Abstract
Anti-malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anti-Malware Testing Standards Organization: AMTSO testability guidelines. Tech. rep. (May 2011), http://www.amtso.org/documents.html
Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., Fisher, B.: Towards understanding it security professionals and their tools. In: ACM Symposium on Usable Privacy and Security (SOUPS). ACM (2007)
Brostoff, S., Sasse, M.: Are Passfaces more usable than passwords? A field trial investigation. In: British Human-Computer Interaction Conference (HCI) (2000)
Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: ACM Symposium on Usable Privacy and Security (SOUPS) (2007)
De Luca, A., Langheinrich, M., Hussmann, H.: Towards understanding ATM security: a field study of real world ATM use. In: ACM Symposium on Usable Privacy and Security (SOUPS) (2010)
Florencio, D., Herley, C.: A large-scale study of WWW password habits. In: ACM World Wide Web Conference (WWW) (2007)
Gordon, S., Ford, R.: Real world anti-virus product reviews and evaluations - the current state of affairs. In: 19th National Information Systems Security Conference (NISSC) (1996)
Harley, D., Lee, A.: Who will test the testers? In: 18th Virus Bulletin International Conference (2008)
Košinár, P., Malcho, J., Marko, R., Harley, D.: AV testing exposed. In: 20th Virus Bulletin International Conference (2010)
Rode, J.A.: Digital parenting: designing children’s safety. In: British HCI Conference (BCS-HCI) (2009)
Somayaji, A., Li, Y., Inoue, H., Fernandez, J.M., Ford, R.: Evaluating security products with clinical trials. In: Workshop on Cyber Security Experimentation and Test (CSET) (2009)
Stone-Gross, B., Abman, R., Kemmerer, R.A., Kruegel, C.: The underground economy of fake antivirus software. In: Workshop on the Economics of Information Security (WEIS) (2011)
Vrabec, J., Harley, D.: Real performance? In: EICAR Annual Conference (2010)
Wash, R.: Folk models of home computer security. In: ACM Symposium on Usable Privacy and Security (SOUPS) (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lalonde Lévesque, F., Davis, C.R., Fernandez, J.M., Chiasson, S., Somayaji, A. (2012). Methodology for a Field Study of Anti-malware Software. In: Blyth, J., Dietrich, S., Camp, L.J. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-34638-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34637-8
Online ISBN: 978-3-642-34638-5
eBook Packages: Computer ScienceComputer Science (R0)