Experimental large-scale review of attractors for detection of potentially unwanted applications

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F18%3A00102440" target="_blank" >RIV/00216224:14330/18:00102440 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/pii/S0167404818301640" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404818301640</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.cose.2018.02.017" target="_blank" >10.1016/j.cose.2018.02.017</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Experimental large-scale review of attractors for detection of potentially unwanted applications

Popis výsledku v původním jazyce

While malicious software (malware) is designed to disrupt or damage computer systems, potentially unwanted applications (PUAs) combine useful features with less desirable ones, such as adware or spyware. Unlike anti-malware solutions, removing PUAs can be controversial, for both the PUA owners and also the users who might wish to accept the PUA features. Thus, solutions for removing PUAs require users to make their removal decisions. In this paper we investigate the effectiveness of 15 screen variants that use different ``security warning attractors'' designed to encourage users to enable PUA detection when they are installing a security software solution from the online security software company ESET. Our live field study with close to 750,000 software installations by end users in 222 countries shows that a small change of switching the order of the options presented using radio buttons and offering the ``enable detection'' option first was the most effective (and was later set as the option of choice by ESET). The chosen approach led to a significant reduction of non-consenting users from 17.9% to 11.1%. Other features, such as the use of colours and pictorials, which have previously demonstrated their effectiveness with more traditional SSL security warnings, did not yield significant improvements for enabling PUA detection.

Název v anglickém jazyce

Experimental large-scale review of attractors for detection of potentially unwanted applications

Popis výsledku anglicky

While malicious software (malware) is designed to disrupt or damage computer systems, potentially unwanted applications (PUAs) combine useful features with less desirable ones, such as adware or spyware. Unlike anti-malware solutions, removing PUAs can be controversial, for both the PUA owners and also the users who might wish to accept the PUA features. Thus, solutions for removing PUAs require users to make their removal decisions. In this paper we investigate the effectiveness of 15 screen variants that use different ``security warning attractors'' designed to encourage users to enable PUA detection when they are installing a security software solution from the online security software company ESET. Our live field study with close to 750,000 software installations by end users in 222 countries shows that a small change of switching the order of the options presented using radio buttons and offering the ``enable detection'' option first was the most effective (and was later set as the option of choice by ESET). The chosen approach led to a significant reduction of non-consenting users from 17.9% to 11.1%. Other features, such as the use of colours and pictorials, which have previously demonstrated their effectiveness with more traditional SSL security warnings, did not yield significant improvements for enabling PUA detection.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computers & Security

ISSN

0167-4048

e-ISSN

1872-6208

Svazek periodika

76

Číslo periodika v rámci svazku

July

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

9

Strana od-do

92-100

Kód UT WoS článku

000437967300006

EID výsledku v databázi Scopus

2-s2.0-85044165007