Credit: Public Pixabay / CC0 domain
Regarding cybersecurity, humans are often considered the weakest link, but new research suggests that with a little help, people can do surprisingly effective work to identify malware.
In a first study of its kind, researchers from the Cheriton School of Computer Science from the University of Waterloo have joined forces with cybersecurity experts from Guelph to test the way users, ranging from technological novices to experts, can respond to requests for downloading legitimate and malicious software in real time in a simulated office.
The study, “I regret that I struck run”: in situ assessment of potential malicious software “, appeared in the acts of the 34th Usenix Security Symposium.
“Most existing malware analyzes analyze the reports according to action, that is to say investigations on what went wrong after a successful attack,” said Daniel Vogel, a computer teacher in Waterloo, and co-author of the study. “Our study, which presented novice, intermediaries and experts, is the first malicious research to observe user strategies in real time.”
Three dozen participants received messages from false colleagues in a Microsoft type environment, encouraging them to download and install various programs. Participants had total control over the opportunity to install the software and could look for their choices, but they liked it.
In the initial trial, users have identified malware with a precision of 75%. Novice users were right 68% of the time, while expert users reached 81% precision.
“It was interesting to see how novice users sometimes reported legitimate software as malware due to a typo or poor interface design, but missed real malware when the index was a behavior of the unusual system, such as high use of the processor,” said Brandon Lit, a doctorate. Student of the Cheriton School of Computer Science of Waterloo and the main author of the study.
During a second series of tests, the researchers provided participants with an improved task manager, as well as instructions on red flags to search, such as software access to a large number of files or network connections to other countries. With this modest support, the group’s malware detection rate has increased to 80%.
“The simple fact of having a little information puts beginner users up to computer scientists,” said Lit. “The promotion of critical thinking is one of the most important things we can do to increase security.”
More information:
Brandon reads, et al. I regret having struck Run ‘: in situ assessment of potential malicious software. www.usenix.org/system/files/co… r–Prepub-678-lit.pdf
Supplied by the University of Waterloo
Quote: You are better to spot malware that you think, does not suggest a new study (2025, August 5) recovered on August 5, 2025
This document is subject to copyright. In addition to any fair program for private or research purposes, no part can be reproduced without written authorization. The content is provided only for information purposes.