Credit: Pixabay/CC0 Public Domain
When it comes to cyber security, people are often seen as the weakest link, but new research suggests that people with a little help can do surprisingly effective work when identifying malware.
In a first-in-in-specs study, researchers from the Cheriton School of Computer Science of the University of Waterloo worked together with experts from the University of Guelph CyberSecurity to test how users, ranging from technical beginners to experts, respond to real-time legitimate and harmful software-down requests.
The study, “I am sorry I am run ‘: In-situ assessment of potential malware”appeared in the procedure of the 34th usenix Security Symposium.
“Most existing malware research analyzes ‘After Action’ reports, that is, research into what went wrong after a successful attack,” said Daniel Vogel, a professor of computer science at Waterloo, and co-author of the study. “Our study, with starting, intervening and expert users, is the first malware research that user strategies observed in real time.”
Three dozen participants received messages from fake colleagues in a Microsoft team-like environment, so that they can download and install different programs. Participants had full control over the question of whether they should install the software and could investigate their choices as they liked.
In the first test, users identified malware with 75% accuracy. Starting users were the same 68% of the time, while expert users achieved 81% accuracy.
“It was interesting how beginning users sometimes marked legitimate software such as malware because of a typo or bad interface design, but real malware missed when the indication was unusual system behavior, such as high use of the processor,” said Brandon Lit, a Ph.D. Student in Waterloo’s Cheriton School of Computer Science and the main author of the study.
In a second test round, the researchers gave participants an improved task manager, as well as instructions about which red flags, such as software that has access to a large number of files or network connections to other countries. With this modest support, the malware detection rate of the group increased to 80%.
“Just having a little information brings beginner users on the same footing with computer scientists,” said Lit. “Promoting critical thinking is one of the most important things we can do to increase security.”
More information:
Brandon Lit, et al. I am sorry I am run ‘: In-situ assessment of potential malware. www.usenix.org/system/files/co… r-prepub-678-lit.pdf
Provided by the University of Waterloo
Quote: You are better in spotting malware than you think, new study suggests (2025, 5 August) picked up on August 5, 2025 from https://techxplore.com/news/2025-08-yourre-malware.html
This document is subject to copyright. Apart from any fair trade for private study or research, no part may be reproduced without written permission. The content is only provided for information purposes.
#spotting #malware #study #suggests