Describe malware prevention strategies

ResourcesSubject NotesInformation Technology ITLesson Plan

eSecurity – Malware Prevention Strategies (Cambridge IGCSE/A‑Level IT 9626)

Malware (malicious software) is any program or code designed to damage, disrupt, or gain unauthorised access to computer systems. The Cambridge syllabus expects students to know the main types of malware, the purposes for which they are used, the consequences of infection, and the full range of software‑based, physical, and organisational controls that can prevent infection – together with the advantages, disadvantages and typical exam‑scenario use of each control.

1. Malware – Types, Uses and Consequences

  • Trojan horse – appears legitimate; used to install back‑doors, steal data or launch further attacks.
  • Worm – self‑replicates across a network without user interaction; often employed for sabotage or espionage.
  • Spyware – records user activity covertly; used for espionage and theft of personal or corporate information.
  • Adware – forces unwanted advertising; can act as a delivery vector for more dangerous payloads.
  • Rootkit – hides the presence of other malicious code; enables long‑term control for espionage or sabotage.
  • Botnet (malicious bots) – compromised computers that can be remotely controlled; used for DDoS attacks, spam, or large‑scale fraud.
  • Ransomware – encrypts files and demands payment; primarily a financial‑fraud tool. Example: In 2023 a regional hospital was locked out of patient records for 48 hours, costing £1.2 M in lost revenue and legal penalties.
  • File‑less malware – lives only in memory and uses legitimate system tools (e.g., PowerShell) to avoid detection.
  • Advanced Persistent Threat (APT) – a prolonged, targeted attack often involving multiple malware families and custom exploits.

Typical consequences of a malware infection (exam‑relevant points):

  • Financial loss – theft, ransom payments, downtime, and incident‑response costs.
  • Reputational damage – loss of customer trust and market share.
  • Legal & regulatory penalties – breach of data‑protection laws (GDPR, Data Protection Act).
  • Loss of intellectual property or confidential information.
  • Operational disruption – sabotage of critical services or production lines.

2. Personal Data – Security, Confidentiality & Social‑Engineering Threats

The syllabus links malware prevention to the protection of personal data. Personal data must be kept confidential, accurate, and protected against unauthorised access.

  • Data‑security measures – encryption, access controls, anonymisation, and secure disposal of media.
  • Social‑engineering threats that often deliver malware:
    • Phishing – deceptive e‑mail or website that tricks users into revealing credentials or downloading malware.
    • Smishing – phishing via SMS messages.
    • Vishing – voice‑call phishing, often used to obtain authentication codes.
    • Pharming – manipulation of DNS or hosts files to redirect users to fraudulent sites.

3. Prevention Methods – Software‑Based Controls

Control Advantages Disadvantages Typical exam scenario where this control is most appropriate
Antivirus / Anti‑malware software Real‑time scanning; easy to deploy; signatures & heuristics catch known threats. May miss zero‑day or heavily obfuscated malware; requires frequent definition updates. General‑purpose office PCs where cost‑effective baseline protection is needed.
Software firewall Filters inbound/outbound traffic; can block known malicious ports/IPs. Mis‑configured rules can impede legitimate applications; cannot stop attacks that use allowed ports. Workstations that need outbound Internet access but must restrict inbound connections.
Patch Management Removes known vulnerabilities before they can be exploited. Potential compatibility issues; depends on vendor release schedules. Servers hosting critical services where unpatched OS/applications pose high risk.
Application Whitelisting Only approved programs can execute – highly effective against unknown malware. Maintenance‑intensive; risk of blocking legitimate tools. High‑security labs or kiosks with a fixed set of required applications.
Secure Configuration & Least‑privilege accounts Reduces attack surface; limits damage if a compromise occurs. Higher administrative overhead; users may request elevated rights. Enterprise environments where many users need only read‑only access to data.
Network Segmentation (VLANs, DMZs) Contains infection to a limited zone; protects critical assets. Complex design and ongoing management. Organizations with distinct public‑facing services and internal finance systems.
Intrusion Detection / Prevention Systems (IDS/IPS) Detects known signatures and anomalous behaviour; can block attacks in real time. High false‑positive rates; requires skilled tuning. Data‑centre perimeter where rapid detection of sophisticated attacks is required.
Encryption (full‑disk, file‑level, TLS/SSL) Protects data at rest and in transit; limits impact of ransomware. Does not stop infection; key management adds complexity. Portable laptops containing personal or client data that may be lost or stolen.

4. Prevention Methods – Physical Controls

Control Advantages Disadvantages Typical exam scenario where this control is most appropriate
Hardware firewall / dedicated router Robust perimeter barrier independent of host OS. Costly to purchase and maintain; configuration errors can expose gaps. Small‑to‑medium enterprises needing a clear network demarcation.
Secure boot & Trusted Platform Module (TPM) Ensures only trusted firmware/OS images load; prevents low‑level rootkits. May conflict with custom or legacy hardware/software. Modern laptops used for handling sensitive personal data.
Secure boot chain verification (BIOS/UEFI password protection) Stops unauthorised changes to firmware settings; adds a physical‑access barrier. Forgotten passwords can lock legitimate administrators out. Shared workstations in public libraries or schools.
USB / port lockdown Stops malware spread via removable media; reduces accidental data leakage. Inconvenient for legitimate use; requires policy enforcement. High‑security environments where data must not leave the premises.
Air‑gapped systems Complete isolation from network‑borne threats. Limits functionality; data transfer must be tightly controlled. Industrial control systems or classified research labs.
Write‑once / immutable backup media Backups cannot be altered by ransomware; ensures a clean restore point. Higher cost; requires regular media rotation and off‑site storage. Critical business‑continuity servers that must survive a ransomware attack.

5. Organisational Measures that Directly Support Prevention

  • Security policies and procedures – define acceptable use, software‑installation rules, removable‑media handling, and remote‑access controls.
  • Regular, offline backups – versioned backups stored off‑site; test restoration quarterly.
  • Change‑management process – documents and authorises all hardware, software, and configuration changes.
  • User education and awareness – training covering:
    • Recognising phishing, smishing, vishing and pharming attempts.
    • Safe browsing habits and the dangers of downloading from untrusted sources.
    • Password hygiene and the use of multi‑factor authentication.
    • Reporting procedures for suspicious e‑mail or system behaviour.
    • Proper handling of removable media and the importance of lock‑screen policies.
  • Incident‑response plan – predefined steps for containment, eradication, recovery and post‑incident review.

6. Comparative Overview – Quick Reference

Prevention Method Type Key Advantages Key Disadvantages
Antivirus / Anti‑malwareSoftwareReal‑time protection; easy deployment.May miss zero‑day threats; requires updates.
Software firewallSoftwareFilters traffic; blocks known malicious ports/IPs.Improper rules can block legitimate traffic.
Patch ManagementSoftwareCloses known vulnerabilities.Potential compatibility issues.
Application WhitelistingSoftwareOnly trusted code runs.Maintenance intensive.
Least‑privilege & Secure Config.SoftwareReduces attack surface.Higher admin overhead.
Network SegmentationSoftwareContains spread of infection.Complex design.
IDS/IPSSoftwareDetects signatures & anomalies; can block attacks.False positives; needs tuning.
Encryption (full‑disk, file‑level, TLS/SSL)SoftwareProtects data even if ransomware encrypts files.Does not prevent infection; key management.
Hardware firewall / routerPhysicalPerimeter protection independent of host OS.Cost and configuration complexity.
Secure boot & TPMPhysicalPrevents unauthorised firmware/OS loading.May conflict with legacy systems.
BIOS/UEFI password protectionPhysicalStops unauthorised firmware changes.Risk of lock‑out if password forgotten.
USB / port lockdownPhysicalStops malware spread via removable media.Inconvenient for legitimate use.
Air‑gapped systemsPhysicalComplete isolation from network threats.Limits functionality.
Write‑once / immutable backup mediaPhysicalBackups cannot be altered by ransomware.Higher cost; media rotation required.

7. Summary Checklist for Malware Prevention (Exam‑Ready)

  1. Install reputable antivirus/anti‑malware software; keep signatures and heuristics up to date.
  2. Apply OS and application patches promptly via a documented patch‑management process.
  3. Enforce strong password policies and enable multi‑factor authentication for all accounts.
  4. Implement application whitelisting where the software environment is static.
  5. Configure secure settings and adopt least‑privilege accounts for users and services.
  6. Segment the network (VLANs, DMZs) to isolate critical resources from general user traffic.
  7. Deploy IDS/IPS and maintain hardware firewalls at the perimeter.
  8. Use full‑disk, file‑level, and transport‑layer encryption to protect data at rest and in transit.
  9. Apply physical controls: secure boot with TPM, BIOS/UEFI passwords, USB/port lockdown, air‑gap high‑value systems, and write‑once backup media.
  10. Maintain regular, offline, versioned backups and test restoration procedures at least quarterly.
  11. Establish clear security policies covering software installation, acceptable use, removable‑media handling, and incident reporting.
  12. Provide ongoing user education on phishing, smishing, vishing, pharming, safe browsing, password hygiene, and reporting suspicious activity.
  13. Develop and rehearse an incident‑response plan that includes containment, eradication, recovery and post‑incident review.
Suggested diagram: a layered defence model showing (from outer to inner) physical controls, software‑based controls, and organisational measures surrounding the core information system.

Create an account or Login to take a Quiz

33 views
0 improvement suggestions

Log in to suggest improvements to this note.