Malware is a serious problem for users, who become affected as a result of the decisions they make online. This paper presents a study examining mental models related to malware and regular software, in hopes of finding clues to that will help us understand what users know about malware, and what we can do to help them make better decisions online. The study involved two drawing tasks, where participants were asked to draw their understanding of how a word processor and malware work, respectively. Several concerning patterns emerged. Participants seemed to regard malware as a fundamentally different kind of entity than regular software. They make black-and-white distinctions between malware and regular software in terms of whether the software is helpful or harmful, who the software serves, and who controls it. Finally, participants showed lesser knowledge of malware compared to regular software.

Additional Metadata
Keywords cybersecurity, malware, mental models
Persistent URL dx.doi.org/10.1109/PST47121.2019.8949030
Conference 17th International Conference on Privacy, Security and Trust, PST 2019
Citation
Spero, E. (Eric), Stojmenovic, M. (Milica), Hassanzadeh, Z. (Zahra), Chiasson, S, & Biddle, R. (2019). Mixed Pictures: Mental Models of Malware. In 2019 17th International Conference on Privacy, Security and Trust, PST 2019 - Proceedings. doi:10.1109/PST47121.2019.8949030