{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:16:45Z","timestamp":1750220205681,"version":"3.41.0"},"reference-count":25,"publisher":"Association for Computing Machinery (ACM)","issue":"9","license":[{"start":{"date-parts":[[2022,8,19]],"date-time":"2022-08-19T00:00:00Z","timestamp":1660867200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1629973,CNS-1705050"],"award-info":[{"award-number":["CNS-1629973,CNS-1705050"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000180","name":"Department of Homeland Security","doi-asserted-by":"crossref","award":["AFRL-FA8750-18-2-0087"],"award-info":[{"award-number":["AFRL-FA8750-18-2-0087"]}],"id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2022,9]]},"abstract":"<jats:p>Users are encouraged to adopt a wide array of technologies and behaviors to reduce their security risk. However, the adoption of these \"best practices,\" ranging from the use of antivirus products to keeping software updated, is not well understood, nor is their practical impact on security risk well established. To explore these issues, we conducted a large-scale measurement of 15,000 computers over six months. We use passive monitoring to infer and characterize the prevalence of various security practices as well as a range of other potentially security-relevant behaviors. We then explore the extent to which differences in key security behaviors impact the real-world outcomes (i.e., that a device shows clear evidence of having been compromised).<\/jats:p>","DOI":"10.1145\/3547133","type":"journal-article","created":{"date-parts":[[2022,8,19]],"date-time":"2022-08-19T16:17:42Z","timestamp":1660925862000},"page":"93-102","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Measuring security practices"],"prefix":"10.1145","volume":"65","author":[{"given":"Louis F.","family":"DeKoven","sequence":"first","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Audrey","family":"Randall","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ariana","family":"Mirian","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gautam","family":"Akiwate","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ansel","family":"Blume","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lawrence K.","family":"Saul","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aaron","family":"Schulman","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Geoffrey M.","family":"Voelker","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Savage","sequence":"additional","affiliation":[{"name":"University of California, San Diego, CA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,8,19]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Update your iPhone, iPad, or iPod touch","author":"Apple","year":"2018","unstructured":"Apple . Update your iPhone, iPad, or iPod touch , 2018 . https:\/\/support.apple.com\/en-us\/HT204204. Apple. Update your iPhone, iPad, or iPod touch, 2018. https:\/\/support.apple.com\/en-us\/HT204204."},{"key":"e_1_2_1_2_1","volume-title":"The FFX mode of operation for format-preserving encryption. Manuscript (standards proposal) submitted to NIST","author":"Bellare M.","year":"2010","unstructured":"Bellare , M. , Rogaway , P. The FFX mode of operation for format-preserving encryption. Manuscript (standards proposal) submitted to NIST ( 2010 ). Bellare, M., Rogaway, P. The FFX mode of operation for format-preserving encryption. Manuscript (standards proposal) submitted to NIST (2010)."},{"doi-asserted-by":"publisher","key":"e_1_2_1_3_1","DOI":"10.1145\/3133956.3134022"},{"doi-asserted-by":"publisher","key":"e_1_2_1_4_1","DOI":"10.1145\/2590296.2590347"},{"key":"e_1_2_1_5_1","volume-title":"The best free password manager","author":"Marshall C.","year":"2019","unstructured":"Marshall , C. , Ellis , C. The best free password manager 2019 , 2018. https:\/\/www.techradar.com\/news\/software\/applications\/the-best-password-manager-1325845. Marshall, C., Ellis, C. The best free password manager 2019, 2018. https:\/\/www.techradar.com\/news\/software\/applications\/the-best-password-manager-1325845."},{"key":"e_1_2_1_6_1","volume-title":"Mozilla Thunderbird Vulnerability Statistics","author":"Details","year":"2019","unstructured":"CVE Details . Mozilla Thunderbird Vulnerability Statistics , 2019 . https:\/\/www.cvedetails.com\/product\/3678\/?q=Thunderbird. CVE Details. Mozilla Thunderbird Vulnerability Statistics, 2019. https:\/\/www.cvedetails.com\/product\/3678\/?q=Thunderbird."},{"key":"e_1_2_1_7_1","volume-title":"Enigmail---OpenPGP encryption for Thunderbird","author":"The Enigmail Project","year":"2019","unstructured":"The Enigmail Project . Enigmail---OpenPGP encryption for Thunderbird , 2019 . https:\/\/www.enigmail.net\/index.php\/en\/home. The Enigmail Project. Enigmail---OpenPGP encryption for Thunderbird, 2019. https:\/\/www.enigmail.net\/index.php\/en\/home."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS)","author":"Forget A.","year":"2016","unstructured":"Forget , A. , Pearman , S. , Thomas , J. , Acquisti , A. , Christin , N. , Cranor , L.F. , Egelman , S. , Harbach , M. , Telang , R. Do or do not, there is no try: User engagement may not improve security outcomes . In Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS) ( Denver, CO, USA , June 2016 ). Forget, A., Pearman, S., Thomas, J., Acquisti, A., Christin, N., Cranor, L.F., Egelman, S., Harbach, M., Telang, R. Do or do not, there is no try: User engagement may not improve security outcomes. In Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS) (Denver, CO, USA, June 2016)."},{"doi-asserted-by":"publisher","key":"e_1_2_1_9_1","DOI":"10.1007\/978-0-387-21606-5"},{"doi-asserted-by":"publisher","key":"e_1_2_1_10_1","DOI":"10.1145\/1719030.1719050"},{"doi-asserted-by":"publisher","key":"e_1_2_1_11_1","DOI":"10.1002\/0471722146"},{"key":"e_1_2_1_12_1","volume-title":"IAB Tech Lab Content Taxonomy","author":"IAB.","year":"2019","unstructured":"IAB. IAB Tech Lab Content Taxonomy , 2019 . https:\/\/www.iab.com\/guidelines\/iab-tech-lab-content-taxonomy\/. IAB. IAB Tech Lab Content Taxonomy, 2019. https:\/\/www.iab.com\/guidelines\/iab-tech-lab-content-taxonomy\/."},{"doi-asserted-by":"publisher","key":"e_1_2_1_13_1","DOI":"10.1109\/MILCOM.2012.6415869"},{"key":"e_1_2_1_14_1","volume-title":"Microsoft update catalog","author":"Microsoft","year":"2019","unstructured":"Microsoft . Microsoft update catalog , 2019 . https:\/\/www.catalog.update.microsoft.com\/Home.aspx. Microsoft. Microsoft update catalog, 2019. https:\/\/www.catalog.update.microsoft.com\/Home.aspx."},{"key":"e_1_2_1_15_1","volume-title":"Public suffix list website","author":"Mozilla Foundation","year":"2019","unstructured":"Mozilla Foundation . Public suffix list website , 2019 . https:\/\/publicsuffix.org\/. Mozilla Foundation. Public suffix list website, 2019. https:\/\/publicsuffix.org\/."},{"key":"e_1_2_1_16_1","volume-title":"The best antivirus protection for","author":"Rubenking N.J.","year":"2019","unstructured":"Rubenking , N.J. The best antivirus protection for 2019 , 2019. https:\/\/www.pcmag.com\/article2\/0,2817,2372364,00.asp. Rubenking, N.J. The best antivirus protection for 2019, 2019. https:\/\/www.pcmag.com\/article2\/0,2817,2372364,00.asp."},{"key":"e_1_2_1_17_1","volume-title":"ET Pro Ruleset","author":"ProofPoint","year":"2019","unstructured":"ProofPoint . ET Pro Ruleset , 2019 . https:\/\/www.proofpoint.com\/us\/threat-insight\/et-pro-ruleset. ProofPoint. ET Pro Ruleset, 2019. https:\/\/www.proofpoint.com\/us\/threat-insight\/et-pro-ruleset."},{"doi-asserted-by":"publisher","key":"e_1_2_1_18_1","DOI":"10.1145\/3025453.3025673"},{"doi-asserted-by":"publisher","key":"e_1_2_1_19_1","DOI":"10.1109\/SP.2019.00014"},{"doi-asserted-by":"publisher","key":"e_1_2_1_20_1","DOI":"10.1109\/MSP.2017.3681050"},{"doi-asserted-by":"publisher","key":"e_1_2_1_21_1","DOI":"10.1145\/3025453.3025926"},{"doi-asserted-by":"publisher","key":"e_1_2_1_22_1","DOI":"10.1145\/3243734.3243779"},{"doi-asserted-by":"publisher","key":"e_1_2_1_23_1","DOI":"10.1145\/3025453.3025509"},{"key":"e_1_2_1_24_1","volume-title":"IAB categories","author":"Webshrinker","year":"2018","unstructured":"Webshrinker . IAB categories , 2018 . https:\/\/docs.webshrinker.com\/v3\/iab-website-categories.html#iab-categories. Webshrinker. IAB categories, 2018. https:\/\/docs.webshrinker.com\/v3\/iab-website-categories.html#iab-categories."},{"key":"e_1_2_1_25_1","volume-title":"Webshrinker website","author":"Webshrinker","year":"2019","unstructured":"Webshrinker . Webshrinker website , 2019 . https:\/\/www.webshrinker.com\/. Webshrinker. Webshrinker website, 2019. https:\/\/www.webshrinker.com\/."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3547133","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3547133","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3547133","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:02:55Z","timestamp":1750186975000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3547133"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,19]]},"references-count":25,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2022,9]]}},"alternative-id":["10.1145\/3547133"],"URL":"https:\/\/doi.org\/10.1145\/3547133","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"type":"print","value":"0001-0782"},{"type":"electronic","value":"1557-7317"}],"subject":[],"published":{"date-parts":[[2022,8,19]]},"assertion":[{"value":"2022-08-19","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}