First clinical study of computer security conducted at Polytechnique Montreal

December 16, 2013

Montreal, December 16, 2013 - Installing computer security software, updating applications regularly and making sure not to open emails from unknown senders are just a few examples of ways to reduce the risk of infection by malicious software, or "malware". However, even the most security-conscious users are open to attack through unknown vulnerabilities, and even the best security mechanisms can be circumvented as a result of poor user choices.

"The reality is that successful malware attacks depend on both technological and human factors," says Professor José Fernandez. "Although there has been significant research on the technical aspects, there has been much less on human behaviour and how it affects malware and defence measures. As a result, no one at the present time can really say how important these factors are. For example, are users who are older and less computer-savvy more open to infection?" It is therefore necessary to take a closer look at the impact that both technological and human factors have on the success or failure of protective mechanisms.

To answer this type of question, Prof. Fernandez and his team drew inspiration from the clinical trial method to design the first-ever study applied to computer security. In a fashion similar to medical studies that evaluate the effectiveness of a particular treatment, their experiment was aimed at assessing the performance of anti-virus software and the likelihood that participants' computers would become infected with malware. The four-month study involved 50 subjects who agreed to use laptops that were instrumented to monitor possible infections and gather data on user behaviour. "Analyzing the data allowed us not only to identify which users were most at risk, based on their characteristics and behaviour, but also to measure the effectiveness of various protective measures," says Polytechnique student Fanny Lalonde Lévesque, who is writing her master's thesis on this project.

This pilot study provided some very interesting results on the effectiveness of computer defences and the risk factors for infection. For example, 38% of the users' computers were exposed to malware and 20% were infected, despite the fact that they were all protected by the same anti-virus product, which was updated regularly. With regard to the users themselves, there did not seem to be any significant difference in exposure rates between men and women. In addition, the most technically sophisticated users turned out to be the group most at risk... This result may seem counter-intuitive, as it contradicts the opinion of some computer experts who argue that people should have a kind of "Internet license" before going online. "The results of this study provide some intriguing insights. Are these 'expert' users at higher risk because of a false sense of security, or because they are naturally curious and therefore more risk-tolerant? Further research is needed to understand the causes of this phenomenon, so that we can better educate and raise awareness among users," says Professor Fernandez. In the future, this type of study will help provide scientific data to support decision-making on security management, education, regulation and even computer security insurance. A second phase, which will involve hundreds of users over a period of several months, is already being prepared.

The initial results of this experiment were presented at the ACM Conference on Computer and Communications Security (CCS), which took place November in 2013 in Berlin, Germany.
-end-
This research was carried out with the financial support of the Natural Sciences and Engineering Research Council of Canada Internetworked Systems Security Network (NSERC ISSNet), Trend Micro and MITACS.

About Polytechnique Montréal

Founded in 1873, Polytechnique Montréal is one of Canada's leading engineering teaching and research institutions. It is the largest engineering university in Québec for the size of its graduate student body and the scope of its research activities. With over 41,400 graduates, Polytechnique Montréal has educated nearly one-quarter of the current members of the Ordre des ingénieurs du Québec. Polytechnique provides training in 15 engineering specialties, has 248 professors and more than 7,500 students. It has an annual operating budget of over $200 million, including an $82-million research budget.

Source and information:

Annie Touchette
Senior Communications Advisor
Polytechnique Montréal
T. 514 340-4415
C. 514 231-8133
annie.touchette@polymtl.ca

Polytechnique Montréal

Related Infection Articles from Brightsurf:

Halving the risk of infection following surgery
New analysis by the University of Leeds and the University of Bern of more than 14,000 operations has found that using alcoholic chlorhexidine gluconate (CHG) halves the risk of infection in certain types of surgery when compared to the more commonly used povidone-iodine (PVI).

How plants shut the door on infection
A new study by an international team including University of Maryland scientists has discovered the key calcium channel responsible for closing plant pores as an immune response to pathogen exposure.

Sensing infection, suppressing regeneration
UIC researchers describe an enzyme that blocks the ability of blood vessel cells to self-heal.

Boost to lung immunity following infection
The strength of the immune system in response to respiratory infections is constantly changing, depending on the history of previous, unrelated infections, according to new research from the Crick.

Is infection after surgery associated with increased long-term risk of infection, death?
Whether experiencing an infection within the first 30 days after surgery is associated with an increased risk of another infection and death within one year was the focus of this observational study that included about 660,000 veterans who underwent major surgery.

Revealed: How E. coli knows how to cause the worst possible infection
The discovery could one day let doctors prevent the infection by allowing E. coli to pass harmlessly through the body.

UK study shows most patients with suspected urinary tract infection and treated with antibiotics actually lack evidence of this infection
New research presented at this week's European Congress of Clinical Microbiology & Infectious Diseases (ECCMID) in Amsterdam, Netherlands (April 13-16, 2019) shows that only one third of patients that enter the emergency department with suspected urinary tract infection (UTI) actually have evidence of this infection, yet almost all are treated with antibiotics, unnecessarily driving the emergence of antimicrobial resistance.

Bacteria in urine doesn't always indicate infection
Doctors should think carefully before testing patients for a urinary tract infection (UTI) to avoid over-diagnosis and unnecessary antibiotic treatment, according to updated asymptomatic bacteriuria (ASB) guidelines released by the Infectious Diseases Society of America (IDSA) and published in Clinical Infectious Diseases.

Subsidies for infection control to healthcare institutions help reduce infection levels
Researchers compared three types of infection control subsidies and found that under a limited budget, a dollar-for-dollar matching subsidy, in which policymakers match hospital spending for infection control measures, was the most effective at reducing the number of hospital-acquired infections.

Dengue virus infection may cause severe outcomes following Zika virus infection during pregnancy
This study is the first to report a possible mechanism for the enhancement of Zika virus progression during pregnancy in an animal model.

Read More: Infection News and Infection Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.