Why people delay software updates, despite the risks

It turned out, the attack could have been avoided if people had applied a software update Microsoft had issued just weeks before the attack. The update fixed the vulnerability that the attackers had exploited, but many chose to delay implementing it.

"Understanding what drives people to delay a software update-an important protective action because they fix bugs that attackers can exploit-would be a step toward preventing such cyberattacks," says CyLab's Cleotilde Gonzalez, a professor in the department of Social and Decision Sciences at Carnegie Mellon University.

In a study published in the latest issue of the Journal of Cybersecurity, Gonzalez and her co-authors found that the time-cost of updates and individuals' risk preferences have a significant impact on whether or not a user applies a software update, and how long it takes them to do so.

The researchers created a simulation in which participants posed as investors for 20 periods of 10 days, with each simulated "day" consisting of either making an investment decision or applying a software update to their computer. In the real world, users often can't perform their primary task while also processing a software update, so they have to choose one and delay the other.

In the simulation, the investment decision-the primary task of an investor-was to decide between a "safe" investment that earned them 2 points or a "risky" investment that earned them either 0 or 4 points with equal probability.

"By counting the number of risky choices, we can determine how risk-taking people are," says Gonzalez.

Alternatively, participants could forgo their primary task of investing in order to apply a security update to their computers. Eighty-five percent of the time, the update cost 10 points, akin to an update process requiring some amount of time and disrupting a user's primary task. Otherwise, the update cost 0 points, akin to the update process occurring overnight or some other time when a user's primary task would not be disrupted.

After either investing or applying a security update, participants learned whether or not they experienced a security failure. A security failure resulted in a loss of 100 points, and applying an update would reduce the probability of a security failure from 3 percent to 1 percent. After making these decisions 200 times-simulating 200 days as an investor-participants were compensated based on the number of points they had accumulated.

Even though the best decision in terms of optimizing points was to apply a security update in the first day of each period, many people delayed. The results showed that participants updated only 54 percent of the time, and 65 percent of those updates were delayed. Both the risk preference and the cost of the update played relatively equal roles in driving participants to delay the security updates.

Given the prominence of security update delays, many participants experienced security failures. But did they learn their lesson? Yes and no.

"If a participant suffered a security failure, they almost always applied a security update the next day," says Gonzalez. "But that behavior usually decayed over time, and participants would fall back to their old habits."

Given these results, the researchers suggest that companies should come up with ways to incentivize users-or at least reduce the time and effort costs-to apply security updates as soon as they're available.

"Make it easier. Make it simpler. Make it cheaper," says Gonzalez. "A big influence in the decisions we make are the incentives we have to make those decisions. Reducing the cost-not only the monetary cost but also time and effort-that helps."

Website search

Recently updated

IObit Malware Fighter IObit Malware Fighter Quickly remove existing ransomware infections as well as new infection attempts. Updated to work for all known variants of WannaCry
Emsisoft Anti-Malware Emsisoft Anti-Malware Comprehensive computer protection that will block malware through three different layers: behavior blocker, surf protection and file guard
UnHackMe UnHackMe Remove a variety of malware, including Trojans, potentially unwanted programs and rootkits, test Windows shortcuts and look for junk files with this app

Software News

Apr 8
Facebook quietly launched an app that lets couples chat together.
Apr 8
McGill researchers are turning to video games to harness the power of citizen scientists in order to map the gut microbiome.
Apr 7
With many stuck in their homes as cities around the world try to reduce transmission of COVID-19, people are turning to games as a way to communicate, create a sense of community in the virtual world, and stave off boredom.
Apr 6
Video games have always been a source of solace in tough times for Rosemary Kelley.
Apr 6
Zoom CEO Eric Yuan says the video conferencing service will forgo work on any new features over the next 90 days to focus on upgrading and bolstering the online platform's security and privacy protections.
Apr 4
What does British Prime Minister Boris Johnson have in common with virtual happy hour celebrants and thousands of students around the world?
Apr 3
Google has announced a change to its Arts & Culture app-now, instead of just searching for paintings that resemble selfies, users can have their photographs reinterpreted as if they had been painted by a famous artist. ...

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.