Know and understand the use of anti-malware and anti-virus software

4 Networks and the Effects of Using Them

Objective – Know and understand the use of anti‑malware and anti‑virus software

---

4.1 What is a Network? – Hardware, Basic Concepts and Topologies

A network is a group of computers and other devices that are linked together so they can share resources such as files, printers, internet access and applications.

Key Hardware Components

Device	Primary Role	Security Relevance (Malware Spread)
Network Interface Card (NIC)	Provides the physical (wired) or wireless link between a computer and the network.	Compromised NIC firmware can act as a stealthy entry point for malware.
Router	Routes traffic between different networks (e.g., home LAN ↔ Internet). Provides NAT, DHCP and often a basic firewall.	Routers can be targeted by malware that intercepts or redirects traffic (e.g., DNS hijacking).
Switch	Connects multiple devices within the same LAN and forwards frames only to the intended recipient.	Exploitable for ARP spoofing or VLAN hopping, allowing malware to move laterally.
Hub	Repeats incoming signals to all ports; simple but inefficient.	Because all traffic is broadcast, a compromised device can easily sniff data.
Bridge	Links two separate network segments, making them act as a single network.	Improperly secured bridges can let malware cross from one segment to another.

Common Network Topologies (Cambridge Syllabus)

Topology	Shape / Layout	Typical Use	Security Considerations
Star	All devices connect to a central switch or hub.	Most modern LANs and Wi‑Fi access points.	Failure of the central device disables the whole network; central point must be secured.
Bus	Devices share a single communication line.	Older Ethernet installations.	Easy for a compromised node to sniff all traffic.
Mesh	Each device can connect to multiple others.	Wireless mesh Wi‑Fi, some WAN links.	Provides redundancy but increases attack surface; strong authentication required.

Wireless Technologies

• Wi‑Fi (IEEE 802.11) – convenient for laptops, tablets and smartphones but vulnerable to eavesdropping, rogue access points and malware that spreads via shared wireless resources.
• Bluetooth – short‑range link for peripherals; can be exploited by malware such as BlueBorne to spread between nearby devices.

Network Types (Syllabus Terminology)

• LAN (Local Area Network) – limited to a single building or campus.
• WLAN (Wireless LAN) – LAN that uses Wi‑Fi.
• WAN (Wide Area Network) – connects LANs over larger distances (e.g., the Internet).
• Intranet – private network used within an organisation.
• Extranet – part of an intranet that is accessible to selected external users (e.g., partners).
• Internet – global public network.

Cloud Computing (Advantages & Disadvantages)

Many schools and businesses store files or run applications in the cloud (Google Drive, Microsoft OneDrive, AWS, etc.).

Advantages	Disadvantages
On‑demand access from any device with internet. Scalable storage and processing power. Automatic backup options.	Dependence on internet connectivity. Potential data‑privacy issues if the provider is compromised. Shared‑resource attacks (e.g., cross‑tenant malware).

Modern anti‑malware suites often include cloud‑based scanning to check files against a constantly updated online threat database, improving detection of new malware.

---

4.2 Network Issues – Security, Passwords, Anti‑malware, Electronic Conferencing and Data Protection

Security Issues Covered by the Syllabus

• Data transfer – files sent by email, USB drives, network folders or cloud services can carry malware.
• Passwords & authentication – weak or reused passwords, lack of multi‑factor authentication (MFA) make it easier for attackers to install malware.
• Anti‑malware / anti‑virus – essential tools for detecting, quarantining and removing malicious code.
• Electronic conferencing – video‑/audio‑calling platforms (Zoom, Microsoft Teams, Google Meet) can be used to deliver malicious links or files.
• Privacy & confidentiality – personal and sensitive data must be protected during transfer and storage (GDPR, UK Data Protection Act 2018).

Authentication Methods (Syllabus)

• Passwords (with complexity rules)
• Multi‑factor authentication (MFA) – e.g., OTP, authenticator apps
• Biometrics – fingerprint, facial recognition
• Smart cards and security tokens
• Windows Hello / Apple Face ID integration with device‑level protection

Electronic Conferencing – Safe Practices

1. Keep the conferencing software up to date; enable automatic updates.
2. Use meeting passwords or waiting rooms; share the link only with intended participants.
3. Disable file‑sharing unless required; scan any received files with anti‑malware before opening.
4. Educate users not to click unexpected “join” links or pop‑up screens.
5. Prefer screen‑share that requires host approval.

Data‑Protection & e‑Safety (Cambridge Requirement)

When personal data (name, address, pupil records, etc.) is transferred or stored, the following principles apply:

• Lawful, fair and transparent processing – only collect data that is necessary and inform the owner how it will be used.
• Purpose limitation – use data only for the reason it was collected.
• Data minimisation – keep only the amount of data required.
• Security – encrypt files, use strong passwords, and protect devices with anti‑malware.
• Accountability – maintain records of who accessed the data and when.

e‑Safety also covers responsible online behaviour, avoiding cyber‑bullying, and reporting suspicious activity.

---

4.3 What Is Malware?

• Malware – any software deliberately created to damage, disrupt or gain unauthorised access to a computer system.
• Common types (as listed in the syllabus):
  • Virus – attaches to legitimate files and spreads when the host file is executed.
  • Worm – self‑replicates across a network without user interaction.
  • Trojan horse – appears legitimate but hides malicious code.
  • Spyware – secretly gathers information about the user.
  • Adware – displays unwanted advertisements, often bundled with other software.
  • Ransomware – encrypts data and demands payment for the decryption key (e.g., WannaCry).
  • Rootkit – hides the presence of other malware and gives attacker privileged access.
• Typical threat vectors (expanded to match syllabus wording):
  • Phishing – deceptive emails or messages that trick users into revealing credentials or downloading malware.
  • Smishing – phishing via SMS.
  • Vishing – phishing via voice calls.
  • Pharming – manipulation of DNS to redirect users to fake sites.
  • Card‑fraud – malware that captures payment‑card details.
  • Hacking – unauthorised exploitation of vulnerabilities to install malware.

---

4.4 Anti‑malware vs Anti‑virus

Historically “anti‑virus” referred only to software that targeted viruses. Modern security suites are called “anti‑malware” because they protect against a wider range of threats.

Feature	Anti‑virus	Anti‑malware (modern suite)
Primary focus	Viruses and simple worms	All malicious software – viruses, worms, trojans, ransomware, spyware, adware, rootkits, etc.
Detection methods	Signature‑based scanning	Signature‑based, heuristic analysis, behavioural monitoring, cloud‑based scanning, machine‑learning.
Typical features	Real‑time scanning, scheduled scans	Real‑time protection, web filtering, email scanning, firewall integration, sandboxing, device control, cloud scanning.
Update frequency	Daily or weekly	Multiple times per day (often automatic)

---

4.5 How Anti‑malware Software Works

1. Signature detection – compares file hashes and code fragments against a database of known malicious signatures.
2. Heuristic analysis – looks for suspicious code patterns or unusual file structures that may indicate a new or modified threat.
3. Behavioural monitoring – observes programs in real time; blocks actions typical of malware (e.g., modifying system files, creating hidden processes, unusual network traffic).
4. Cloud‑based scanning – sends file hashes or metadata to remote servers for rapid verification against an ever‑updating threat database.
5. Sandboxing – runs suspicious files in an isolated virtual environment to see what they do without risking the host system.
6. Quarantine and removal – isolates infected files and either cleans them (removing the malicious component) or deletes them permanently.

---

4.6 Benefits and Risks of Using Anti‑malware in a Network

Benefits of Using Anti‑malware	Risks if Not Used / Inadequate Protection
Prevents data loss and system downtime.	Ransomware can encrypt critical files, causing loss of access and possible ransom payment.
Stops infections spreading to other devices on the same network.	Worms and network‑propagating trojans can compromise every connected computer.
Protects sensitive personal and organisational information from theft.	Spyware, keyloggers and data‑exfiltration tools harvest passwords, pupil records, or financial data.
Helps meet legal obligations (GDPR, UK Data Protection Act 2018) by safeguarding personal data.	Non‑compliance can lead to fines, legal action and reputational damage.
Maintains network performance by preventing resource‑draining attacks.	Bot‑nets or DoS attacks can saturate bandwidth, slowing legitimate work.

---

4.7 Best Practices for Effective Protection

1. Install a reputable anti‑malware suite on every device that connects to the network (PCs, laptops, tablets, smartphones).
2. Enable real‑time scanning and automatic definition updates; ensure updates occur multiple times per day.
3. Schedule regular full system scans (at least weekly) and occasional deep scans of external storage devices.
4. Use strong, unique passwords for all accounts; enable multi‑factor authentication wherever possible.
5. Adopt additional authentication methods for privileged users (smart cards, hardware tokens, biometrics).
6. Educate users about phishing, smishing, vishing, malicious links, unsafe downloads and the dangers of unknown Bluetooth/Wi‑Fi connections.
7. Keep operating systems, firmware (NIC, router, BIOS) and all applications up to date with security patches.
8. Implement network‑level security: firewalls, intrusion detection/prevention systems (IDS/IPS) and VLAN segmentation.
9. Secure electronic conferencing – keep software updated, use meeting passwords or waiting rooms, and scan shared files before opening.
10. Back up critical data regularly (daily for important files) and verify backup integrity; store backups offline or in a separate cloud region.
11. Apply e‑safety and data‑protection guidelines: encrypt personal data, limit access to authorised users, and retain records of data handling.

---

4.8 Simple Anti‑malware Workflow (Typical File Access)

File accessed → Signature check →
• Match = > Quarantine/Block → End.
• No match => Heuristic analysis →
• Suspicious = > Quarantine/Block → End.
• Clear => Behavioural monitoring while the file runs →
• Malicious behaviour = > Quarantine/Block → End.
• No malicious behaviour => File allowed to execute → End.

---

4.9 Data Protection, Privacy and e‑Safety Summary

Effective network security for the IGCSE ICT syllabus combines technical safeguards (anti‑malware, firewalls, secure hardware) with good organisational practice (strong authentication, regular updates, user education, and robust data‑protection policies). By understanding how malware spreads, how anti‑malware detects and removes threats, and how to apply e‑safety principles, students can design and maintain networks that are both functional and secure.

---

4.10 Summary

Anti‑malware and anti‑virus software are essential components of network security. They protect against a wide range of malicious software, help maintain data integrity, support compliance with data‑protection legislation, and keep network performance stable. When combined with sound hardware knowledge, strong authentication, regular updates, user education, and complementary network‑level measures (firewalls, IDS/IPS, VLANs), they provide a robust defence for any school or small‑business network.