
CPSC 527 or: How I Learned to Start Worrying and Write a Virus - Danieru
http://danieru.com/2013/12/28/cpsc-527-or-how-i-learned-to-stop-worrying-and-write-a-virus/
======
tedivm
The idea that a security company would discourage people from learning about
something, particularly in a safe environment, is horrifying to me (someone
who has worked in a security company). It seems like applying the policy way
too tightly- there's a huge difference between a "virus writer" and "someone
who wrote a virus in an academic setting and never released it publicly".

The real horrifying part though is the fact that the people who want to solve
the problem are being discouraged from doing so by the thread of blacklisting.
On one level it's immoral, on another it's self destructive. More schools
should be offering classes like this.

~~~
jeremiep
Could explain why there are no good anti-virus softwares on the market! All I
see are bloated monstrosities only able to catch the less harmful viruses.

Even before I switched away from Windows I never used them.

------
yeukhon
I don't understand why we need to have CHECKs in the first place. If everyone
has to write some bullshit reasons instead of being blunt that they are just
curious about how professional virus and malware is written, what is the point
of reading those essays?

If we fear people start developing malware and virus, think about all those
web design classes out there where students don't realize how vulnerable their
implementations are. Think about all the free sec tools out there.

> Most anti-virus companies (including ours) have a policy against hiring
> former virus writers for anti-virus work

What? Who do they hire then? I supposed I am qualified because I never written
a serious virus/trojan. Would I call rm -rf a joke? There was a guy discovered
a way to create botnet by XSS a Gmail chrome extension two days ago. Would
anyone call that some form of trojan?

My friend did this prank in a computer lab. He knows the local IP to each
computer and they are sequential. He wrote a shell script which (1) screen
capture the current screen on each computer, send that image to the adjacent
computer, and then change the background.

I think your enemy can also be your friends. If people are curious, they will
find a way to beat their curiosity. If they are technically smart, they can
write virus that bypass AV scanner. Hey, those are the guys you want to hire.
Are they suggesting that none of the researchers working for these AV labs
have never written some form of virus or malware or Trojan prior to
employment?

------
midas007
Back in HS, we did stupid shit like write joke DOS TSR virii that had easter
eggs like calculators, ASCII tables and random text "screen savers" that
didn't respect what you happened to be doing.

~~~
midas007
Also the computer lab was pure anarchy without supervision: the only rules
were don't get the teacher in trouble, don't make 'em look bad and don't kill
each other. Somehow, no one got caught hacking into the Pentagon or AT&T.

------
zarify
I do like the course application requirements of ACSII or PDF (and no Word). I
miss uni and all the lecturers who have to have things just so :)

I also would have loved to have had a course like this when I was at uni. I
might have paid more attention in the systems course :(

~~~
midas007
UC Davis is pro portable *nix (usually C code) instead of any particular
bias(es). I wished the ugrad OS course used plan 9 instead of minix though.

------
vezzy-fnord
Did you by any chance use _Designing BSD Rootkits_ [1] as a reference manual?

[http://www.nostarch.com/rootkits.htm](http://www.nostarch.com/rootkits.htm)
[1]

~~~
Danieru
Nope, but I bet that would have helped! Instead it was just lots of reading
and grepping through the BSD source code.

------
PaulSec
I don't get the point from the security companies. Writing viruses will
definitely give you the knowledge to understand and (at least try to) protect
against them.

Keep it up !

------
zacinbusiness
My very first "virus" was a batch file called win.bat that just scrolled
profanity. It was called win.bat because that would make it execute before
Windows loaded on a 95 system.

It brought the whole computer lab down after I manually "installed" it on each
of the 5 machines one day.

This was in middle school, and yeah, my middle school was a joke. They ended
up formatting all of the machines and the lab was down for half of the
semester.

------
Renaud
I wonder if instead of focusing a handful of courses on virus making we
shouldn't instead re-brand the the whole endeavour with a more positive spin
and focus on something that could be called 'nanogens' for instance, whose
modus operandi would be identical to viruses, but their purpose would be to
protect against their harmful counterpart and repair the host instead.

~~~
phaus
There is already malware that "protects" the host by detecting and eliminating
other malware. The idea is that if you keep the user's system clean (except
for your malware) then you will evade detection more easily.

If, as you suggested, someone released a virus designed to fix a person's
computer, it would still be harmful in principle because you are making the
assumption that people want strangers executing code on their machines.

~~~
userbinator
> because you are making the assumption that people want strangers executing
> code on their machines

Except that's pretty much what happens every time you visit a website with JS
enabled...

~~~
phaus
Without context and purely based on technicality you are correct, yet in the
frame of this conversation your comment doesn't make any sense.

Clearly there is a difference between a benign website and a site that hosts
code that knowingly takes control of the user's computer (regardless of the
programmer's intentions).

------
ZoFreX
> and thus not be able to contribute to actually solving the virus problem

So I am expected to believe that the makers of anti virus programs have an
interest in solving the virus problem, AND that they are actually capable of
doing this, AND that they are the _only_ way this can be done? Not buying it.

------
mhurron
Sounds like an interesting course, I wonder if they can be convinced to put it
on Coursera?

~~~
JD557
I doubt it, from the course's description[1]:

> Due to the inherent danger of this software, you may only work on these
> assignments in the designated lab room for the course.

> You will be required to sign a form stating that you have read and
> understood the lab protocols, and that you understand that misuse of the
> information in this course can result in civil and criminal penalties under
> the laws of Canada and of other countries.

Also, the link to the course's contents on John Aycock's page[2] says:

> (course access only, sorry)

So I guess they don't want to make the contents of the course public

[1][http://pages.cpsc.ucalgary.ca/~aycock/virus-
info.html](http://pages.cpsc.ucalgary.ca/~aycock/virus-info.html)

[2][http://pages.cpsc.ucalgary.ca/~aycock/](http://pages.cpsc.ucalgary.ca/~aycock/)

