Security issues often occur when there are disconnects between users understanding of their role in computer security and what is expected of them. To help users make better security decisions, we need insights into the daily challenges users face. We have developed the Security Behavior Observatory (SBO), a panel of participants consenting to our observing their daily computing behavior, so that we can understand what constitutes insecure behavior. By combining qualitative user interviews with quantitative system measurements from the SBO, we propose to undertake several studies that aim to precisely qualify what constitutes risky behavior. More specifically, we want to determine what are the specific actions users take that result in an insecure system, and why users undertake these actions in the first place. Ultimately, a better understanding of how users get infected could inform future policies towards unwanted software distribution, and can help us design more effective user-centered mitigations.