University-promoted Malware
Multiple university courses, most notably the freshman engineering curriculum hosted in the Department of Engineering Education, require students to install malware and malware-like software on their devices for purposes mandatory to success in the class. These pieces of software can perform malicious acts, such as take over the students computer for periods of time, prevent students from accessing other resources, and allow for teachers to monitor the work students are doing. However, all of these behaviours are prohibited by the University’s own policies
Offending Software
This is a partial list of software believed to violate the aforementioned acceptable-use policy and courses using each example:
- DyKnow
- ENGE 1215 – All instructors, all sections
- ENGE 1216 – All instructors, all sections
- Respondus LockDown Browser
- ENGE 1216 – All instructors, all sections
- Webcat Eclipse Submitter Plugin
- CS 3114
Public Shaming
The following courses are known to use malware-like software as part of a course requirement:
- Engineering Education 1215 – Introduction to Engineering
- Engineering Education 1216 – Introduction to Engineering Design
- Computer Science 3114 – Data Structures and Algorithms
Best Practice Recommendations
The VTLUUG wiki links associated with the above have best-practice recommendations associated with those pieces of software. For DyKnow, it boils down to: Run in a VM. Respondus has no known method of mitigation with the university-distributed binary (binaries are released on a school-by-school basis).
For The Webcat Submitter, the official version is currently known to work for the same purposes, and does not collect the statistics and metadata the version recommended by the CS department does. Alternately, write your code in a seperate environment and remove eclipse from your workflow entirely.
References
- Instructions on installing the malware-like Eclipse plugin Imported from piazza