- The report finds humans to detect malware with a precision rate of 88%
- Additional tools such as task manager can help them identify even more
- There are still some quite common erroneous concepts surrounding certificates
A new report by researchers at the University of Guelph and the University of Waterloo has discovered a slight improvement in human detection of possible cybersecurity threats, but warned that we are still missing too many signs.
The small study of 36 participants (equally divided between basic, intermediate and advanced PC users) made them face six separate software samples, half of which included malware, with different levels of assistance.
Participants have already successfully obtained an 88% malware detection precision when they face possible threats, but this improved even more than 94% with the use of improved task administrator interface, which shows details such as the use of the CPU, network activity and access to files.
Humans are not so bad to detect malware
Despite the relatively strong detection, the researchers observed three key wrong concepts.
Users commonly misunderstood the UAC shield icon as a sign of security while demonstrating a lack of understanding of digital certificates. They also noticed a triumph in file names and interface aesthetics.
User detection techniques varied according to their experience levels, with basic users that depend largely on surface signals such as icons, typographic and aesthetic errors.
Intermediate users were able to improve their precision with additional system data, but advanced users often took a step back when analyzing excessive threats, which leads to false positives.
In this particular test, researchers were able to identify 25 separate secondary indicators that users use to determine if something is a threat or not, in addition to four main indicators.
One of the limitations of the article mentions the fact that the participants knew they were looking to identify malware: the unsuspecting victims who download files from the web are often not so lucky to have a notice.
Even so, research is especially valuable for developers, who can use the findings to adjust their software “to eradicate erroneous concepts and improve interfaces and notifications related to security.”
