First clinical study of computer security

Dec 16, 2013
This is Polytechnique student Fanny Lalonde Lévesque, who is writing her master's thesis on this project, and Professor José Fernandez. Credit: Polytechnique Montréal

Installing computer security software, updating applications regularly and making sure not to open emails from unknown senders are just a few examples of ways to reduce the risk of infection by malicious software, or "malware". However, even the most security-conscious users are open to attack through unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of poor user choices.

"The reality is that successful malware attacks depend on both technological and human factors," says Professor José Fernandez. "Although there has been significant research on the technical aspects, there has been much less on and how it affects malware and defence measures. As a result, no one at the present time can really say how important these factors are. For example, are users who are older and less computer-savvy more open to infection?" It is therefore necessary to take a closer look at the impact that both technological and have on the success or failure of protective mechanisms.

To answer this type of question, Prof. Fernandez and his team drew inspiration from the clinical trial method to design the first-ever study applied to . In a fashion similar to medical studies that evaluate the effectiveness of a particular treatment, their experiment was aimed at assessing the performance of anti-virus software and the likelihood that participants' computers would become infected with malware. The four-month study involved 50 subjects who agreed to use laptops that were instrumented to monitor possible infections and gather data on user behaviour. "Analyzing the data allowed us not only to identify which users were most at risk, based on their characteristics and behaviour, but also to measure the effectiveness of various protective measures," says Polytechnique student Fanny Lalonde Lévesque, who is writing her master's thesis on this project.

This pilot study provided some very interesting results on the effectiveness of computer defences and the risk factors for infection. For example, 38% of the users' computers were exposed to and 20% were infected, despite the fact that they were all protected by the same anti-virus product, which was updated regularly. With regard to the users themselves, there did not seem to be any significant difference in exposure rates between men and women. In addition, the most technically sophisticated users turned out to be the group most at risk… This result may seem counter-intuitive, as it contradicts the opinion of some computer experts who argue that people should have a kind of "Internet license" before going online. "The results of this study provide some intriguing insights. Are these 'expert' users at higher risk because of a false sense of security, or because they are naturally curious and therefore more risk-tolerant? Further research is needed to understand the causes of this phenomenon, so that we can better educate and raise awareness among users," says Professor Fernandez. In the future, this type of study will help provide scientific data to support decision-making on security management, education, regulation and even computer security insurance. A second phase, which will involve hundreds of over a period of several months, is already being prepared.

The initial results of this experiment were presented at the ACM Conference on Computer and Communications Security (CCS), which took place November in 2013 in Berlin, Germany.

Explore further: Security researcher discovers badBIOS malware that jumps using microphone and speakers

Provided by Polytechnique Montréal

3 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Malware bites

Aug 15, 2013

Antivirus software running on your computer has one big weak point - if a new virus is released before the antivirus provider knows about it or before the next scheduled antivirus software update, your system can be infected. ...

Mac computers not immune to malware

Mar 15, 2013

The biggest vulnerability to Macintosh computers is the belief among their devoted users that Apple's superior operating system makes them immune to malware, experts say.

Koobface computer virus gang unmasked

Jan 17, 2012

Online security researchers claimed Tuesday to have identified the members of a Russian gang of cyber criminals behind the Koobface computer virus which has attacked Facebook and other sites.

Recommended for you

Japan firm showcases Bat-Signal of the future

13 minutes ago

A free-floating image created by firing lasers into thin air was unveiled in Japan on Monday, offering the possibility one day of projecting messages into a cloudless sky, as seen in Batman.

Kickstarter suspends privacy router campaign

38 minutes ago

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

New iPad cellular models have Apple SIM flexibility

Oct 19, 2014

Cellular-enabled iPad models are under a new paradigm, said AppleInsider, regarding the Apple SIM. Apple's newest iPad models with cellular connectivity use a SIM card which tech sites said could eventually ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

sinha_pushkar
not rated yet Dec 17, 2013
I am in full agreement of this statement "that people should have a kind of "Internet license" before going online". No Anti Virus alone can safeguard a person from all types of malware attacks, phishing, spoofing or the latest DNS attacks, which are the most severe of cyber crime these days and many individuals are falling prey to them.