- Report finds people to spot malware with an 88% accuracy speed
- Additional tools like Task Manager can help them identify it even more
- There are still some pretty common misconceptions about certificates
A new report by researchers at the University of Guelph and the University of Waterloo has revealed a slight improvement in human detection of potential cyber security threats, but have warned that we are still missing too many signs.
The small study of 36 participants (split equally between basic, intermediate and advanced PC users) caused them to face six separate software samples, half of which included malware, with different levels of help.
Participants were already successfully scoring an 88% malware detection accuracy when faced with the potential threats, but this improved even more to 94% with the use of an improved task manager -interface showing details such as CPU use, networking activity and file access.
People are not so bad at detecting malware
Despite relatively strong detection, the researchers observed three important misconceptions.
Users often interpreted the UAC shield icon as a sign of security and also demonstrated a lack of understanding of digital certificates. They also noticed a coating in file names and interface aesthetics.
Users’ detection techniques varied depending on their experience levels, where basic users rely strongly on superficial signals such as icons, typos and aesthetics.
Intermediate users were able to improve their accuracy with additional system data, but advanced users often took a backward step of over -analyzing threats, led to false positive.
In this particular test, researchers were able to identify 25 separate secondary indicators used by users to determine whether something is a threat or not, on top of four primary indicators.
One of the limitations of the paper mentions the fact that the participants knew they were looking to identify malware-named victims downloading files from the Internet are not often so lucky to have a heads-up.
Still, the research is especially valuable for developers who can use the results to finish their software “to eradicate misunderstandings and improve security -related interfaces and notifications.”
