# Solved: Ridiculous



## win2kpro

*George Ledin teaches students how to write viruses, and it makes computer-security software firms sick.*

"In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackersthey're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software."

http://www.newsweek.com/id/150465?GT1=43002

*IMO, and I"m sure some will disagree, Sonoma State University should fire this "professor" today. *


----------



## CrazyComputerMan

Agreed with Intel's suggestion about firing the professor


----------



## dan_mccartney

Also agree 100%


----------



## briealeida

Don't want to start a war but I disagree. 

AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!

In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?


----------



## new tech guy

briealeida said:


> Don't want to start a war but I disagree.
> 
> AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!
> 
> In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?


Have to agree with that. Just look at statistics, blackhats who are caught making bigtime hacks like the attack on the TJ Maxx servers are brooded over by security companies and private security workers to work for them in creating network defense systems. This is because they know how the other side works. Therefore know exactly how to shut down those vulnerabilities which is what this person wanted to do in this case. Also, having doing this, the new students now know the insides of the code for the programs and can customly modify them to possibly amplify security.


----------



## Chrismichael

Knowledge is paramount. Denying knowledge is wrong. You can find most if not all the information this man is teaching on the internet. Should we censor the internet also?


----------



## win2kpro

Teaching virus writing as a college course has no more place in a curriculum, than teaching students how to build an IED. 

Companies that deal with viruses and other malware should be the ones teaching their employees how to recognize and deal with viruses and other malware, just as the military teaches their personnel how to deal with IEDS.

Why would anyone believe that a college student learning to write viruses and other malware would go on to use their knowledge working for a company designing antivirus and other malware software, than a college teaching students to build an IED would go on to use their IED knowledge for military or peaceful purposes?


----------



## webaddict

briealeida said:


> Don't want to start a war but I disagree.
> 
> AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!
> 
> In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?


Agreed. This highlights the importance of including ethics as part of all subjects. There's no need to deny them the gift of knowledge. Along with knowledge build their character that minimizes the possibility of taking the wrong route to success.


----------



## MikeSwim07

> "You can't really have a defense plan if you don't know what the other guy's offense is," says Lincoln Peters, a former Ledin student who now consults for a government defense agency.


I definitely agree


----------



## new tech guy

Also to win2kpro, what makes u think just because the guy already works at a security software developers company who learned how to work with malware wont reverse engineer that knowledge to make a nasty themself. I think its smart to teach both spectrum's and give the student the choice on what to do with the knowledge. The best way of learning is self teaching. You learn fast when you are forced to decide for yourself then when someone dictates what you should do to you.


----------



## tomdkat

Interesting article. Since this is taking place in an academic setting, I'm wondering if they are focusing on Windows or "surveying" other OSes as well.

Peace...


----------



## win2kpro

I just don't personally believe that an institute of higher education should be teaching students techniques that MAY be utilized for criminal activities (cyber crimes or otherwise).

Just a small example of trying in a small way to prevent criminal activity can be found right here at TSG. In forums, we can no longer provide information for cracking passwords.
While most of the information necessary is available on the net, most criminals without some background of computers may have a difficult time cracking a password. Should TSG freely provide information to assist in possible criminal activity?

From life experience I have the knowledge and know how that I could teach a person with a little mechanical knowledge how they could steal a specific "object" (that will go unnamed), and with an investment of approximately $20,000-$50,000 could sell that "object" within approximately 18 months for $300,000-$1,000,000 with less than a 1% chance of being caught.

Because I have this particular knowledge, should I teach others, and thereby increase the rate of crime in this Country? I think not.

With identity theft and other cyber crime rising at a significant rate, I just don't believe a college professor should be providing this type of knowledge to his students in this particular area, anymore than I should provide information on how to steal a specific "object" and make a tremendous profit at the expense of the public.


----------



## JohnWill

I have to come down on the side of not teaching this, we have enough people doing that kind of activity already.  I'm not buying the part about "the gift of knowledge".


----------



## MikeSwim07

In my opinion it's not like these students are going to use this info for bad. They are going to university to study security. They probably will work for some AV company etc where they can use this to possibly improve the avs.


----------



## guitar

this has been going on for years all computer security workers military and business have taken virus/hacking courses
hack into a web page eg bank put something on their front page contact said bank tell them how it was done and get offered a job its been goin on for years and i agree that the course should be held people taking these courses are then accountable for how they use this knowledge or do you all think we should turn a blind eye and not teach this skill to honest law abiding security personel


----------



## JohnWill

Well, you folks are selling, but I'm not buying.


----------



## tomdkat

MikeSwim07 said:


> In my opinion it's not like these students are going to use this info for bad. They are going to university to study security. They probably will work for some AV company etc where they can use this to possibly improve the avs.


The thing is, we _really_ don't know how the students will actually use this information after the course is over. People are tired of having to deal with the malware that's out there already so the last thing they want or need is someone "teaching" possible future hackers how to hack.

I've got mixed feelings on this since I can see both sides of the argument. On one hand, if the course was a "survey" course in computer security and how hackers can be successful at hacking various systems, I wouldn't have much of an issue with it at all. On the other hand, if this course focused exclusively on Windows and for no real reason other than convenience, I would have to question the usefulness of it.

I don't see this kind of course "training" new hackers. If someone wants to learn how to hack, the information is _already_ out there for those who know how to find it. Furthermore, we don't even know if this professor is any good as a hacker or if he's teaching things that aren't already known and well documented issues or exploits.

I think some people are a bit paranoid about this kind of course existing and I think that paranoia can be justified.

Peace...


----------



## new tech guy

win2kpro said:


> From life experience I have the knowledge and know how that I could teach a person with a little mechanical knowledge how they could steal a specific "object" (that will go unnamed), and with an investment of approximately $20,000-$50,000 could sell that "object" within approximately 18 months for $300,000-$1,000,000 with less than a 1% chance of being caught.


Side note: To me that sounds alot like a car that has a body kit to look like an exotic to me.

In any event, In my opinion, this is a good experience because then it could be used in the classroom to simulate a live attack by setting up a small network, a server, and some pcs representing clients. Then you could have one student infect those machines in any pattern they wish with a virus of their own code and have the other student reverse-engineer the code and get rid of the virus. And doing this you learn 2 things, 1. How malware is constantly changing. And 2, how to reverse engineer malware and apply it to the security software to protect against the nasty code. And it really helps to reverse engineer somthing when you have a clear understanding of how it works and making them is the perfect way to find out.


----------



## MikeSwim07

I agree

It would be another thing if this guy would be teaching this to people he has never met. But it is his own students.


----------



## win2kpro

MikeSwim07 said:


> It would be another thing if this guy would be teaching this to people he has never met. But it is his own students.


Surely, you are not naive enough to believe that students who learn to hack, don't pass it on to others.

A Federal judge just issued a temporary restraining order against 3 students to keep them from passing on hack information.

http://www.msnbc.msn.com/id/26126287/?GT1=43001


----------



## win2kpro

new tech guy said:


> Side note: To me that sounds alot like a car that has a body kit to look like an exotic to me.


Sorry, that guess is not even close. :down:


----------



## new tech guy

Well the truth is, you cannot control how one uses their knowledge. And if those kids chat on im, that restraining order means nothing as they can just chat to each other and im the info across. The point in his lesson is to also let the student choose what they do with their knowledge.


----------



## gurutech

IMHO - If the students understand the theory of "creating" viruses, then they will also understand the theory of "removing" the viruses. They understand how a virus works, and can better guess what steps the virus is taking to infect a PC, and then begin to take counter measures to remove the virus.


----------



## ekim68

Wow, interesting discussion...Knowledge is power....For whoever...


----------



## jp1203

briealeida said:


> Don't want to start a war but I disagree.
> 
> AV software should be constantly changing and improving. If writing a virus that will thwart AV software is so easy and methodical that it can be taught in this way, it is a warning sign!
> 
> In the wrong hands, this education is bad. Obviously. But any information in the wrong hands, can be dangerous. These students are better prepared to work for AV companies and help them improve their software. People should know how viruses work. If only malicious users knew how viruses worked, how could we stop them?


I agree as well, the more they know about how to get by the av software, the more they'll know about how to improve it.

However, it could get into the wrong hands and they could determine creating a virus fit for use as "job security."


----------



## win2kpro

The problem is the university has no control over the students after they leave. How many will go to work for AV companies, who knows.

Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.

Any learned knowledge can be used for good or bad, but I still don't agree the "hacking" should be a college level course.


----------



## tomdkat

win2kpro said:


> The problem is the university has no control over the students after they leave. How many will go to work for AV companies, who knows.


Yep, this is true. The thing is, we have to keep in mind this goes both ways. How many will work for anti-virus companies? We don't know. How many will NOT work for anti-virus companies? We don't know. How many will use this info to write viruses of their own? We don't know. How many will use this info to write malicious viruses? We don't know. How many will further pursue malicious virus development to gain more hacking skills? We don't know. How many will move on to something else completely? We don't know.



> Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.


Ok, let's roll with that. The WTC attackers most likely didn't plan the attack around the fact that flight schools existed in the US. If they were not permitted to learn to fly at the school where they did, they would have gotten that info somewhere else. When there's a will, there's a way.



> Any learned knowledge can be used for good or bad, but I still don't agree the "hacking" should be a college level course.


It's not. The course is computer security and understanding hacking is relevant to computer security.

Peace...


----------



## MikeSwim07

They are learning how to make malware, not hacking. Big difference.


----------



## defscarlett

In order to protect from it, you need to know how to do it. It's the same with a police officer, you have to think like a crook in order to catch a crook, it's all on which side of the "law" you are on.


----------



## win2kpro

MikeSwim07 said:


> They are learning how to make malware, not hacking. Big difference.


From the story;

"In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackersthey're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software."

Do you not consider running a keylogger, stealing user names, passwords and credit card numbers a "hack"? If you don't consider this kind of activity a "hack" please explain to me your definition of "hack".


----------



## MikeSwim07

I guess you could say that. Though when I think of hacking I think of someone doing it themselves.


----------



## tomdkat

win2kpro said:


> Do you not consider running a keylogger, stealing user names, passwords and credit card numbers a "hack"? If you don't consider this kind of activity a "hack" please explain to me your definition of "hack".


Not when it's on _their own system_. I consider hacking to be circumventing or cracking the security in place on _another_ system which you are not authorized to access.

Peace...


----------



## ssycko

> Take for instance the 9/11 hijackers. They went to flight school to learn the basics of flying large commercial aircraft. I don't believe any of them went to work in the airline industry. The flight schools that taught these guys the basics had no way of knowing how they would use their knowledge. Now we know.


So what are you suggesting, that we abolish flight school?


----------



## win2kpro

ssycko said:


> So what are you suggesting, that we abolish flight school?


Hello, I think you missed the point. 

The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.


----------



## tomdkat

win2kpro said:


> The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.


Yep, I agree.

Peace...


----------



## guitar

so what
should we all be so paranoid 
the anarchists cookbook has been around for years 
a choice to use such knowledge for good or bad
thats freedom
i choose


----------



## ssycko

But going with the flight school analogy, it's very necessary to have flight school so that we can train the people to fly. If not, the entire economy would collapse. That 0.0001% of people who attend flight school who use it in a malicious manner is just a risk you'll have to take.



win2kpro said:


> Companies that deal with viruses and other malware should be the ones teaching their employees how to recognize and deal with viruses and other malware, just as the military teaches their personnel how to deal with IEDS.


Military personnel do know how an IED works. Not down to the circuitry, but they have to know how something works to defend against it. Same goes for defending yourself against anything, be it viruses, IEDs, the flu, economic depression, etc. Why are generals always trying to find out exactly what the enemy is going to do to them? So they can prepare effectively.

Without understanding how a virus works, what exactly makes it tick, antivirus programs are just putting up a roadblock, not finding the solution.


----------



## YellerPuma

> *Originally Posted by win2kpro *
> The point is, after you teach someone a "skill" that could be used for good or bad purposes, after they are out of your control, you never know how that "skill" may be utilized.


Agreed.

I think the AV companies should teach this stuff to their team, not a university teaching the general public.

Cheers...


----------



## win2kpro

What I believe a lot of posters in this thread are missing is the point that the course being taught by this professor at this institute of higher learning, involves an illegal activity that is illegal by Federal and many State laws (cyber crime).

http://www.fbi.gov/cyberinvest/cyberhome.htm

We have enough cyber crime today, without some professor teaching his students how, as such to *"beat the system".*

What's next, is it OK for an institute of higher learning to offer a course in armed robbery? Let's see now, thay could offer a course syllabus of; (1) How to construct the best
disguise (2) How to choose the best target, i.e. bank, convenience store, armored car, etc.
(3) How to plan your getaway route with the least chance of being apprehended, etc.

It is just my humble, stupid opinion that colleges should not be teaching their students how to engage in illegal activity.


----------



## MikeSwim07

Yes, I agree. Teaching this in the classroom is unacceptable. But you have to admit, if the person who gets this malware writing skills uses it for good, it will benefit them greatly.


----------



## tomdkat

win2kpro said:


> What I believe a lot of posters in this thread are missing is the point that the course being taught by this professor at this institute of higher learning, involves an illegal activity that is illegal by Federal and many State laws (cyber crime).
> 
> http://www.fbi.gov/cyberinvest/cyberhome.htm


Is it really illegal to learn how to write a virus or is it illegal to deploy the virus? Based on this:


> The FBI's cyber mission is four-fold: first and foremost, to stop those behind the most serious computer intrusions and the spread of malicious code; second, to identify and thwart online sexual predators who use the Internet to meet and exploit children and to produce, possess, or share child pornography; third, to counteract operations that target U.S. intellectual property, endangering our national security and competitiveness; and fourth, to dismantle national and transnational organized criminal enterprises engaging in Internet fraud. Pursuant to the National Strategy to Secure Cyberspace signed by the President, the Department of Justice and the FBI lead the national effort to investigate and prosecute cybercrime.


it sounds to me like the issue is with those who deploy the malicious code. The illegal activity isn't the learning how to do it, it's the actual practice of what is learned. I've got no issue with the point that we really don't know what those who have the knowledge will do with it once they have graduated from the university. Some might engage in illegal activity and if they do, they should be prosecuted to the full extent of the law if they are caught. Some might use that knowledge to help in the fight against malware developers and use the knowledge they've learned to hopefully be more effective at keeping malware at bay. Some might not do anything with that knowledge at all and do nothing with it.

My question to you is: why do you appear to be convinced those who learn what this professor is teaching will use this knowledge for malicious purposes, at some later point, just by virtue of having said knowledge?

Peace...


----------



## JohnWill

tomdkat said:


> My question to you is: why do you appear to be convinced those who learn what this professor is teaching will use this knowledge for malicious purposes, at some later point, just by virtue of having said knowledge?
> 
> Peace...


I guess to turn this question around, why do you think all these people are learning these techniques? Are you really so naive as to think they'll all "do good" with this knowledge?


----------



## MikeSwim07

OK clearly none of us are not going to change our minds.


----------



## tomdkat

JohnWill said:


> I guess to turn this question around, why do you think all these people are learning these techniques? Are you really so naive as to think they'll all "do good" with this knowledge?


Two great questions! 

*Why do you think all these people are learning these techniques?*
I think some are interested in learning them so they can be "hackers" themselves, at some later point, or at least they *think* they can be. Of course, this doesn't mean they will succeed since learning "known" exploits wouldn't really give you respect in a hacker community. I think some are interested in learning them so they can better understand how malware works and how people can have so much success exploiting Windows. They can also learn how anti-virus and anti-spyware apps work since they learn how those kinds of apps can be circumvented. I think some are interested in learning them with the possible hope of "joining the fight" against malware developers to protect Windows users from future malware related problems or issues.

*Are you really so naive as to think they'll all "do good" with this knowledge?*
Well, if you're actually comprehending what I posted above, which is what I've already posted in this thread, it should be clear that I *do not* think they will *all* "do good" with what is learned in the class. People take classes for a variety of reasons and don't always apply the knowledge they learned in the related field. I used to work with a computer programmer who had a degree in Geology. He went through the time, work, and effort to get his Geology degree yet he wasn't working as a Geologist. A guy I went to college with has his BSCS, just like me, yet he works in real estate.

I'm simply acknowledging the fact that we really don't know *how* the information in the class *will* be used by those taking the class. To not understand this boggles my mind. The tone of your second question gives me the impression you believe *everyone* taking that class are "aspiring hackers" and if this is the case, I consider that naive or possibly paranoid.

Assuming for a moment that you're right and all the students _are_ aspiring hackers. Do you seriously believe they will be successful in the hacker community by virtue of taking a class taught in a university? The BSCS degree I earned gave me a great foundation upon which I was able to build up "in the real world". I've learned TONS more information in my field after graduating. In this case, we're talking about "hackers" who are generally regarded as "super programmers" since they are able to develop software that can hijack computers, spread to other computers, and do who knows what else without being detected by the user of the computer and, of even more interest, without being detected by software specifically designed to detect the software the hacker has developed. Talk about a programming challenge. This kind of programming skill isn't something that can or will be learned in a class. The "student", in this case, either has the knack or they don't.

For the record, I don't hold "malicious hackers" on some form of pedestal or anything but I certainly do appreciate the programming challenges they are presented with and often wonder how they figure out solutions to those challenges.

Now, I've got a question for you: given whatever reputation I've developed here through my posting activity, would it surprise you if *I* took a class like this? Do you think *I* would use the information maliciously? 

Peace...


----------



## new tech guy

This is something like learning to fire a gun. You could use that knowledge for good or bad. You could use the knowledge as a police officer and only use it in an extreme case to disable an evading criminal, could use it in a gang to help take out rival members, or you could just do it for a sport. Its the same concept here and exactly how Tom put it, you could either use the knowledge for good or bad, the choice is up to the recipient of the knowledge. In my opinion, Saying to abolish this from the school is like saying that everyone who can operate a firearm is an aspiring gangster.


----------



## tomdkat

Great analogy, new tech guy. :up:

Peace...


----------



## new tech guy

tomdkat said:


> Great analogy, new tech guy. :up:
> 
> Peace...


Thanks I try somtimes . By the way, this thread should be moved to the civilized debate forum .


----------



## win2kpro

*new tech guy* I have no idea why you would think that this discussion should be moved to the civilized debate forum. If you spend a little time in that forum, you will discover that the majority of peoples technical knowledge who participate in that forum is pretty much limited to knowing how to turn a machine on and off, insert emoticons in a post, and insert a picture they have uploaded to Photobucket.


----------



## new tech guy

win2kpro said:


> *new tech guy* I have no idea why you would think that this discussion should be moved to the civilized debate forum. If you spend a little time in that forum, you will discover that the majority of peoples technical knowledge who participate in that forum is pretty much limited to knowing how to turn a machine on and off, insert emoticons in a post, and insert a picture they have uploaded to Photobucket.


What does that have to do with anything , heck, i've brought this up to a non technical friend and got an opinion out of them as well. Its not like were talking about the code, were talking about whether its a good idea or not for it to be brought up in the classroom.


----------



## JohnWill

tomdkat said:


> Great analogy, new tech guy. :up:
> 
> Peace...


Actually, IMO, it's not all that good an analogy. If you go that route, you can pretty much dream up almost any activity should be restricted. Driving a car, you could be a hit-n-run driver, or perhaps just a drunk driver. Flying a plane, you could be a terrorist. And so on, you get the picture...


----------



## new tech guy

That is what you seem to be implying John. And your never going to elimate the bad person, because there is always someone else who is more than willing to teach the trait. And i see this as a good thing. Sure there are plenty of people who use the knowledge malicously and we cannot predict what these people will do with the knowledge. Heck even people who know it and teach it at the security developer's lab could use it malicously. And that is my point in my prior post that everything can be used maliciously. It is up to that person what to do with knowledge. And what you seem to imply is that all of these things which can be malicous should be abolished. So now you see how that includes pretty much everything.


----------



## JohnWill

There are some things that have very few good uses, this happens to be one of them.


----------



## new tech guy

But our point is that it becomes a good thing when it lets Symantec, Grisoft, Lavasoft,Mcafee, etc release that new update .


----------



## valis

win2kpro said:


> *new tech guy* I have no idea why you would think that this discussion should be moved to the civilized debate forum. If you spend a little time in that forum, you will discover that the majority of peoples technical knowledge who participate in that forum is pretty much limited to knowing how to turn a machine on and off, insert emoticons in a post, and insert a picture they have uploaded to Photobucket.


I would tend to take offense at that statement. A debate is a well-structured argument defending your stance on a particular statement. If your intellect is best suited to handling machinery, so be it. I, myself, not only manage a global network for a billion dollar company (and yes, I do know where the on switch is, thank you very much) but I also find the logical aspect of any good debate an excellent way of exercising your mind and developing better communication skills; after all, by being limited to this medium, we are using about 20% of our communication abilities; the rest are non-verbal.

Try it sometime. IMO, you are a bit too easily offended for it, and I mean that not as an insult, but as an observation. It does take thick skin to wander in there, but once you grow that hide, it's a wonderful experience in logical and critical thinking.

thanks,

v


----------



## tomdkat

JohnWill said:


> Actually, IMO, it's not all that good an analogy. If you go that route, you can pretty much dream up almost any activity should be restricted. Driving a car, you could be a hit-n-run driver, or perhaps just a drunk driver. Flying a plane, you could be a terrorist. And so on, you get the picture...


Actually, it IS a great analogy and the examples you cite also apply even though driving a car wouldn't necessarily be considered the same thing as firing a gun at someone or spreading malware.



new tech guy said:


> That is what you seem to be implying John. And your never going to elimate the bad person, because there is always someone else who is more than willing to teach the trait. And i see this as a good thing. *Sure there are plenty of people who use the knowledge malicously and we cannot predict what these people will do with the knowledge. Heck even people who know it and teach it at the security developer's lab could use it malicously. And that is my point in my prior post that everything can be used maliciously. It is up to that person what to do with knowledge.* And what you seem to imply is that all of these things which can be malicous should be abolished. So now you see how that includes pretty much everything.


Very well stated! :up:

It comes down to personal responsibility, in the end.

Peace...


----------



## win2kpro

valis said:


> I would tend to take offense at that statement. A debate is a well-structured argument defending your stance on a particular statement. If your intellect is best suited to handling machinery, so be it. I, myself, not only manage a global network for a billion dollar company (and yes, I do know where the on switch is, thank you very much) but I also find the logical aspect of any good debate an excellent way of exercising your mind and developing better communication skills; after all, by being limited to this medium, we are using about 20% of our communication abilities; the rest are non-verbal.
> 
> Try it sometime. IMO, you are a bit too easily offended for it, and I mean that not as an insult, but as an observation. It does take thick skin to wander in there, but once you grow that hide, it's a wonderful experience in logical and critical thinking.
> 
> thanks,
> 
> v


valis, if my statement offended you, so be it. I said the *MAJORITY*, not all.

My statement was intended to be that the discussion of malicious code writing, and the end ramifications thereof, was not a subject that I thought could best be discussed by the group that habitually visit CD. I thought it was no more appropriate to be discussed in CD than if I made a post in CD discussing why certain power supplys rated at 650 watts may be suitable for a new machine build, and other rated at 650 watts may not be suitable.

Frankly, I don't spend a great deal of time in CD because arguing (debating) pro or con on subjects such as; "America has become a police state", "Save the polar bear, stop flying", "The Gallup Poll", etc. is not my forte. I had much rather be in the hardware forum trying to solve a hardware related problem.

Maybe my skin is too thin for CD, but I really don't think so. I spend little time in that particular forum because quite honestly, I find many of the threads, and many of the participants who "hang out" in that particular forum to be extremely *BORING*.


----------



## MikeSwim07

Wow...You have no empathy...


----------



## valis

win2kpro said:


> Maybe my skin is too thin for CD, but I really don't think so. I spend little time in that particular forum because quite honestly, I find many of the threads, and many of the participants who "hang out" in that particular forum to be extremely *BORING*.


dude, look at your sig line.....it's about _power supplies._ Not exactly a conversation starter, but I'll grant you it's a valid point. I've done my share of wondering why I find hexagonal blades in a glorified email machine for Aunt Irma, but that's neither here nor there. It just simply is. Look at my sig line; another real barn burner of a conversation starter. Most people have never even heard of CP/M, much less Kildall, and I'm pretty certain I have those floppies laying around somewhere.

If you want to call them boring, may I suggest you don't swing over to the dark side? If you don't like the channel, change it.

Better yet, join in the debate; you are obviously an intelligent person, and if you chose to, you could add something to the debate arena.

But it does take finesse and thick skin. 

be safe, man. Talk at you soon.

v


----------



## win2kpro

I believe that everyone interested in this thread has had adequate time to post their opinions, either pro or con, so I will mark it solved. Of course if anyone wants to add
additional comments, they are free to do so.

I will add one thing as a final thought that is strictly my opinion. In the article Professor Ledin is credited with making this statement. *"If college students can beat these antivirus programs, he argues, what good are they for the people and businesses spending nearly $5 billion a year on them?"*

I would like to ask Professor Ledin this question. If you are so smart, and good at teaching your students how to beat these antivirus programs, why don't you start your own antivirus company?

Kaspersky was founded by a husband and wife team in 1997, and today is one of the leaders in antivirus software. Although Wikipedia is not one of the best sources to use for financial information they indicate that Kaspersky's revenue for 2007 was US $85.3 million in 2007 up 76% from 2006, and their net revenue for 2007 was US $67.3 million up 69% from 2006. If these reported figures are anywhere close to being correct I would wager heavily that Natalia and Eugene Kaspersky are making one hell of a lot more money that Professor Ledin.

All I have to say to Professor Ledin is remember the old saying from Ralph Waldo Emerson; *"Build a better mousetrap and the world will beat a path to your door".* Professor Ledin if you are so talented, build that better mousetrap, and I'll bet you will make a hell of a lot more money than being stuck as a professor at Sonoma State University.

I'll be anxiously awaiting for the Ledin antivirus program to come to market.


----------



## valis

one thing i've found in my fight against malware, is that the easiest way to understand how a virus works, is to reverse engineer it, and get down to what makes it tick. I've found this to be pretty much the essence of anything I want to build, be it from an alarm clock to a vacuum cleaner to a pc; take it apart, figure it out, put it back together. 

Along the way, you are sure to see areas where you think you can improve on it; but the bottom line, by knowing how it works, you are better equipped in knowing how to fix it.


----------



## win2kpro

Viruses today are just a small part of the problem. Here is an article I saved from about a year or so ago that has 3 sections and a short video. Today one of the very biggest problems is "bots".

http://redtape.msnbc.com/2007/03/bots_story.html

I also thought I had saved a story involving a 15 or 16 year old boy whose home was raided one morning by the police, and his machine seized for sending out "kiddie porn" but I can't locate the article right at the moment.

His machine was being used in a "bot net" to deliver the porn. Fortunately, his family was able to get a hard drive expert to examine his drive and determine that is was being used in a "bot net". His family had to suffer quite a bit of expense to hire a lawyer, and the hard drive expert to testify that the youngster had no idea that his machine was being remotely controlled.

Had this child's family not had resources to prove their case, the child may very well have had to serve some time in jail, and worse that that he would have had to register as a sexual predator which would have followed him the rest of his life.

I have absolutely no sympathy for the people who write this malicious software. I have seen too many cases of the anxiety, and grief this "junk" causes, not to mention the cost involved to clean up their systems.


----------



## valis

nor do I have any sympathy for those that write it. Remember the substitute teacher case where she was canned; pretty sure she was part of a bot-net as well.

But the bottom line, if you don't know how to make it, chances are you don't know what you are fighting. I work in malware removal, and see a wide variety of viruses/malware come down the pipe. By the people who produce such applications as combofix, the _only_ way to arrange for a satisfactory fix is to know how it was written. That's it.

I condemn the people who release this into the wild as much as you do. But what I deplore is ignorance about a subject that could affect your pc. If by writing viruses this will help people better combat them, then I am all for it.


----------



## MikeSwim07

Where do you help at? Why don't you have a gold shield?


----------



## valis

I do help at another forum.....as to why I don't have a gold shield here, never really got properly trained; sort learned by the seat of my pants, as it were....no big. 

I got drilled about 4 years ago with 110k trojans, that's what brought me to this site, and that's what got me into malware removal. I also have done some work for my company on that front, and at least 30-40 people I work with I've gone to their houses and cleaned up their machines.


----------



## new tech guy

I remember reading on malwareremoval.org, the site admin had claimed that the best way to wipe malicous software off of a pc, is just to wipe the entire drive and start over. Which is one of the reasons why i do that when i get virus infected machines. Sure, i could spend hours of work disinfecting them, but if somthing is still there and comes back, then does some type of damage to the owner, im the one taken to court over it. I would rather this not happen. Therefore i beleive that statement. It is truely the only foolproof, safe way to disinfect a machine from these things. Why when i get a virus infected computer, i just wipe. Only exception to this is a very and i mean VERY minor case of just some type of adware, which can be cleaned out. However, these things dig themselves so deep nowadays that is almost impossible.


----------



## valis

problem with that is that a lot of people get infected, and don't want to lose their data. So you have to be able to use certain tools, up to and including registry fixes, to be able to rid their machine completely of the infestation and restore it to where it was prior TO the infestation.

If it's a work machine, I just reimage it. Anything personal on there isn't supposed to be there anyhow (work machine) and it takes about 12 minutes. But for the average home user, they generally want to keep their data.

Have you taken a look at some of the wait times in the security forum recently? Those gold shields are WAY overworked; this is probably the biggest free site on the planet for that type of assistance. And the skills that they have are quite interesting; I'd recommend reading a few of the threads, the ones that have 50, 60, 70 replies; it's a learning experience.


----------



## new tech guy

To that, i have an easy solution to make sure i get EVERYTHING. For my house, i use acronis trueimage to image the pcs in it. Therefore because of the problems with the acronis boot cd on some machines, i have added it to my BARTPE disc. I simply run acronis off of that disk by booting the client machine to it and imaging its hd to an external hard disk. Then after that i know i have the entire system canned (also if someone is unhappy this lets me undo the settings) and i go ahead and wipe. After that, i sit down with acronis (because all pcs have it installed it will let me browse the image. And i check the usual places where users keep stuff and will copy that data out of the image onto a folder in the external. After that i dump the data onto the clients cleaned pc. (of course too i do run a virus scan on the data before handing it back to the client pc). And the new pc after being finished with the wipe is fully patched with all windows updates, has antivirus, firewall, an antimalware scanner, and some background protection. After this i would hand the pc back but i keep the image on the external drive for a short time and leave a note in a text file on the pc alerting the owner to notify me of anything missing as i can pull it from the backup. Usually the time i give is a month to get back to me.


----------



## jp1203

new tech guy said:


> I remember reading on malwareremoval.org, the site admin had claimed that the best way to wipe malicous software off of a pc, is just to wipe the entire drive and start over. Which is one of the reasons why i do that when i get virus infected machines. Sure, i could spend hours of work disinfecting them, but if somthing is still there and comes back, then does some type of damage to the owner, im the one taken to court over it. I would rather this not happen. Therefore i beleive that statement. It is truely the only foolproof, safe way to disinfect a machine from these things. Why when i get a virus infected computer, i just wipe. Only exception to this is a very and i mean VERY minor case of just some type of adware, which can be cleaned out. However, these things dig themselves so deep nowadays that is almost impossible.


I only do that if someone doesn't want anything saved or if they only want a folder of music saved, AND if I'm very short of time.

I can clean a machine, it just takes me a long time, because unlike Karen and the other really knowledgeable people here, I have to look EVERYTHING up in order to get anywhere.

I got a laptop yesterday, instructed with "I don't care what you do with anything else, just save the music I have." Considering I had only an hour to work with until he needed it the next day, I copied the music over to my server, nuked the partition, and ran HPs recovery app off the other partition. I put on AVG, ITunes, AIM, and whatever else I knew he used, then copied his music back over and it was all set to go.

I'll agree that it is the foolproof way, but I like to avoid it. If I have time, I spend a few hours at it and don't have to format. I'll also agree that's my weakness, or at least one of them, while I can do it, it takes me way too long. Here, if I ever got a nasty I'd just reimage the machine, all the important stuff is on the server, and backed up nightly so I've got nothing to lose.

Actually, this makes me realize I should make a new image of the server, I guess I'll do that tomorrow or the next day while everyone's gone so it's not missed.

I really wonder how people get all these nasties so quick, I've only had one virus and never a piece of adware/spyware, and that was years and years ago...I guess they don't watch where they go.

But then, I've never used IE either. Before Firefox I used Netscape, never could stand IE.


----------



## new tech guy

JStergis said:


> I only do that if someone doesn't want anything saved or if they only want a folder of music saved, AND if I'm very short of time.
> 
> I can clean a machine, it just takes me a long time, because unlike Karen and the other really knowledgeable people here, I have to look EVERYTHING up in order to get anywhere.
> 
> I got a laptop yesterday, instructed with "I don't care what you do with anything else, just save the music I have." Considering I had only an hour to work with until he needed it the next day, I copied the music over to my server, nuked the partition, and ran HPs recovery app off the other partition. I put on AVG, ITunes, AIM, and whatever else I knew he used, then copied his music back over and it was all set to go.
> 
> I'll agree that it is the foolproof way, but I like to avoid it. If I have time, I spend a few hours at it and don't have to format. I'll also agree that's my weakness, or at least one of them, while I can do it, it takes me way too long. Here, if I ever got a nasty I'd just reimage the machine, all the important stuff is on the server, and backed up nightly so I've got nothing to lose.
> 
> Actually, this makes me realize I should make a new image of the server, I guess I'll do that tomorrow or the next day while everyone's gone so it's not missed.
> 
> I really wonder how people get all these nasties so quick, I've only had one virus and never a piece of adware/spyware, and that was years and years ago...I guess they don't watch where they go.
> 
> But then, I've never used IE either. Before Firefox I used Netscape, never could stand IE.


I dont know how to remove them either which is the other reason i format. If it cannot be cleaned up by some sort of a scanner, i blow the hd away and start over. The main way people i find pick up this crap is by using some type of illeagal p2p service like limewire and are not carefull what they click on. You are correct as well as the last time i had a virus issue was years ago too. Also what happens is that they get one peice of malware and either A, that is a dialer trojan that calls in its buddies and has a fiesta, or B, they get one peice of malware and the list grows with them not dealing with the problem while its small and basically wait for the pc to grind to a halt before doing something about it.

Funny that also just made me realize somthing i hear technicians now do to remove malware without extensive know-how. I have heard that they basically keep an old machine around that would run windows or some other operating system and load it with some more powerfull antivirus scanner (and it could be a commercial on demand like symantec securityscan or stinger...etc) and they would take the hd out of the clients computer, connect it to their machine as a secondary and run those scanners (after updating of course) and they have had good disinfection results. This is because the malware wont hide if the drive is not being used as primary. The os just sees it as data.


----------



## jp1203

new tech guy said:


> The main way people i find pick up this crap is by using some type of illeagal p2p service like limewire and are not carefull what they click on. You are correct as well as the last time i had a virus issue was years ago too. Also what happens is that they get one peice of malware and either A, that is a dialer trojan that calls in its buddies and has a fiesta, or B, they get one peice of malware and the list grows with them not dealing with the problem while its small and basically wait for the pc to grind to a halt before doing something about it.


This last guy seemed to do just that, when I logged onto his account, it just gave me a stop error, but when I logged onto admin it acted decent, but very sluggish with over 100 running processes. I didn't even play with scanning because I knew I was working with very limited time, and he understood that. I copied over his music and documents and wiped it.

I noticed he had a limewire icon, that's probably a lot of it right there, and I noticed his music folder was kinda an odd size, 30 GB for 2000 files, which I didn't have time to copy back and forth. About 100 of the files were er...inappropriate videos. I deleted them (honestly, I don't think I'd save them even if he specifically asked, I'm so against anything like that if I see it, it goes away--too bad for them). Going looking for that content probably got him even more malware on top of the P2P activities.

Maybe I get nothing because I don't run any P2P apps, and really watch what sites I go to. Actually, to tell the truth I don't surf around much. I'm either here, at Caedes, or reading a couple articles on the New York Times or Boston Globe...that's about it most of the time.

Gotta run off to bed for now, rest of the family's leaving for a few days so I gotta help them pack and whatnot. I don't mind, only downside is I'm constantly spending money on food out at various restaurants instead of eating home. I wish the pizza places would deliver up here, but none are willing to go 15+ miles.

Hey NTG, how about you drive up here and meet me for lunch tomorrow , it'll only take you about 4-5 hours to get here from New Joysey, and the taco salad bowls the local restaurant makes are worth going across the country for.


----------



## new tech guy

JStergis said:


> This last guy seemed to do just that, when I logged onto his account, it just gave me a stop error, but when I logged onto admin it acted decent, but very sluggish with over 100 running processes. I didn't even play with scanning because I knew I was working with very limited time, and he understood that. I copied over his music and documents and wiped it.
> 
> I noticed he had a limewire icon, that's probably a lot of it right there, and I noticed his music folder was kinda an odd size, 30 GB for 2000 files, which I didn't have time to copy back and forth. About 100 of the files were er...inappropriate videos. I deleted them (honestly, I don't think I'd save them even if he specifically asked, I'm so against anything like that if I see it, it goes away--too bad for them). Going looking for that content probably got him even more malware on top of the P2P activities.
> 
> Maybe I get nothing because I don't run any P2P apps, and really watch what sites I go to. Actually, to tell the truth I don't surf around much. I'm either here, at Caedes, or reading a couple articles on the New York Times or Boston Globe...that's about it most of the time.
> 
> Gotta run off to bed for now, rest of the family's leaving for a few days so I gotta help them pack and whatnot. I don't mind, only downside is I'm constantly spending money on food out at various restaurants instead of eating home. I wish the pizza places would deliver up here, but none are willing to go 15+ miles.
> 
> Hey NTG, how about you drive up here and meet me for lunch tomorrow , it'll only take you about 4-5 hours to get here from New Joysey, and the taco salad bowls the local restaurant makes are worth going across the country for.


Ok i see your point. Uncle used to do stuff around here before he moved. Told me he had quite a few virus cases cause ppl were hitting the sites, frankly, id be afraid to touch the keyboard, god only knows what he did around that thing... . But that is probably majority. Had a person up the street who did that to theirs. Big limewire phenatic, downloaded everything from there. His sister used it too and unleashed viruses on the system. I remember the first time i wiped and cleaned it out. Then he called me back asking me to install office 03 and also picked up another virus. So i figured it would be best to disinfect as sp3 had just come out on xp, and office would require its own updates. Therefore i set to work and previously i had to do somthing silly for him (take off backup software from an external hd he purchased) and had installed true image for him as a way to back up his system and imaged it). When i looked in the system, sure enough avg had a bunch of hits in virus vault, all coming from the shared folder of either he or his sister's account. Therefore i figured instead of wasting time scanning since i had office to do, he hooked up his hd, moved his stuff, and i restored the image. Then proceeded to load office.

I would love to take you up on that offer . Wait...you want ME to pay dont ya?! I paid about 30 bucks in gas to drive there, then you want another 50 outta me for food ?!   . But in any event tomorrow morning i plan on making bacon cheese omlettes if you wanna come by for that . Just bike on over, dunno how you would get here, maybe get to philly, then take the train to Ashland station and then give me a call .


----------



## ckphilli

valis said:


> but the bottom line, by knowing how it works, you are better equipped in knowing how to fix it.


Have to agree with you here. The part that irks me a little is the absence of any kind of non disclosure agreement or ethical practices in the guy's class. I don't have a problem with teaching it, but there has to be some kind of deterrent to practicing on an open network. And a deterrent may be present, but not reported in the article.


----------



## ckphilli

Think this is the class:

"340 Computer Security (3)
Current methods for increasing security, protecting privacy, and guaranteeing degrees of confidentiality of computer records; ensuring computer installation safety; protecting software products; preventing and dealing with crime; value systems, ethics, and human factors affecting use and misuse of computers. Discussion of recent technical, legal, and sociopolitical issues influencing computer security problems. Prerequisites: CS 215, 250 and 251, or consent of instructor."
http://www.sonoma.edu/catalog/02-04/computerscience.shtml

George: http://ledin.cs.sonoma.edu/


----------



## valis

ckphilli said:


> Have to agree with you here. The part that irks me a little is the absence of any kind of non disclosure agreement or ethical practices in the guy's class. I don't have a problem with teaching it, but there has to be some kind of deterrent to practicing on an open network. And a deterrent may be present, but not reported in the article.


agreed. And legally, it could land some kids in trouble, if they take their knowledge and decide to see what they can do with it, not to mention what could happen to the instructor and the university. Sorta opening themselves up for a lawsuit or 4 there.


----------



## tomdkat

win2kpro said:


> I will add one thing as a final thought that is strictly my opinion. In the article Professor Ledin is credited with making this statement. *"If college students can beat these antivirus programs, he argues, what good are they for the people and businesses spending nearly $5 billion a year on them?"*
> 
> I would like to ask Professor Ledin this question. If you are so smart, and good at teaching your students how to beat these antivirus programs, why don't you start your own antivirus company?


Great point but I think Professor Ledin's question is misdirected. I don't think the "problem" really lies with the antivirus apps and how good or not they are. I think the problem lies with Windows itself. Microsoft has really painted themselves into corner with their "too late to the game" approach to security, especially since they want EVERYONE to use Windows as their primary computing platform.

Peace...


----------



## valis

tomdkat said:


> Great point but I think Professor Ledin's question is misdirected. I don't think the "problem" really lies with the antivirus apps and how good or not they are. I think the problem lies with Windows itself. Microsoft has really painted themselves into corner with their "too late to the game" approach to security, especially since they want EVERYONE to use Windows as their primary computing platform.
> 
> Peace...


the big question out there is how much more security minded the next file structure is going to be. NTFS was quite a step up from FAT32, I can only hope that WinFS (or whatever they call it in the end) will be a bit more resistant to infection from the ground up that NTFS is.


----------



## Couriant

(note: I did not read the whole thread, just the first 2 and the last)

It's really a double edged sword really.

On one hand, you are teaching people on how to create viruses and what not to see how they work, and perhaps talk to anti-virus people to say "Hey I created this and disabled your program. Let's get together to make your program stronger to prevent this virus/etc from infecting others.

On the other hand, you are teaching people to hack, steal, what not and become a pain in the rear to potentially millions of people.

Really I would guess it will depend on which side of the Force the user is on, as to the readers of this thread in regards of do you think that it's a good thing for security, or a bad thing...

I see both sides of the argument, and I agree on both counts... my view is that it is for the good intentions of helping to prevent attacks.


----------



## Mumbodog

"Why would anyone believe that a college student learning to write viruses and other malware would go on to use their knowledge working for a company designing antivirus and other malware software"

Believe it or not, that is exactly what happens in the real world.

To defend against something, you must have first hand knowlege of what you are defending against. Companies hire the "bad guys" quite frequently, like it or not.


----------



## JohnWill

Mumbodog said:


> "Why would anyone believe that a college student learning to write viruses and other malware would go on to use their knowledge working for a company designing antivirus and other malware software"
> 
> Believe it or not, that is exactly what happens in the real world.
> 
> To defend against something, you must have first hand knowlege of what you are defending against. Companies hire the "bad guys" quite frequently, like it or not.


So, every one of those students are going to use that for only good purposes? It must be nice to be all seeing.


----------



## Mumbodog

"So, every one of those students are going to use that for only good purposes?"



I am sure a large percentage of those students will not use that knowlege at all, for good or evil.

Most college level classes like that one don't teach students what to think, but How to think.

"It must be nice to be all seeing. "

Yes, it is!


----------

