{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T19:08:27Z","timestamp":1768417707970,"version":"3.49.0"},"reference-count":50,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,7,12]],"date-time":"2018-07-12T00:00:00Z","timestamp":1531353600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003151","name":"Fonds de Recherche du Qu\u00e9bec - Nature et Technologies","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003151","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,11,30]]},"abstract":"<jats:p>The success (or failure) of malware attacks depends upon both technological and human factors. The most security-conscious users are susceptible to unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of user actions. Although there has been significant research on the technical aspects of malware attacks and defence, there has been much less research on how users interact with both malware and current malware defences.<\/jats:p>\n          <jats:p>This article describes a field study designed to examine the interactions between users, antivirus (AV) software, and malware as they occur on deployed systems. In a fashion similar to medical studies that evaluate the efficacy of a particular treatment, our experiment aimed to assess the performance of AV software and the human risk factors of malware attacks. The 4-month study involved 50 home users who agreed to use laptops that were instrumented to monitor for possible malware attacks and gather data on user behaviour. This study provided some very interesting, non-intuitive insights into the efficacy of AV software and human risk factors. AV performance was found to be lower under real-life conditions compared to tests conducted in controlled conditions. Moreover, computer expertise, volume of network usage, and peer-to-peer activity were found to be significant correlates of malware attacks. We assert that this work shows the viability and the merits of evaluating security products, techniques, and strategies to protect systems through long-term field studies with greater ecological validity than can be achieved through other means.<\/jats:p>","DOI":"10.1145\/3210311","type":"journal-article","created":{"date-parts":[[2018,7,13]],"date-time":"2018-07-13T16:08:17Z","timestamp":1531498097000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Technological and Human Factors of Malware Attacks"],"prefix":"10.1145","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4117-1389","authenticated-orcid":false,"given":"Fanny Lalonde","family":"L\u00e9vesque","sequence":"first","affiliation":[{"name":"\u00c9cole Polytechnique de Montr\u00e9al, Montreal, QC, Canada"}]},{"given":"Sonia","family":"Chiasson","sequence":"additional","affiliation":[{"name":"Carleton University, ON, Canada"}]},{"given":"Anil","family":"Somayaji","sequence":"additional","affiliation":[{"name":"Carleton University, ON, Canada"}]},{"given":"Jos\u00e9 M.","family":"Fernandez","sequence":"additional","affiliation":[{"name":"\u00c9cole Polytechnique de Montr\u00e9al, Montreal, QC, Canada"}]}],"member":"320","published-online":{"date-parts":[[2018,7,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659651.2659730"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the Virus Bulletin International Conference.","author":"Blackbird J.","unstructured":"J. Blackbird and B. Pfeifer . 2013. The global impact of anti-malware protection state on infection rates . In Proceedings of the Virus Bulletin International Conference. J. Blackbird and B. Pfeifer. 2013. The global impact of anti-malware protection state on infection rates. In Proceedings of the Virus Bulletin International Conference."},{"key":"e_1_2_1_4_1","first-page":"400","article-title":"On-line activities, guardianship, and malware infection: An examination of routine activities theory","volume":"3","author":"Bossler Adam M.","year":"2009","unstructured":"Adam M. Bossler and Thomas J. Holt . 2009 . On-line activities, guardianship, and malware infection: An examination of routine activities theory . Int. J. Cyber Criminol. 3 , 1 (2009), 400 . Adam M. Bossler and Thomas J. Holt. 2009. On-line activities, guardianship, and malware infection: An examination of routine activities theory. Int. J. Cyber Criminol. 3, 1 (2009), 400.","journal-title":"Int. J. Cyber Criminol."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590347"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2008.30"},{"key":"e_1_2_1_7_1","volume-title":"Proceedings of the ASPLOS Exascale Evaluation and Research Techniques Workshop.","author":"Dumitras Tudor","year":"2011","unstructured":"Tudor Dumitras . 2011 . Field data available at Symantec research labs: The worldwide intelligence network environment (WINE) . In Proceedings of the ASPLOS Exascale Evaluation and Research Techniques Workshop. Tudor Dumitras. 2011. Field data available at Symantec research labs: The worldwide intelligence network environment (WINE). In Proceedings of the ASPLOS Exascale Evaluation and Research Techniques Workshop."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/WATeR.2013.6707875"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2841113.2841115"},{"key":"e_1_2_1_10_1","unstructured":"Eurostat. 2011. Nearly one-third of internet users in the EU27 caught a computer virus. Retrieved from http:\/\/ec.europa.eu\/eurostat\/documents\/2995521\/5028026\/4-07022011-AP-EN.PDF\/22c742a6-9a3d-456d-bedc-f91deb15481b.  Eurostat. 2011. Nearly one-third of internet users in the EU27 caught a computer virus. Retrieved from http:\/\/ec.europa.eu\/eurostat\/documents\/2995521\/5028026\/4-07022011-AP-EN.PDF\/22c742a6-9a3d-456d-bedc-f91deb15481b."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2600176.2600200"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(10)70147-1"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the National Information Systems Security Conference.","author":"Gordon S.","unstructured":"S. Gordon and R. Ford . 1996. Real-world anti-virus product reviews and evaluations: The current state of affairs . In Proceedings of the National Information Systems Security Conference. S. Gordon and R. Ford. 1996. Real-world anti-virus product reviews and evaluations: The current state of affairs. In Proceedings of the National Information Systems Security Conference."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2004.10.015"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2009.03.002"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 18th Virus Bulletin International Conference. 199--207","author":"Harley D.","unstructured":"D. Harley and A. Lee . 2008. Who will test the testers . In Proceedings of the 18th Virus Bulletin International Conference. 199--207 . D. Harley and A. Lee. 2008. Who will test the testers. In Proceedings of the 18th Virus Bulletin International Conference. 199--207."},{"key":"e_1_2_1_17_1","unstructured":"International Secure Systems Lab. 2013. Anubis malware analysis for unknown binaries. Retrieved from https:\/\/anubis.iseclab.org\/.  International Secure Systems Lab. 2013. Anubis malware analysis for unknown binaries. Retrieved from https:\/\/anubis.iseclab.org\/."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177124"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 20th Virus Bulletin International Conference.","author":"Kosinar P.","unstructured":"P. Kosinar , J. Malcho , R. Marko , and D. Harley . 2010. AV testing exposed . In Proceedings of the 20th Virus Bulletin International Conference. P. Kosinar, J. Malcho, R. Marko, and D. Harley. 2010. AV testing exposed. In Proceedings of the 20th Virus Bulletin International Conference."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572536"},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test. USENIX Association.","author":"L\u00e9vesque Fanny Lalonde","unstructured":"Fanny Lalonde L\u00e9vesque and Jos\u00e9 M. Fernandez . 2014. Computer security clinical trials: Lessons learned from a 4-month pilot study . In Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test. USENIX Association. Fanny Lalonde L\u00e9vesque and Jos\u00e9 M. Fernandez. 2014. Computer security clinical trials: Lessons learned from a 4-month pilot study. In Proceedings of the 7th USENIX Conference on Cyber Security Experimentation and Test. USENIX Association."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/HCI2017.48"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 26th Virus Bulletin International Conference. 25--33","author":"L\u00e9vesque Fanny Lalonde","year":"2016","unstructured":"Fanny Lalonde L\u00e9vesque , Jos\u00e9 M. Fernandez , Dennis Batchelder , and Glaucia Young . 2016 . Are they real? Real-life comparative tests of anti-virus products . In Proceedings of the 26th Virus Bulletin International Conference. 25--33 . Fanny Lalonde L\u00e9vesque, Jos\u00e9 M. Fernandez, Dennis Batchelder, and Glaucia Young. 2016. Are they real? Real-life comparative tests of anti-virus products. In Proceedings of the 26th Virus Bulletin International Conference. 25--33."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2014.6999412"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516747"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2015.7413690"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the Virus Bulletin International Conference. 301--306","author":"Lee Martin","year":"2012","unstructured":"Martin Lee . 2012 . Who\u2019s next? Identifying risks factors for subjects of targeted attacks . In Proceedings of the Virus Bulletin International Conference. 301--306 . Martin Lee. 2012. Who\u2019s next? Identifying risks factors for subjects of targeted attacks. In Proceedings of the Virus Bulletin International Conference. 301--306."},{"key":"e_1_2_1_29_1","volume-title":"Proceedinsg of the Workshop on Usable Security (USEC\u201912)","author":"L\u00e9vesque Fanny Lalonde","unstructured":"Fanny Lalonde L\u00e9vesque , C. R. Davis , J. M. Fernandez , S. Chiasson , and A. Somayaji . 2012. Methodology for a field study of anti-malware software . In Proceedinsg of the Workshop on Usable Security (USEC\u201912) . LNCS, 80--85. Fanny Lalonde L\u00e9vesque, C. R. Davis, J. M. Fernandez, S. Chiasson, and A. Somayaji. 2012. Methodology for a field study of anti-malware software. In Proceedinsg of the Workshop on Usable Security (USEC\u201912). LNCS, 80--85."},{"key":"e_1_2_1_30_1","volume-title":"Proceedings of the 22th Virus Bulletin International Conference. 87--94","author":"L\u00e9vesque Fanny Lalonde","unstructured":"Fanny Lalonde L\u00e9vesque , C. R. Davis , J. M. Fernandez , and A. Somayaji . 2012. Evaluating antivirus products with field studies . In Proceedings of the 22th Virus Bulletin International Conference. 87--94 . Fanny Lalonde L\u00e9vesque, C. R. Davis, J. M. Fernandez, and A. Somayaji. 2012. Evaluating antivirus products with field studies. In Proceedings of the 22th Virus Bulletin International Conference. 87--94."},{"key":"e_1_2_1_31_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Maier Gregor","unstructured":"Gregor Maier , Anja Feldmann , Vern Paxson , Robin Sommer , and Matthias Vallentin . 2011. An assessment of overt malicious activity manifest in residential networks . In Detection of Intrusions and Malware, and Vulnerability Assessment . Springer , 144--163. Gregor Maier, Anja Feldmann, Vern Paxson, Robin Sommer, and Matthias Vallentin. 2011. An assessment of overt malicious activity manifest in residential networks. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 144--163."},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the 9th Annual European Institute for Computer Antivirus Research Conference. 218--253","author":"Marx Andreas","year":"2000","unstructured":"Andreas Marx . 2000 . A guideline to anti-malware-software testing . In Proceedings of the 9th Annual European Institute for Computer Antivirus Research Conference. 218--253 . Andreas Marx. 2000. A guideline to anti-malware-software testing. In Proceedings of the 9th Annual European Institute for Computer Antivirus Research Conference. 218--253."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1745-6606.2009.01148.x"},{"key":"e_1_2_1_34_1","volume-title":"Virus Bulletin Conference.","author":"Muttik Igor","year":"2008","unstructured":"Igor Muttik and James Vignoles . 2008 . Rebuilding anti-malware testing for the future . In Virus Bulletin Conference. Igor Muttik and James Vignoles. 2008. Rebuilding anti-malware testing for the future. In Virus Bulletin Conference."},{"key":"e_1_2_1_35_1","first-page":"773","article-title":"Cybercrime victimization: An examination of individual and situational level factors","volume":"5","author":"Ngo Fawn T.","year":"2011","unstructured":"Fawn T. Ngo and Raymond Paternoster . 2011 . Cybercrime victimization: An examination of individual and situational level factors . Int. J. Cyber Criminol. 5 , 1 (2011), 773 -- 793 . Fawn T. Ngo and Raymond Paternoster. 2011. Cybercrime victimization: An examination of individual and situational level factors. Int. J. Cyber Criminol. 5, 1 (2011), 773--793.","journal-title":"Int. J. Cyber Criminol."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025831"},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201912)","author":"Onarlioglu Kaan","year":"2012","unstructured":"Kaan Onarlioglu , Utku Ozan Yilmaz , Engin Kirda , and Davide Balzarotti . 2012 . Insights into user behavior in dealing with internet attacks . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201912) . Kaan Onarlioglu, Utku Ozan Yilmaz, Engin Kirda, and Davide Balzarotti. 2012. Insights into user behavior in dealing with internet attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201912)."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2890509"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1177\/0022427811425539"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.5120\/11480-7108"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753383"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201909)","author":"Somayaji A.","unstructured":"A. Somayaji , Y. Li , H. Inoue , J. M. Fernandez , and R. Ford . 2009. Evaluating security products with clinical trials . In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201909) . A. Somayaji, Y. Li, H. Inoue, J. M. Fernandez, and R. Ford. 2009. Evaluating security products with clinical trials. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET\u201909)."},{"key":"e_1_2_1_45_1","volume-title":"Real-World malware statistics: October\/November","year":"2009","unstructured":"SurfRight. 2009. Real-World malware statistics: October\/November 2009 . Retrieved from http:\/\/files.surfright.nl\/reports\/HitmanPro3-RealWorldStatistics-OctNov2009.pdf. SurfRight. 2009. Real-World malware statistics: October\/November 2009. Retrieved from http:\/\/files.surfright.nl\/reports\/HitmanPro3-RealWorldStatistics-OctNov2009.pdf."},{"key":"e_1_2_1_46_1","unstructured":"Symantec Corporation. 2012. Internet security threat report 2011 trends. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_2011_21239364.en-us.pdf.  Symantec Corporation. 2012. Internet security threat report 2011 trends. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_2011_21239364.en-us.pdf."},{"key":"e_1_2_1_47_1","unstructured":"The WildList Organization International. 2017. The WildList. Retrieved from https:\/\/www.wildlist.org\/.  The WildList Organization International. 2017. The WildList. Retrieved from https:\/\/www.wildlist.org\/."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47854-7_2"},{"key":"e_1_2_1_49_1","unstructured":"Trend Micro. 2012. Website classification. Retrieved from http:\/\/solutionfile.trendmicro.com\/solutionfile\/Consumer\/new-web-classification.html.  Trend Micro. 2012. Website classification. Retrieved from http:\/\/solutionfile.trendmicro.com\/solutionfile\/Consumer\/new-web-classification.html."},{"key":"e_1_2_1_50_1","unstructured":"Virus Total. 2013. Virus total. Retrieved from https:\/\/www.virustotal.com.  Virus Total. 2013. Virus total. Retrieved from https:\/\/www.virustotal.com."},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the European Institute for Computer Antivirus Research Annual Conference (EICAR\u201910)","author":"Vrabec J.","unstructured":"J. Vrabec and D. Harley . 2010. Real performance? In Proceedings of the European Institute for Computer Antivirus Research Annual Conference (EICAR\u201910) . J. Vrabec and D. Harley. 2010. Real performance? In Proceedings of the European Institute for Computer Antivirus Research Annual Conference (EICAR\u201910)."},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660330"},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the 23rd Virus Bulletin International Conference.","author":"Zwienenberg Righard","year":"2013","unstructured":"Righard Zwienenberg , Richard Ford , and Thomas Wegele . 2013 . The real-time threat list . In Proceedings of the 23rd Virus Bulletin International Conference. Righard Zwienenberg, Richard Ford, and Thomas Wegele. 2013. The real-time threat list. In Proceedings of the 23rd Virus Bulletin International Conference."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3210311","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3210311","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:13Z","timestamp":1750208893000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3210311"}},"subtitle":["A Computer Security Clinical Trial Approach"],"short-title":[],"issued":{"date-parts":[[2018,7,12]]},"references-count":50,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,11,30]]}},"alternative-id":["10.1145\/3210311"],"URL":"https:\/\/doi.org\/10.1145\/3210311","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,12]]},"assertion":[{"value":"2017-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}