Paper Info
Title
Control and Understanding in Malware and Legitimate Software
Abstract
This paper presents a study examining mental models of malware and regular software, in search of deep misunderstandings about malware and software which can be used in the design of new software and educational material. The study involved both a questionnaire, and two diagramming exercises. We decided to use a diagramming exercise because it is an effective medium for expressing spatial information which is important to mental models, and can get lost in verbal reports. Ours is the first study to examine mental models of malware using this technique. For the diagramming tasks, participants were asked to draw their understanding of how a word processor and malware work, respectively. Several key patterns emerged. General knowledge about malware, shown in the questionnaire responses was reasonable, but the deeper understanding of how malware functions, shown in the drawings, was concerning. Participants showed lesser knowledge of malware compared to regular software, and they seemed to regard malware as a fundamentally different kind of entity than regular software. They made black-and-white distinctions between malware and regular software in terms of whether the software is helpful or harmful, who the software serves, and who controls it. We discuss how these findings relate to decision-making online, and suggest that it might be beneficial to increase support for the control users have over their software. We speculate this might better equip users to make safe decisions surrounding software, thereby decreasing the effectiveness of malware.
Year
DOI
Venue
2019
10.1109/eCrime47957.2019.9037597
2019 APWG Symposium on Electronic Crime Research (eCrime)
Keywords
DocType
ISSN
cybersecurity,malware,mental models
Conference
2159-1237
ISBN
Citations 
PageRank 
978-1-7281-6384-0
0
0.34
References 
Authors
0
4
Name
Order
Citations
PageRank
Eric Spero112.41
Milica Stojmenovic200.34
Sonia Chiasson391958.49
Robert Biddle452845.50