The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user actions. Although there has been significant research on the technical aspects of malware attacks and defence, there has been much less research on how users interact with both malware and current malware defences. This article describes a field study designed to examine the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. In a fashion similar to medical studies that evaluate the efficacy of a particular treatment, our experiment aimed to assess the performance of AV software and the human risk factors of malware attacks. The 4-month study involved 50 home users who agreed to use laptops that were instrumented to monitor for possible malware attacks and gather data on user behaviour. This study provided some very interesting, non-intuitive insights into the efficacy of AV software and human risk factors. AV performance was found to be lower under real-life conditions compared to tests conducted in controlled conditions. Moreover, computer expertise, volume of network usage, and peer-to-peer activity were found to be significant correlates of malware attacks. We assert that this work shows the viability and the merits of evaluating security products, techniques, and strategies to protect systems through long-term field studies with greater ecological validity than can be achieved through other means.

Additional Metadata
Keywords Antivirus, Clinical trial, Computer security, Malware, Risk factors
Persistent URL dx.doi.org/10.1145/3210311
Journal ACM Transactions on Privacy and Security
Citation
Lalonde Lévesque, F. (Fanny), Chiasson, S, Somayaji, A. (Anil), & Fernandez, J.M. (José M.). (2018). Technological and human factors of malware attacks: A computer security clinical trial approach. ACM Transactions on Privacy and Security, 21(4). doi:10.1145/3210311