The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses. In this paper we describe a proof-of-concept field study designed to examine the interactions between users, anti-virus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

Additional Metadata
Keywords anti-virus evaluation, clinical trial, field study, malware infection, risk factors, user behavior
Persistent URL
Conference 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
Lalonde Levesque, F. (Fanny), Nsiempba, J. (Jude), Fernandez, J.M. (José M.), Chiasson, S, & Somayaji, A. (2013). A clinical study of risk factors related to malware infections. Presented at the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013. doi:10.1145/2508859.2516747