Security vendors are, perhaps understandably, more than a little peeved. This could well be more to do with the arguments emanating from the direction of the good Professor than the actual course itself.
Newsweek sums up the Ledin position as being, in a nutshell, that consumer antivirus products are useless in college students can work around them. They are nothing more than a $5 billion per year cash cow for the vendors.
Of course, not everyone who uses a computer is taking a college course which teaches them to evade security software protection, so the argument does have some flaws. But then so does the counter-argument that Professor Ledin is some IT Dr Evil turning geeks into cyber-criminals.
The course has actually got much more to do with churning out future computer security professionals who can join the fight against cyber-crime rather than Mini-Me miscreants. Sure, there is the potential for harm but then the same can be said of any course which teaches the relevant programming skills.
When the courses first started, the Sonoma State University said that "students are learning the intricacies of how computer viruses are constructed in much the same way biology students learn about the intricacies of bacterial organisms and other life forms that cause disease."
But what about the ethics of malware instruction, and what do the security vendors have to say about it all? Find out on page 2...
It quoted a philosophy professor, John Sullins, who was working with Ledin on the ethical perspective of the course as comparing learning about malware to learning a martial art. "Ledin's class provides students with an uncommon opportunity to learn" Sullins said "not only how to react and defend against malicious computer programs, but also how they are used and the logic behind their construction."
Ledin himself is adamant that his students are not in it to cause harm, and cannot do so anyway as they work within a totally sand boxed environment meaning there is no danger of their experiments leaking out into the wider networked-world.
And anyway, why the big fuss? The course has been running for some time now and was not even the first of its ilk. As far as I am aware that honour goes back to 2003 when the University of Calgary announced plans for a Computer Viruses and Malware course.
At the time, the then global director of education for security vendor Trend Micro, David Perry, said "Why not have classes in hacking? Why not have classes in all kinds of malicious computer activity? You don't send somebody out to shoot someone so they understand what happens when somebody gets shot."
No, but you do train policemen and soldiers in how to use a weapon, and they do train for shooting people in highly realistic simulation environments. Very little difference, in actual fact, from teaching the mechanics of malware within a safely sand boxed lab.
Not that this cuts the mustard with security vendors, most of whom simply do not employ anyone with a history of creating malicious code as a matter of policy. And that, it seems, would include doing so at college...