A Clinical Study of Risk Factors Related to Malware Infections

Author(s): Fanny Lalonde Lévesque, Jude Nsiempba, José M. Fernandez, Sonia Chiasson, Anil Somayaji
Venue: International Conference on Software Engineering
Date: November 2013

Type of Experiement: Case Study
Sample Size: 50
Class/Experience Level: Undergraduate Student, Graduate Student, Professional
Participant Selection: responded to posters and newspaper advertisements on university campus
Data Collection Method: Observation


This paper conducted a field study to examine the interactions between users, antivirus software, and malware. It sought to evaluate how these interactions may correlate as risk factors for infections. In examining on how users play a role in malware infestation, the authors conducted a field study involving 50 subjects whose laptops monitored possible infections and gathered user interaction data. An interest in anti-virus programs is also of interest as to how they evolved to combat the trending infections of today.

The factors in which malware can penetrate an environment not only depend on the machine, but also the network that connects it to the rest of the world and the user that interacts with it. The field study involving 50 students and workers were separated and chosen by a distributed demographic. Its goals were to "develop an effective methodology for evaluating anti-virus products", determine and identify malware infections and their sources, and identify the factors which affect the likelihood of a system infection. The study looked at how the students were using their machines, including: browser, visited websites, and applications installed. The study additionally looked at the students themselves, measuring factors which may impact the chances of malware infestation such as their: computer expertise, gender, status (employed/unemployed), and work/domain.

The results collected after a 4 month period showed that 20% of users were infected while 38% of users got exposed to threats caught my anti-virus programs. Some user demographic also played a significant part in infestation probability, such as domain/work, although age, gender, and computer expertise did not play a part.