PDF link Small sample sets, both users and malware sample used and do they account for risk averseness/propensity due to the AV chosen? An AV relying much on features like vigorous url-(cloud)scanning/site-reputation scores, will perhaps lead to different behaviour than a AV relying less on such specific features.
Apparently future field tests will include more users and various AV. It would also be great to see how some of the setups used here at Wilders would fare. I'm surprised that this is apparently the first such field test ever conducted.
When it comes to noobs it all depends on how "brave" the user is. My parents started to use computer few years ago. I installed only AV to see how long till system gets compromised. Few years later and all is running well with no incidents so far. It's true that they only use email and visit familiar sites. So I guess infection doesn't happen just by itself... Regards, hqsec
Related info: According to the latest Microsoft Security Intelligence Report, "On average, about 17.0 percent of computers worldwide encountered malware each quarter in 1H12, as reported by Microsoft security products." This is the malware exposure rate, not the infection rate.
I know I'm being evil by saying this, but the fact that they agreed to install a keylogger on their computer shows that they don't have too much interest in the security of their own systems And then, there is the issue of them being only 50, but who's counting, anyway?
I agree with that. I have few friends who are computer savvy but don't care about security much. Regards, hqsec
The study proves nothing surprising. It's called the "Law of Exposure". The Law of Exposure states, what you expose yourself to dramatically shapes how you think, feel and act. hxxp://authenticityassociates.com/programming-your-mind-for-success/
It's not even as complex as that. IT people are more likely to get into things than the normal average person. I'm surprised they needed to do a study.
That is very odd. Over my entire computing lifetime, only ~1% of my machines have ever been infected. Including VMs, I have about 20 machines that I use fairly regularly, and none of them have ever been infected But then, only two of them are running Windows, and I use them very carefully. I bet that all of their test laptops were running Windows, and that subjects weren't allowed to install Linux.
It doesn't mention that in the Slashdot article. And even so, 20% infected during a test seems implausible. Maybe their "savvy users" were used to Linux, or highly-secured Windows, and weren't encouraged and/or allowed to properly secure the test laptops. If I'd been part of their study, I'd have installed VirtualBox, some pfSense VPN client VMs, and done all of my serious work in Crunchbang VMs So "savvy users" are more into gambling and porn? Seriously?
Seems to me the killer factor here is probably overconfidence: "Yes,I know what I'm doing, I won't get infected." Bitter experience tells me that PEBKAC is not limited to novices. ... OTOH, did anyone actually define what "tech-savvy" meant in this study? Because if we don't have a sensible definition of that, we're getting nowhere fast.
Amen. Double amen. Sometimes what you expose yourself to dramatically shapes the amount of time you will be spending behind bars.
Based on the above, I'm assuming that they weren't allowed to modify the security package or the PCs configuration. I see they used the home version which takes away some of the more effective mitigations that would otherwise be available. Without being able to talk to the participants, it can't be determined what restrictions they were under. The laptops were also provided to them so there was no risk to their own equipment. IMO, this experiment was designed to provoke unsafe behavior since there was no real risk. The "tech savvy" knew where to find risky sites and had nothing to lose by installing questionable applications. The experiment is slanted with the intent of producing just those results.
Indeed. This is just BS. It's absurd to think that "savvy users" would ever use such a setup. What this study actually demonstrates is how insecure their setup is. More interesting would be knowing how the "savvy users" nuked and configured those laptops after the study, and what their infection rates were thereafter
While I don't doubt that there would be a number of 'savvy' users, who because of their knowledge, and or, expertise may engage in riskier online behavior resulting in infections, I have a hard time swallowing this scenario would be prevalent for the majority. Ignorance, recklessness, and or, stupidity, are far larger factors, IMO.
Savvy users get infected because they overestimate their abilities. Non-savvy users get infected because they think the internet is nothing more than a playground. Malware authors do not discriminate. They swing both ways. Security people find it fun to come up with sensationalist theories and headlines. I, being the honest person I am, tell you the truth.
I only got infected once because i was handling a highly contagious material on my system. Something one would make equal to handling of Ebola virus in your home kitchen...
Sounds likely to me, for example, I know very well I'm at necessarily higher risk because I'm doing software development, and that often requires loading software or environments that are actively hostile to security! These days, I do that in VMs with rollback etc, but didn't used to. We also have the situation where sys admins are specific targets of advanced attacks, so have to be doubly vigilant. I tend to groan at the assumption that even the denizens of this place, suspicious and aware though they may be, will be immune to all the social engineering threats - it only takes one weak moment. I did this recently (well protected) on an email attachment - shameful, but I did! Having said all that, the infections I've had on the systems I look after has all been noobs, which is why I've hardened their systems to avoid rebuild.
From On the Effectiveness of Risk Prediction Based on Users Browsing Behavior: Download: hxxp://www.eurecom.fr/en/publication/4252/download/rs-publi-4252.pdf .
