2003, news of it spread like spam.

Many in the security industry questioned why the Computer Science department would encourage its students to design and write viruses. They wondered if these future IT professionals would use their knowledge to do more harm than good.

Professor John Aycock has always stressed that hands-on learning is the best way to teach and does not see a threat to the security industry.

"Just the opposite: this is a huge benefit to the security industry," he tells Lavasoft News. "Imagine hiring people out of university who have a deep understanding of threats and how to counter them. The savings on training alone would be considerable."

After teaching the malware/virus course for a couple of years, Aycock realized there was plenty of material to add a full course on spam and spyware, both major problems for computer users today. In the fall of 2005, students began learning how to write spyware and the tools to send and propagate spam. The course was the first of its kind in the world.

The research conducted anticipates, rather than follows, the next move of spyware and spam writers. Students test computer programs that mimic or anticipate potential threats in an effort to better understand their inner workings and mount a defense. All this is done in a secure environment.

Restrictions for entry into these courses are tight. Along with meeting certain ethical requirements, a subcommittee reviews the academic record of each applicant. All students must also sign an agreement that any misuse of the information in the course can lead to course failure and even criminal prosecution.

There may always be critics, but Aycock likes to focus on the positive. "Regardless of opinion about the courses, I'd say that we've become a part of the anti-virus landscape after this many years. The reaction from anti-spam companies has definitely been more positive from the outset," he says.

Security providers like Lavasoft, the makers of Ad-Aware SE anti-spyware, think it is a brilliant way to teach.

"The hands-on approach is the only way to teach in this business," says Christopher Allansson, Manager, Lavasoft Security Center. "I would definitely hire a graduate of this program knowing that he or she knows the inner workings of spyware, both how to implement it and reverse it. A person like that would be invaluable to us."

The first graduates of the program hit the job market last spring and so far, the reaction has been positive. Some students are working in the security and defense industry, while others are doing graduate research in security.

The U of C Computer Science department shows no signs of slowing down. A research chair in security has been hired, an undergraduate concentration in information security has been added and more faculty and computer security courses are in the works.

Read more about the school and the department here.

Home  arrow

 

Spyware Stats
81% of home computers lack core protection (updated anti-virus software, a firewall and spyware protection).

38% of home computers lack any spyware protection software.
Source: National Cyber Security Alliance

Trojan horse

Term of the Month
A Trojan, or Trojan horse, as it's usually known, is a malicious program disguised as, or embedded within, legitimate software. It is derived from the classical myth of the Trojan horse. Compared to other types of malware, like viruses or worms, Trojan horse programs cannot operate autonomously. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims.
Source: en.wikipedia.org

Tech Tips
Like millions of others, you are likely being bombarded with e-mail spam. Before you report the abuse to someone's ISP or domain administration, know that the sender could actually be a victim. Worms can spoof the sender's name; sometimes even the headers can be forged. Read Mary Landesman's tips on how to look up an IP address here at about.com.

Project Eco logotype

Re-Launch of Project Eco
Whether you consider the Greek or Roman origins, the word 'Eco' means the same thing...home. It is a term that denotes where we live and the environment that surrounds us. Lavasoft is proud to present Project Eco as a testament to our strong and unwavering commitment to protecting your environment. Read more here.

Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com

Page footer