There are several opinions on this issue. Those who think it should not be taught, have many arguments in their favor. To teach a student destructive techniques implies the possibility that, eventually, they could use them not to improve the security systems they might design, but rather to create new, dangerous viruses.
This does not mean computer science students fit the stereotypical image of a hacker: untidy youngsters locked in rooms full of computing materials, programming between pizzas and almost in the dark. A computer science student does not differ much from a law student, and they don't learn to commit crimes and avoid the law simply by studying it. Students of any discipline simply try to put it technique into practice, and although it is not easy to build a bridge in the first few years of your degree, it is easy to develop an experimental virus.
Even if universities decided not to teach students about how viruses work and how to create them, it is extremely difficult, almost impossible, that a computer science student cannot find out this information for themselves. They do not even need to be college students, as many secondary school students already have the knowledge needed to modify the code of an existing virus and create a new one that can pose an additional threat.
Every occupation in the world has a series of techniques that can be used either to destroy things or create them. Do police departments around the world not know what the most harmful ammunition is? Does any medical student not know what the most dangerous poisons are and how to use them? We can even go a little bit further: do children not know what stones will have the strongest effect on the heads of their enemies?
Everybody could use their knowledge to do harm, but the police knows very well how and when to use their ammunition, and doctors take an ancient oath, the Hippocratic oath, promising, among other things, that "to please no one will I prescribe a deadly drug, nor give advice which may cause death." In the case of children throwing stones at each other in kids' squabbles, you can only expect that, after the second stone hits any of them on the head, they will learn that the throwing stones at someone's head is dangerous.
Going back to the subject of this article, teaching students how to create malicious code can be beneficial for the training of an IT systems student. However, rather than teach them how to create malicious code, classes should focus on the techniques hackers use to create their malicious creations. An engineer must know the destructive power of explosives, not to use them against people but to use them for the benefit of society: in demolition work or to test the resistance of a certain building to an explosion.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.