Computing · Year 11

Active learning ideas

Malware and Prevention

Active learning helps students grasp malware mechanics because abstract threats become visible when they simulate spread or analyze real cases. By moving from lectures to hands-on tasks, students connect cause and effect in ways paper examples cannot, building durable understanding of prevention strategies.

National Curriculum Attainment TargetsGCSE: Computing - Cyber Security
25–45 minPairs → Whole Class4 activities

Activity 01

Simulation Game35 min · Small Groups

Simulation Game: Virus vs Worm Spread

Provide network maps and role cards to small groups; one student starts as 'infected' and follows rules for virus (needs file share) or worm (auto-spreads). Groups track infection paths over 10 rounds, then switch roles. Debrief differences in speed and control.

Differentiate between a virus, a worm, and ransomware based on their propagation and impact.

Facilitation TipFor the Virus vs Worm Spread simulation, prepare colored paper strips to represent infected files versus standalone network packets so students literally see the difference in propagation.

What to look forPresent students with three scenarios: one describing a virus spreading via email attachment, one a worm exploiting a network flaw, and one ransomware encrypting files. Ask: 'Which type of malware is described in each scenario? Justify your answers by explaining the key characteristics of each malware type and how it spreads.'

ApplyAnalyzeEvaluateCreateSocial AwarenessDecision-Making
Generate Complete Lesson

Activity 02

Case Study Analysis45 min · Small Groups

Case Study Rotation: Real Ransomware Attacks

Prepare stations with cases like WannaCry or Ryuk; groups rotate every 10 minutes to note entry methods, impacts, and prevention gaps. Each group presents one key lesson to the class. Compile class prevention checklist.

Analyze the effectiveness of antivirus software and firewalls in preventing malware infections.

Facilitation TipWhen running the Case Study Rotation, assign each case to a small group and rotate every eight minutes so all students process real ransomware timelines and impacts.

What to look forProvide students with a list of prevention methods (e.g., 'installing antivirus', 'updating software', 'clicking unknown links', 'using strong passwords', 'enabling firewall'). Ask them to categorize each as 'Effective Prevention', 'Ineffective/Risky', or 'Neutral' and briefly explain their reasoning for one item in each category.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Case Study Analysis30 min · Pairs

Pairs Challenge: Custom Security Strategy

Pairs list daily digital habits, identify malware risks, and design a five-step prevention plan using antivirus, firewalls, and behaviours. Test plans against scenarios provided. Share strongest ideas in whole-class vote.

Design a personal cybersecurity strategy to minimize the risk of malware exposure.

Facilitation TipDuring the Pairs Challenge, give pairs a blank network diagram and colored pens so they can map firewall rules, antivirus placement, and user behavior zones side by side.

What to look forAsk students to write down the single most important cybersecurity tip they learned today for preventing malware, and one question they still have about malware or prevention methods.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 04

Case Study Analysis25 min · Whole Class

Whole Class Debate: Tools vs Habits

Divide class into teams to argue if software tools or user habits prevent more infections. Present evidence from prior activities, then vote and discuss balanced strategies.

Differentiate between a virus, a worm, and ransomware based on their propagation and impact.

Facilitation TipIn the Whole Class Debate, assign one side to advocate for tools and the other for habits, then switch roles halfway so students experience both perspectives.

What to look forPresent students with three scenarios: one describing a virus spreading via email attachment, one a worm exploiting a network flaw, and one ransomware encrypting files. Ask: 'Which type of malware is described in each scenario? Justify your answers by explaining the key characteristics of each malware type and how it spreads.'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Teach malware by staging controlled infections rather than describing them. Research shows that when students manipulate simulations or dissect case studies, their misconceptions drop faster than with lectures alone. Avoid overwhelming students with too many prevention methods at once; instead, let them discover limits of each tool through targeted tests, then build layered defences step by step.

Students will confidently distinguish malware types by their spread methods and propose layered prevention plans that balance technical tools with safe habits. They will articulate why no single solution suffices and revise strategies based on new evidence.

Watch Out for These Misconceptions

  • During the Simulation Game: Virus vs Worm Spread, watch for students who assume both malware types spread automatically and require user action.

    Have students physically attach file icons to a 'user action' box for viruses and toss standalone packet tokens across the room for worms, then ask groups to explain why only the worms moved without human help.

  • During the Pairs Challenge: Custom Security Strategy, watch for students who think antivirus software catches every malware threat.

    Give each pair a mock 'zero-day infection' card they must place on their network diagram, then ask them to explain why their antivirus failed and what other layers they need.

  • During the Case Study Rotation: Real Ransomware Attacks, watch for students who believe malware only comes from illegal downloads.

    Point students to the case study email or website vector sections and ask them to trace the infection path back to user behaviour, then update their prevention maps accordingly.

Methods used in this brief

More in Network Topologies and Security

Introduction to Computer Networks

Students will explore the fundamental concepts of computer networks, including their purpose, types (LAN, WAN), and basic components.

2 methodologies

Architectures and Topologies

Comparing Star, Mesh, and Client-Server architectures in terms of cost, performance, and reliability.

2 methodologies

Wired and Wireless Network Technologies

Students will compare wired (Ethernet, fibre optic) and wireless (Wi-Fi, Bluetooth) network technologies, focusing on speed, security, and range.

2 methodologies

Protocols and the TCP/IP Layer

Understanding the function of HTTP, HTTPS, FTP, SMTP, and the four layer TCP/IP model.

2 methodologies

IP Addressing and DNS

Students will learn about IP addresses (IPv4, IPv6), MAC addresses, and the Domain Name System (DNS) for locating resources on a network.

2 methodologies