Study: IT-Savvy Users Infected More Often Than Noobs

Discussion in 'malware problems & news' started by MrBrian, Jan 18, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://slashdot.org/topic/datacenter/it-savvy-users-infected-more-often-than-noobs/:
     
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    PDF link

    Small sample sets, both users and malware sample used and do they account for risk averseness/propensity due to the AV chosen?
    An AV relying much on features like vigorous url-(cloud)scanning/site-reputation scores, will perhaps lead to different behaviour than a AV relying less on such specific features.
     
    Last edited: Jan 18, 2014
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Apparently future field tests will include more users and various AV. It would also be great to see how some of the setups used here at Wilders would fare.

    I'm surprised that this is apparently the first such field test ever conducted.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,068
    When it comes to noobs it all depends on how "brave" the user is. My parents started to use computer few years ago. I installed only AV to see how long till system gets compromised. Few years later and all is running well with no incidents so far. It's true that they only use email and visit familiar sites. So I guess infection doesn't happen just by itself...

    Regards, hqsec
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Related info: According to the latest Microsoft Security Intelligence Report, "On average, about 17.0 percent of computers worldwide encountered malware each quarter in 1H12, as reported by Microsoft security products." This is the malware exposure rate, not the infection rate.
     
  6. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    There is a difference between computer savvy and security savvy.
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I know I'm being evil by saying this, but the fact that they agreed to install a keylogger on their computer shows that they don't have too much interest in the security of their own systems :D And then, there is the issue of them being only 50, but who's counting, anyway? :rolleyes:
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,068
    I agree with that. I have few friends who are computer savvy but don't care about security much.

    Regards, hqsec
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    The study proves nothing surprising. It's called the "Law of Exposure".

    The Law of Exposure states, what you expose yourself to dramatically shapes how you think, feel and act.

    hxxp://authenticityassociates.com/programming-your-mind-for-success/
     
  10. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    It's not even as complex as that. IT people are more likely to get into things than the normal average person. I'm surprised they needed to do a study.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That is very odd.

    Over my entire computing lifetime, only ~1% of my machines have ever been infected.

    Including VMs, I have about 20 machines that I use fairly regularly, and none of them have ever been infected :) But then, only two of them are running Windows, and I use them very carefully.

    I bet that all of their test laptops were running Windows, and that subjects weren't allowed to install Linux.
     
  12. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    They mentioned all systems are Windows 7 HP

     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It doesn't mention that in the Slashdot article.

    And even so, 20% infected during a test seems implausible.

    Maybe their "savvy users" were used to Linux, or highly-secured Windows, and weren't encouraged and/or allowed to properly secure the test laptops.

    If I'd been part of their study, I'd have installed VirtualBox, some pfSense VPN client VMs, and done all of my serious work in Crunchbang VMs :)

    So "savvy users" are more into gambling and porn?

    Seriously?
     
  14. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Seems to me the killer factor here is probably overconfidence: "Yes,I know what I'm doing, I won't get infected." Bitter experience tells me that PEBKAC is not limited to novices.

    ... OTOH, did anyone actually define what "tech-savvy" meant in this study? Because if we don't have a sensible definition of that, we're getting nowhere fast.
     
  15. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Amen.
    Double amen.
    Sometimes what you expose yourself to dramatically shapes the amount of time you will be spending behind bars.
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Based on the above, I'm assuming that they weren't allowed to modify the security package or the PCs configuration. I see they used the home version which takes away some of the more effective mitigations that would otherwise be available. Without being able to talk to the participants, it can't be determined what restrictions they were under. The laptops were also provided to them so there was no risk to their own equipment. IMO, this experiment was designed to provoke unsafe behavior since there was no real risk. The "tech savvy" knew where to find risky sites and had nothing to lose by installing questionable applications. The experiment is slanted with the intent of producing just those results.
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From the paper:
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Indeed. This is just BS. It's absurd to think that "savvy users" would ever use such a setup.

    What this study actually demonstrates is how insecure their setup is.

    More interesting would be knowing how the "savvy users" nuked and configured those laptops after the study, and what their infection rates were thereafter ;)
     
  19. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    While I don't doubt that there would be a number of 'savvy' users, who because of their knowledge, and or, expertise may engage in riskier online behavior resulting in infections, I have a hard time swallowing this scenario would be prevalent for the majority. Ignorance, recklessness, and or, stupidity, are far larger factors, IMO.
     
  20. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Savvy users get infected because they overestimate their abilities.

    Non-savvy users get infected because they think the internet is nothing more than a playground.

    Malware authors do not discriminate. They swing both ways.

    Security people find it fun to come up with sensationalist theories and headlines.

    I, being the honest person I am, tell you the truth. :p
     
  21. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I only got infected once because i was handling a highly contagious material on my system. Something one would make equal to handling of Ebola virus in your home kitchen...
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  23. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Sounds likely to me, for example, I know very well I'm at necessarily higher risk because I'm doing software development, and that often requires loading software or environments that are actively hostile to security! These days, I do that in VMs with rollback etc, but didn't used to.

    We also have the situation where sys admins are specific targets of advanced attacks, so have to be doubly vigilant.

    I tend to groan at the assumption that even the denizens of this place, suspicious and aware though they may be, will be immune to all the social engineering threats - it only takes one weak moment. I did this recently (well protected) on an email attachment - shameful, but I did!

    Having said all that, the infections I've had on the systems I look after has all been noobs, which is why I've hardened their systems to avoid rebuild.
     
  24. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From On the Effectiveness of Risk Prediction Based on Users Browsing Behavior:
    Download: hxxp://www.eurecom.fr/en/publication/4252/download/rs-publi-4252.pdf .
     
Loading...