Is it ethical to teach teens about software viruses?

Question

I volunteered to instruct an after school computer club at my son's middle school. There has been a lot of interest in computer viruses. I was thinking about showing them how to create a simple batch file virus that will infect other batch files in the same directory. Also show how creating a batch file with the same name, but that is closer in the path, can replace another program.

It could also allow for discussion of anti-virus techniques - recognizing viruses and virus like behavior.

I mentioned the idea to my wife and she thought it was a terrible idea. Compared it to giving them loaded weapons. I don't see it as dangerous since this technique wouldn't be immediately applicable for any real mischief on any modern operating systems.

Am I being too cavalier or is she being too concerned? This isn't a settle this argument for me question, I am just trying to get another opinion.

Update: I don't plan to cover moving between systems (or even directories) or any malicious behavior. And lest anyone think I am revealing any deep dark secrets, here is a book from 1996 I found at the library that goes into a lot more detail than I planned to cover. If some is motivated to be malicious they will find a way.

Remember the "I love you" virus? Written by a lovesick kid which caused massive downtimes and havock on e-mail systems around the world? He probably didn't have more knowledge than you are proposing to impart... — Marjan Venema, May 29 '11 at 06:59
If I remember well, the 'lovesick' argument only apply to the movie they made recently, it has nothing to do with that worm. — Federico klez Culloca, May 29 '11 at 09:39
@Marjan: Yeah, but with the knowledge to write an "I love you" virus you won't get very far anymore nowadays... — fretje, May 29 '11 at 11:11
@federico: maybe the kid wasn't lovesick, but that was not the point of my argument. — Marjan Venema, May 29 '11 at 11:37
@fretje: that whatever they can write with that kind of knowledge wouldn't get them very far nowadays is moot. I'd prefer not to see kids encouraged to think about how they can make a nuisance out of themselves and cause trouble for other people. Which is exactly what they may be encouraged to find out how to do when they find that they are not getting very far with the knowledge level Jim is talking about. — Marjan Venema, May 29 '11 at 11:42
Sure you should stop. While you are at it make sure not to teach teenagers about sex, drugs, war, murder, rape, assault, theft, espionage, guns, swear words, dishonesty and the numerous other things that people do which are wrong. Knowledge of the thing of which you are learning about and the consequences of using said knowledge is the best preventative you can give someone. Ignorance is far more likely to lead them to misuse any knowledge they find on their own rather than being well educated on a subject. — Cromulent, May 29 '11 at 14:07
They teach about viruses when educating teens about sex; why not when educating them about computers? :-) — Denis de Bernardy, May 30 '11 at 16:05
more like water gun. @Simnon sure you want to teach teenagers about sex and what is the risk, how bad war, murder, rape, assault, theft, espionage, guns, swear words, dishonesty and the numerous other things that people do which are wrong are, make them aware. — Lukasz Madon, May 30 '11 at 21:39
I don't have any personal moral problem with teaching children how to write code, but why? It's not like you are stretching the bounds of knowledge in computer science, SURELY you can find something that is equally as interesting / challenging / rewarding and won't cause the PTA association to stop inviting you to the social gatherings at holidays, right? I mean teach them how to make a computer game or something...I'd trust the wife's intuition here, I can guarantee you that you don't want to have to battle the rest of the concerned parent's concerns over some "fun and games". — Chase, May 31 '11 at 01:33
@Simon,Denis I'm sure they don't teach how to deliberately infect people with virusses during sex ed, so why do it during computer lessons? Teaching kids how to create virusses is immoral and unethical, possibly illegal. — jwenting, May 31 '11 at 06:04

score 54 · Accepted Answer · edited May 30 '11 at 23:50

54

I recently found a picture of me when I was 12 and reading a book about computer viruses. It was in 1988. Like your students, I was fascinated by them.

The next year I started high school and was accused to being the origin of the virus infection of all computers in the school. Of course, it wasn't me. I was good at computers, so the teachers said it was me.

If I put myself in back in time, I can tell you that since I was very well informed by the effects of those viruses, I would never have done such a thing. Why I would do that? Harm people? No way!

Therefore I think that the more they are informed by the effects, the less likely they use them.

But this statement is linked to boys that were like me, in a good environment with strong rules and education.

If you teach computer viruses to students with a history of doing bad things, not well educated, or troubled, they will certainly use them to do bad things. So it highly depends on the audience, your students.

edited May 30 '11 at 23:50

Chris

5,663
3
28
39

answered May 29 '11 at 09:59

1

I wish I could upvote this more than once. – Marcin May 29 '11 at 12:08
@Walter: thanks for your edits. They help me a lot with my English. – May 29 '11 at 13:18
6

I remember reading of a dad in a violent community, who taught his kids how to use rifles. His intention was wise. He bought them rifles and sent them to training centres where responsible people taught the kids how to use the rifles and all the technical details that they needed to know. They were also taught that shooting a person implied 'MURDER'. The kids also had plenty of chances to fire their weapon at the range. It certainly whetted their appetite to use weapons, but at the end of the day, they were responsible people who knew how to use their skill & weapon safely. – Nav May 30 '11 at 04:19
2

Could not agree more, Pierre. [And I'd add, as a rough generalisation: More knowledge it almost always a good thing... Totalitarian regimes try to ban knowledge - for a reason. It stops people thinking, and if they can't think then they might be able to criticise.] – quickly_now May 30 '11 at 08:49
There's something to be said for giving damaging or dangerous knowledge to the immature or adolescent. I think the word is "Caution". – dietbuddha May 31 '11 at 04:16
Hi Jim. I agree to what Pierre said. It's important to show the basic things how they work - and what the problems are with that kind of software. Teach them the basics, show them how it works, but also tell them what time consuming, expensive and annoying it was for the people to get rid of the loveletter and the sql slammer. Like the story of the admin that had to stay at work for really, really long hours and missed his childs's birthday because of that virus... – Sebastian P.R. Gingter May 31 '11 at 05:45
reading about them and teaching kids how to make and spread them are 2 different things... – jwenting May 31 '11 at 06:05

score 13 · Answer 2 · answered May 29 '11 at 10:21

I think the idea is excellent: people need to know how viruses work so that they can (a) write antivirus tools and (b) learn how to break things. The latter will serve them in good stead when they have to write solid code.

Learning about viruses and how they can propagate sounds like a springboard for many lines of investigation - how programmers make mistakes, what mistakes they make, how to avoid making them, how computers actually work, operating systems, network code, ...

I think a healthy dose of ethics would go well in the course: what damage viruses have done, for instance. You don't need to be preachy about it. Robert Morris didn't mean to write the first worm - or at least didn't mean for it to get out of hand - so it can be an instructive lesson not only in what kinds of bad things can happen, but also how something that seems like a good idea can go out of control.

Robert Morris *said* he didn't mean for it to get out of hand, after the fact, once he'd been caught. His actions, though, suggest otherwise. If he hadn't known he was doing something very wrong, he wouldn't have been so sneaky about releasing it. — Mason Wheeler, May 31 '11 at 03:02

score 5 · Answer 3 · answered May 29 '11 at 14:00

I learned how to write a COM and EXE viruses when I was in high school back then in '96. It's what got me to programming and switching from Basic to Pascal & Assembly and learned how the underlying hardware's mechanism works. Rewriting Norton commander from Peter Norton/John Socha's book (verbatim) was quite an achievement and exhilarating.

So I think teaching teens how to write a virus could be helpful to some extent to foster their sense of curiosity and inquisitive mind, because it's interesting for them. From my own account, the only bad thing I did was to infect my friend's 5.25" disk's boot sector but that's how far I went about it.

Surely as Pierre 303 noted you have to evaluate your students' attitude and then try to exploit and direct their interests to something more useful like giving them tasks to create programs etc.

score 5 · Answer 4 · answered May 31 '11 at 02:05

I don't think it's a good idea, for pragmatic rather than ethical reasons.

People (almost certainly boys) who want to learn how to write a virus or how they work will learn very well without your help. Nobody ever taught me, and I could write simple viruses by 13. Those who would be capable of using that ability for good will understand how to do it merely by learning the basics of programming. Those who would be interested only because it's a virus, rather than as a particular niche of programming, are better off having to learn the hard way.

I think that is a really good point. – Jim McKeeth Jun 01 '11 at 06:16 — Jim McKeeth, Jun 01 '11 at 06:16

score 4 · Answer 5 · answered May 29 '11 at 06:37

4

They will abuse it, it will cause hell on the school network, they will suddenly be breaking the law before you can blink.

A great idea to teach them about the general concepts (peer-to-peer distribution, minimal system resource use, and decentralized communication are some of the cool things conficker did, for example) but teaching them specifics is asking for trouble.

answered May 29 '11 at 06:37

Trezoid

666
1
4
8

1

We should also let them know the consequence of abusing it, such as they will get arrested, etc, etc. – Second Person Shooter May 29 '11 at 08:45
Definitely, teach them to write peer-to-peer distribution software instead - they couldn't *possibly* get in trouble [doing that](http://www.wired.com/politics/law/news/2000/04/35670)... – Cyclops May 29 '11 at 22:43
1

@cyclops And yet blizzard uses it every day. Yes, there are some problem areas with the tech, but there are more legit uses then, say, viruses. – Trezoid May 30 '11 at 01:15
1

@trezoid - why teach kids how to play baseball because they will be beating others with bats before you know it! (ya...I know, it's a stretch :)) Most of the kids probably won't care outside the group and like xport said, letting them know the consequences as well lets them know how serious it can be. – Jetti May 30 '11 at 18:25
+1: I'm all for this. You can encourage the interest and the love by teaching generalizations and higher level understanding of how virii work etc. but providing them with implementation details is giving power where it was not earned. There's a **big** gap between knowing language syntax and how a virus "works" and actually _writing_ a virus. I suspect that one would have to have a certain level of malicious intent and dedication required to fill that knowledge gap. – Steven Evers May 30 '11 at 21:38
1

In these days of zero tolerance, I can see so many ways that this would back-fire. Just being seen as encouraging the one kid who goes off and downloads the script-kiddie virus of the week will put you in hot water. It seems to me that there are so many other things to teach that are safer (for you). – dave May 30 '11 at 21:49
Oh, please. Any 14-year old with a computer, an unfiltered connection to the Internet, and a compiler has the potential ability to do virus-writing. – Paul Nathan May 31 '11 at 04:51
@Paul The potential, yes. Then again, any person has the potential ability to poison someone. Most won't actually search out that knowledge but they're far more likely to use it negatively if they get taught it (because they actually know how) – Trezoid May 31 '11 at 06:25
@Trezoid ...er, I'm sorry, but that doesn't fly. There's just too much knowledge out there available to make 'lack of knowledge' to be a worthwhile argument. – Paul Nathan May 31 '11 at 06:28
@Paul Nathan: There's also nothing to stop that 14-year-old from surfing porn, but there's reasons why, if I were to be teaching schoolkids, I'd demonstrate searching for something else. One is liability: when dealing with children, it's often important to look as innocuous as you are. – David Thornley May 31 '11 at 17:13

score 3 · Answer 6 · answered May 31 '11 at 07:35

3

I wouldn't do it. You're thinking of doing this of all the right reasons. There's just one thing you haven't taken into account. The teachers, the (non-IT) administrators. If you talk to the kids about viruses, suddenly every infection the coming 50 years or so will be your fault. You know, because you showed them how to do it with them computer thingies.

answered May 31 '11 at 07:35

johnny

131
2

1

Feel free to make this a comment to the question instead of an answer as this doesn't answer the question. – johnny May 31 '11 at 07:36

score 2 · Answer 7 · answered May 30 '11 at 15:26

They are too young to know how (not) to use that knowledge. Keep in mind that there are probably a few stars in there who will take what they know and add it to what you share which will fill in the details you have chosen to leave out. Depending on where you live, if they do damage to the school's machines you may face prosecution. I think what you're doing by mentoring is great, but do take care.

score 1 · Answer 8 · answered May 29 '11 at 16:56

The answer is of course going to be it depends, but as of Wednesday I'll be finished with high school and I'll say from personal experience it will probably not be much but you never know how far your influence will reach.

Now I've spent my last four years, what I've considered the 4 shittiest years, of my life making the school's network my bitch. The network guys all talked to me and threatened me with legal consequences multiple times but the sad fact is they have not been able to get me out of their system. They are probably rejoicing at the fact that I am graduating because I'll be out of their hair.

That said when I entered high school as a freshman I had absolutely no ill will towards the school. All computer security information I had learned and tested was purely academic. After a while though my high school experience became rather soured for a large number of reasons. At that point I pretty much devolved into a hateful beast and I spent many a time sitting in class watching my teacher's laptop and smartboard suddenly shutdown because I just damn well felt like doing it. I actually had the police interrogate me because I was poking around their payroll system and they flipped the hell out over that one.

So long as you are not teaching them how to write a RAT or run a botnet I really don't think it is equivocal to handing them a loaded .45 and saying have fun, but you should consider that although they may be nice little kids now, they all might not stay that way. I don't want to sound cryptic here, but life has ways of making you jaded that you would never ever think of, and once that happens you can't predict what will happen.

So, instead, keep em in the dark, feed 'em on BS. And then they can go off to the library and borrow a book instead. With no further education about consequences / ethics / morals. Yeah, I can see that being a great step forward. Sounds like your network admins didn't know what they were doing. Most competent admins would stop your behaviour inside of a day or two. — quickly_now, May 30 '11 at 08:52
@quickly_now My point is not to leave them in the dark to learn on their own, which is arguably worse, but to be careful what you teach them and to reinforce the proper application of the knowledge. You never know how far your influences will reach. And I'm not even gonna touch on how shitty the network admins at my school district are... — , May 30 '11 at 13:19
@quickly_now: Focusing the efforts of your teaching time on positive and productive methods and knowledge, is not 'keeping them in the dark'. Remember that this isn't a lecture course in software security... it's the after school special for high school kids. It shouldn't even be an issue of ethics... teach them how to program _first_ before teaching them how to program maliciously. — Steven Evers, May 30 '11 at 21:44
Gee, my attempt at sarcasm failed miserably :) SnOrfus - I agree! esp: Teach them to program first. — quickly_now, May 30 '11 at 23:33
@quickly_now I think you forgot to close your sarcasm tag, , got it for ya! — , May 31 '11 at 01:49

score 1 · Answer 9 · answered May 30 '11 at 21:51

1

I don't think this is even an issue of ethics. It's an issue of a better, more productive, use of yours and their time.

First teach them how to write code. Then we should consider teaching them how to write malicious code - or defensive code for that matter; but in my experience, knowledge of one requires knowledge of the other.

If it's the only thing that gets these kids interested in programming, and they may not attend or be interested if you're teaching anything else (not even the old stand-bys like game programming), then there may be a legimate reason to worry about their intentions.

answered May 30 '11 at 21:51

Steven Evers

28,200
10
75
159

No explanation for the downvote? That's a shame. I'd be interested in some input on the issue. – Steven Evers May 31 '11 at 16:12
I thought you had a good point. I didn't down vote you. – Jim McKeeth May 31 '11 at 16:25

score 1 · Answer 10 · answered May 30 '11 at 21:56

I think that they would learn about it if they want, whether you mention about it or not. In fact, they would learn more about viruses outside classes than in a class. I think that it is good if you mention and describe them. Not everyone will build a virus to make harm, but for academic's purposes

score 1 · Answer 11 · answered May 31 '11 at 04:59

If they can hack code together and use Google, they can write viruses. I would expect teaching them viruses would quickly lead to a bunch of 'hurr, I virused you' to result. I would also expect that if they are already interested, they will fire up Google, whether you like it or not.

You aren't going to win by excluding knowledge. You're going to win by teaching them ethical behavior, so that when their local viruses go off, they write smiley faces on the screen (or porno on a teacher's background), instead of booting up a node in a cobbled-together botnet.

It's dangerous. Agreed. But if they are going to code... they will have the capacity to whether you like it or not.

You should- IMO- treat it in the same fashion as teaching how to use a gun. Hunter's Ed courses start at 12 years old. Maturity can exist at that age.

score 1 · Answer 12 · answered May 31 '11 at 08:42

It depends.

In any case, you should include a part about the legal background and the consequences. Make it absolutely clear that spreading viruses, even ones that aren't designed to be harmful, is a severe crime. Have them formally agree not to use their knowledge to perform any illegal activities: make them (or their parents if they're minors) sign an agreement about this. It's standard procedure for any serious security and hacking related courses. Do this before you start the actual curriculum. This is not only to protect yourself, it's also to send a clear signal that says "you don't want to go there".

Even then, I'd only do this if you trust your students a little. If you suspect some of them to be of lesser ethical maturity, limit yourself to the "how do I protect myself from viruses and hacking" part.

score 0 · Answer 13 · answered May 30 '11 at 22:30

I don't know that it's clear ethically. Certainly if you know all the kids well and they are all responsible and mature for their ages then it's probably okay.

I think if you do teach them potentially dangerous or damaging information you must take some responsibility for it. Both in making sure that they are well educated in the subject and in it's consequences, but also in whatever ways they end up using that knowledge.

score 0 · Answer 14 · answered May 31 '11 at 06:41

0

It is common practice to teach students how to do bad things when programming. These types of lessons are invaluable in learning the caveats and dangers of programming. It also is needed information when learning how to identify and prevent attacks. Of course you must stress that they shouldn't do these things except on their own computers. They will. But if they are doing it to learn then they will be careful. I would consider it a failure as a teacher if you didn't cover such topics. The information they learn here actually is generally applicable. If they become proficient programmers, it is information that they will have to know.

answered May 31 '11 at 06:41

Ben Richards

109
2

The OP is volunteering at a school to teach about computer viruses. Seeing not doing something while volunteering as a volunteer teacher as a failure is too much of an expectation. – vpit3833 May 31 '11 at 23:27
Sorry, but I don't understand what you're getting at. Can you reword it? If what I think you're saying is correct, you're a little off. He actually volunteered to teach a computer club at the school, so this is relatively long-term. Also, as one who has been taught malicious code in programming courses, I can attest that they are always taught with "DO NOT RUN THIS CODE" in big red letters, and also used as examples of how just a few lines of code can run amok. Also, his proposal of teaching about environment path precedence, while a potential exploit, is a common programmer's error as well. – Ben Richards Jun 01 '11 at 02:52
I was referring to ' I would consider it a failure as a teacher if you didn't cover such topics.'. – vpit3833 Jun 01 '11 at 03:52
A quick Google showed me http://news.cnet.com/2100-1002_3-1010538.html. Couldn't find references to middle schools teaching this topic. – vpit3833 Jun 01 '11 at 04:29

Is it ethical to teach teens about software viruses?

14 Answers14