jmolini@nasamail.nasa.gov (James E. Molini) (12/21/90)
DRAGON@RCN.BITNET writes: >... What kind of job market is there for computer programmers who >specialize on detecting and eliminating viruses from other systems? >Is it a job that one can make a decent living at? What languages >(Computer) are best suited for combatting viruses? And who >(Corporations) would hire a computer anti-hacker? Thanks for all >your help. Since I think Dave Chess answered the other half of your posting, let me take a stab at this one. You could probably make more money writing Dungeons & Dragons computer games than you could being a computer cop. So the real question becomes, "Do you want to get rich in computer security, or do you just want to make a decent living?" From what I have seen over the years, anyone who ever loaded a key into a piece of crypto gear has called themselves a Computer Security Expert at one time or another. We are also seeing a lot of ex- military intelligence types in the area as well. These people are fading away as the field becomes more complex. But we also have a new influx of "talent." These are the people who used to be employed writing trusted computer systems for the DoD. Now that DoD funding is going away they are looking for jobs too, and guess what they claim to be? That's right, computer security experts! So what does it take to be competitive in this field? It takes at least a bachelor's degree in Computer Science and a strong background generally in security. This means understanding Risk Analysis, Investigative Techniques, and Sensitivity Analysis. It is not something you can learn in a year. If you want to know what language is best to know I can help there too. Definitely not BASIC. You should know at least one high level language, like Pascal, or C. Then pick a machine platform, or two and learn Assembly language on each one, well enough to do some low level programming. This is important because most of your virus work will concern disassembly of virus code. But don't stop there. You will need to know data structures, Operating Systems, Computer Architecture, and database concepts. After all that you will need some experience so that you can see first hand that most problems are due to poor code instead of malicious code. Of course, I'm not sure if virus busting is a decent living, or not. It has been a cottage industry since the first viruses started appearing 4 years ago (please no more arguing about dates). In fact I know of very few organizations that have full time virus response teams. I guess John McAfee is making a decent living off of this stuff, but he has been doing it since 1988 (how many of you remember getting "certified" on the old Interpath BBS?). But with all of the problems he's had with the industry I certainly wouldn't trade places with him. Most companies today don't have the discretionary funding to start up a Virus Research effort. I have to read Virus-L at home because I have a "real" computer security job to go to every morning. I am not alone in this respect. Most companies don't realize the amount of "phantom dollars" they are spending on viruses today. When they do, we'll see a much more effective response to this problem. Now it's time to try out my new disclaimer: NOTICE: The ideas and opinions expressed herein are the property of the author and are provided for the public good. Any attempt to excerpt, or compile the information in this message for tangible personal gain requires the prior informed consent of the author. Thanks, Jim Molini
frisk@rhi.hi.is (Fridrik Skulason) (12/24/90)
DRAGON@RCN.BITNET writes: >... What kind of job market is there for computer programmers who >specialize on detecting and eliminating viruses from other systems? >Is it a job that one can make a decent living at? What languages >(Computer) are best suited for combatting viruses? And who >(Corporations) would hire a computer anti-hacker? Thanks for all >your help. Well...as I am one of the people who partially make a living out of fighting viruses, I have a few suggestions. You can indeed make a decent living by fighting viruses, but it is hard to get rich. Anyhow, there are three options: 1 - writing and selling anti-virus software...it is possible, but not easy...I just barely make enough money from my own programs to continue writing them. If you want to write such programs, be warned...it is a difficult market and crowded...but if you still want to try...here is what you need: Very good knowledge of assembly language...I am not talking about a one-semester course or anything like that...you need the kind of practice you get by writing assembly-language programs for several years. Very good knowledge of the operating system in question - you must know every documented call, and also quite a few of the undocumented ones. Very good knowledge of the hardware...I/O ports, absolute addresses etc. Decent knowledge of at lest one high level language...C or Pascal recommended. Last, but not least...samples of most of the different viruses, just to make sure your programs work. On a PC this means nearly 350 different viruses...and a lot of work... The problem of course is to sell your program...having the best anti-virus program is not of much use, if nobody knows of its existence. 2 - Anti virus service...no programming, you just help people clean up viruses and recover from attacks. This also involves installing anti-virus programs. 3 - Writing about viruses...write a book...or magazine articles or anything. The problem, in my opinion, is that all the virus-books available only increase the "popularity" of viruses, leading to the writing of still more viruses. - -frisk Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |