2004 was the worst in history for malware, a collective name for software designed to damage a system. New worm variants increased 400% over 2003, which was already a bad year, with the Slammer worm, the fastest-spreading intruder in Internet history, infecting an estimated 90% of vulnerable hosts within 10 minutes. In the first half of 2005, the number of malware attacks declined, but there was a rise in the number of attacks that exposed confidential information. Year-end statistics showed fewer viruses but more worms than in 2004. »

• Group C: Virus-writing for academic credit

  The University of Calgary has offered a course in virus-writing since 2003. News of its offering led to quite a controversy. The department head Ken Barker contends that the present "reactive" approach of combating viruses one by one is not working, and that computer professionals need to learn to be proactive in combating viruses. Supporters note that code from previous viruses has already been published, and that even tools for writing viruses have been posted to the Internet. Opponents argue that one might as well offer a how-to class in other kinds of computer abuse such as hacking, and that people do not study how to commit other kinds of crime in order to become better at combating it.

  • Is it helpful to study how to write a virus in order to understand how to combat viruses?
    
    
  • A fairly elaborate set of safeguards were employed (e.g., programming was done in pairs, with both members required to log in before any work could be done, the computers were not connected to an outside network and no media were allowed to leave the lab, and security cameras were mounted throughout the lab). Were these adequate to ensure that no virus left the computer lab where it is written?
    
    
  • Is it fair to compare this course with studying how to build more potent land mines, or develop a deadlier strain of smallpox?
    
    
  • Do you agree with opponents who have said there is no need to make the code self-replicating in order to study potential virus threats? Why or why not?
    
    
  • Opponents have noted that this course might backfire since most virus-writing firms won't hire people who have written viruses. Does this policy rob them of an invaluable resource? Or is this policy essential if they are to retain the public's trust?
    
    
  • The course has now been offered twice, and no harm has seemingly occurred. Some, however, argue that it is only a matter of time until one of the students launches a real virus. Do you think that this is true? An account of the first offering of the course is available.
    
    
  • The instructor of this course, John Aycock, is offering a course in spyware and spam this year. In view of the experience with the virus-writing course, is this a benefit or a danger? »
    
    
• Group D: Worms to eliminate worms

  Worms and viruses are taking ominous turns. Some of them can infect computers to which they are e-mailed even if the user does not open an attachment. In addition, polymorphic and metamorphic viruses change in "random" ways, making them much more difficult to detect.

  Enter the Welchi/Nachi worm, which was created to remove the Blaster worm. It seemed to have been created for a good purpose. It may not have been so benign. For what other purposes could this worm have been created? For hints, see this article. NCSU users can view it free of charge by going to the Libraries' electronic resources and clicking on "Academic Search Premier", then searching for "Malcode melee."

  We all want to contribute good things to this world that we live in. The abilities that we have as computer science students allow us to contribute in different ways. When acting on our impulses to do good when not sitting near a computer terminal, we choose to do many different, diverse things. I myself have worked with Habitat for Humanity, food drives, creek and stream cleanups and three storm recovery teams. The things that we do for people away from the computer all have direct and indirect positive effects. Likewise, we can help people by using our talents to donate our time to a charity website, help maintain a charity database or other community service work that involves hardware and software. The commonality among these two is in the fact that we use established ethical and legal methods to perform our duties. Why is it different if we write a worm to destroy another worm?

  If you were to write a worm, how could you guarantee that this worm would not harm unintended victims? Try to cover aspects not mentioned by other students.

  Please reread this article. The intended victims of these worms do have similar characteristics. What are these characteristics? Are the virus/worm authors taking the law into their own hands? »