Know and understand viruses and malware including how to take preventative action to avoid the danger of infecting a computer from a downloaded file

Topic 8 – Safety and Security

Objective (AO1)

Know and understand viruses, malware and other data‑threats, and be able to take appropriate preventative actions to avoid infecting a computer when downloading files.

1. Physical Safety (8.1)

  • Electrical safety – unplug equipment before cleaning, never touch live cables, use surge protectors.

  • Fire safety – keep fire‑extinguishers accessible, avoid covering vents, do not leave computers running unattended in unsafe environments.

  • Ergonomic safety – maintain correct posture, use adjustable chairs, take regular breaks to avoid strain.

  • Trip and fall hazards – keep cables organised and away from walkways, secure portable devices.

  • Heavy equipment – use trolleys or assistance when moving large monitors or servers.

2. What is Malware? (8.2)

Malware (malicious software) is any program deliberately created to damage, disrupt or gain unauthorised access to a computer system or the data it contains.

3. Types of Malware

TypeHow it worksTypical symptoms
Computer virusAttaches to a legitimate file or programme; spreads when the host is opened or executed.Slow performance, unexpected pop‑ups, corrupted or missing files.
WormSelf‑replicates across a network by exploiting vulnerabilities; does not need a host file.Network congestion, rapid bandwidth use, many duplicate files.
Trojan horseDisguises itself as useful software to trick the user into installing it.Unauthorised remote access, data theft, additional malware installed.
SpywareCollects information about the user’s activities and sends it to a third party.Unusual ads, changed browser settings, unexpected data usage.
Ad‑wareDisplays unwanted advertisements; often bundled with free software.Pop‑up ads, browser redirects, slower browsing.
RansomwareEncrypts the user’s files and demands payment for the decryption key.Files become inaccessible, ransom note appears on the screen.

4. Common Infection Vectors (How Malware Spreads)

  • Email attachments (especially .exe, .zip, .doc with macros)

  • Drive‑by downloads from compromised or fake websites

  • Peer‑to‑peer (P2P) file‑sharing networks

  • Removable media (USB sticks, external hard drives)

  • Instant‑messaging or social‑media links

  • Software updates from untrusted sources

5. How Malware Can Enter Through a Downloaded File

  1. Locate a file on an untrusted website, P2P network, or in an unsolicited email.

  2. Download the file without checking the source or its integrity (e.g., hash, digital signature).

  3. Open or execute the file – hidden malicious code may run automatically.

  4. Malware installs itself (often silently) and begins its payload (replication, data theft, encryption, etc.).

6. Preventative Actions – Knowledge (AO2)

  • Antivirus / anti‑malware software – install reputable software; keep virus definitions up‑to‑date.

  • Operating‑system and application updates – apply security patches promptly.

  • Verify the source – download only from official sites or trusted vendors; look for HTTPS and a reputable domain.

  • Check file extensions – beware of double extensions such as report.pdf.exe.

  • Scan files before opening – right‑click → “Scan with …”.

  • Enable a firewall – blocks unauthorised inbound and outbound traffic.

  • Use strong, unique passwords – at least 12 characters, mix of upper/lower case, numbers and symbols; avoid re‑using passwords.

  • Two‑factor authentication (2FA) – adds a second verification step (code, token or biometric).

  • Regular backups – external drive or cloud; essential for recovery from ransomware.

  • Sandbox / virtual environment – open risky files in an isolated environment before using them on the main system.

  • Phishing awareness – do not click links or open attachments from unknown senders.

7. Evaluation of Preventative Actions (AO3 – Pros & Cons)

ActionAdvantagesDisadvantages / Limitations
Antivirus softwareDetects known malware quickly; real‑time scanning.May miss zero‑day threats; can affect system performance.
Regular updatesCloses security holes before they are exploited.Requires internet access; occasional incompatibility issues.
FirewallsBlocks unauthorised inbound connections; can filter outbound traffic.Misconfiguration can block legitimate services.
Strong passwords & 2FAGreatly reduces risk of unauthorised account access.Users may forget complex passwords; 2FA devices can be lost.
BackupsProvides a restore point after ransomware or data loss.Backups themselves can be infected if not isolated.
SandboxingAllows safe testing of suspicious files.Requires extra resources; not all malware behaves the same in a sandbox.

8. Data‑Protection Principles (8.2 – GDPR / Data Protection Act)

  • Lawful, fair and transparent processing – personal data must be handled according to a legal basis and users must be informed.

  • Purpose limitation – data should only be used for the specific purpose for which it was collected.

  • Data minimisation – collect only the data that is necessary.

  • Accuracy – keep personal data up‑to‑date and correct.

  • Storage limitation – retain data no longer than needed.

  • Integrity and confidentiality – protect data against unauthorised or accidental loss, alteration or disclosure (e.g., encryption).

  • Accountability – organisations must demonstrate compliance with all principles.

9. Password Security (8.3)

  • Strong vs weak passwords

    • Strong: ≥12 characters, mixed case, numbers, symbols, no dictionary words.

    • Weak: short, common words, predictable patterns (e.g., “123456”, “password”).

  • Password interception – can occur via key‑loggers, packet sniffing on unsecured Wi‑Fi, or phishing sites.

  • Best practice – use a password manager, change passwords after a breach, enable password‑expiry policies where appropriate.

10. Other Threats to Data (8.3)

ThreatHow it worksTypical signs
PhishingDeceptive emails or messages requesting personal information.Urgent language, mismatched URLs, unexpected attachment.
PharmingManipulates DNS or hosts files to redirect users to fake websites.Correct URL but unusual page layout, SSL warnings.
SmishingPhishing via SMS text messages.Links to unknown sites, requests for OTP codes.
VishingVoice‑phishing – fraudulent phone calls asking for details.Caller pretends to be from a bank or tech support.
Card fraudUnauthorised use of credit/debit card details after a data breach.Unexpected charges, declined transactions.
HackingExploiting vulnerabilities to gain unauthorised system access.Unusual login activity, altered files, unknown software.

11. Protection Mechanisms (8.3)

  • Encryption – scrambles data so it can only be read with a key (e.g., BitLocker, file‑level encryption). Why? Protects confidentiality if storage media are lost or stolen.

  • SSL / TLS (HTTPS) – encrypts data in transit between a browser and a web server; indicated by a padlock icon. Why? Prevents eavesdropping and man‑in‑the‑middle attacks.

  • Digital certificates – verify the identity of a website or software publisher. Why? Ensures the user is communicating with the genuine service.

  • Firewalls – hardware or software that monitors and controls network traffic. Why? Blocks unauthorised inbound connections and can restrict outbound data exfiltration.

  • Biometrics – fingerprint, facial recognition or iris scan used as an additional authentication factor. Why? Provides “something you are”, which is harder to steal than a password.

  • Two‑factor authentication (2FA) – combines something you know (password) with something you have (code, token) or something you are (biometric). Why? Even if a password is compromised, the second factor blocks access.

12. Evaluation of Protection Mechanisms (AO3 – Pros & Cons)

MechanismProsCons / Limitations
EncryptionData remains unreadable without the key; essential for portable devices.Key loss = permanent data loss; can impact performance.
SSL / TLSProtects data in transit; widely supported.Only secures the connection, not the endpoint; expired certificates can cause trust issues.
Digital certificatesProvides authentication of websites/software.Cost of certificates; users may ignore warning messages.
FirewallsEffective barrier against many external attacks.Improper configuration can block legitimate traffic; does not stop insider threats.
BiometricsConvenient, hard to guess.False‑reject/accept rates; privacy concerns over biometric data storage.
2FAGreatly reduces risk of account compromise.Requires additional device or app; can be bypassed with sophisticated phishing (e.g., real‑time code interception).

13. Legal and Ethical Aspects (8.4 – AO3)

  • Data‑Protection legislation – UK Data Protection Act 2018 and GDPR require organisations to protect personal data, report breaches within 72 hours, and respect the eight data‑protection principles.

  • Copyright law – downloading, sharing or installing software, music, films or games without the rights holder’s permission breaches copyright and may be prosecuted under the Copyright, Designs and Patents Act 1988.

  • Responsible use – do not create, distribute or install malware; respect others’ privacy and intellectual property.

  • Reporting incidents – inform a teacher, IT administrator or the designated data‑protection officer immediately if malware is detected or a breach is suspected.

14. Step‑by‑Step Checklist for Safe Downloading (AO2)

  1. Confirm that the file is really needed.

  2. Navigate to a trusted website – check for HTTPS and a reputable domain name.

  3. Read user reviews or comments, if available.

  4. Download the file to a dedicated “Downloads” folder.

  5. Verify the file’s integrity (hash value, digital signature) where possible.

  6. Right‑click the file and select “Scan with [antivirus]”.

  7. If the scan is clean, open the file; if a threat is detected, quarantine or delete it and report the incident.

  8. After use, move the file to a secure location (e.g., encrypted folder) or delete it permanently.

  9. Update any relevant passwords if the file required authentication.

15. What to Do If Malware Is Detected (AO3 – Evaluation)

  • Quarantine the file using the antivirus programme.

  • Run a full system scan to locate additional infections.

  • Update antivirus definitions before rescanning.

  • Remove the infected file(s) if the antivirus offers a clean‑up option.

  • Change passwords for any accounts that may have been compromised.

  • Restore affected files from a recent backup if they were encrypted or corrupted.

  • Check for persistence mechanisms (e.g., scheduled tasks, registry entries) and delete them.

  • Report the incident to the school’s IT support or the appropriate authority.

  • Review security settings – ensure firewalls, updates and backups are active.

16. Suggested Diagram

Flowchart – Stages of a malware infection from a downloaded file

Source verification → Download → Integrity check (hash/signature) → Scan → Safe execution or Quarantine → Delete → Report

Key Take‑aways (AO2)

  • Malware includes viruses, worms, trojans, spyware, ad‑ware and ransomware; each spreads in a slightly different way.

  • Downloaded files are a common infection vector – always verify the source, check extensions, confirm integrity and scan before opening.

  • Physical safety, strong passwords, regular updates, reputable anti‑malware, firewalls, encryption, backups and sandboxing together provide layered protection.

  • Understanding the data‑protection principles (lawful processing, purpose limitation, data minimisation, etc.) helps you apply legal safeguards.

  • Legal obligations (GDPR/Data Protection Act, copyright law) and ethical behaviour (responsible use, reporting incidents) are essential components of good ICT practice.