Why people delay software updates, despite the risks

It turned out, the attack could have been avoided if people had applied a software update Microsoft had issued just weeks before the attack. The update fixed the vulnerability that the attackers had exploited, but many chose to delay implementing it.

"Understanding what drives people to delay a software update-an important protective action because they fix bugs that attackers can exploit-would be a step toward preventing such cyberattacks," says CyLab's Cleotilde Gonzalez, a professor in the department of Social and Decision Sciences at Carnegie Mellon University.

In a study published in the latest issue of the Journal of Cybersecurity, Gonzalez and her co-authors found that the time-cost of updates and individuals' risk preferences have a significant impact on whether or not a user applies a software update, and how long it takes them to do so.

The researchers created a simulation in which participants posed as investors for 20 periods of 10 days, with each simulated "day" consisting of either making an investment decision or applying a software update to their computer. In the real world, users often can't perform their primary task while also processing a software update, so they have to choose one and delay the other.

In the simulation, the investment decision-the primary task of an investor-was to decide between a "safe" investment that earned them 2 points or a "risky" investment that earned them either 0 or 4 points with equal probability.

"By counting the number of risky choices, we can determine how risk-taking people are," says Gonzalez.

Alternatively, participants could forgo their primary task of investing in order to apply a security update to their computers. Eighty-five percent of the time, the update cost 10 points, akin to an update process requiring some amount of time and disrupting a user's primary task. Otherwise, the update cost 0 points, akin to the update process occurring overnight or some other time when a user's primary task would not be disrupted.

After either investing or applying a security update, participants learned whether or not they experienced a security failure. A security failure resulted in a loss of 100 points, and applying an update would reduce the probability of a security failure from 3 percent to 1 percent. After making these decisions 200 times-simulating 200 days as an investor-participants were compensated based on the number of points they had accumulated.

Even though the best decision in terms of optimizing points was to apply a security update in the first day of each period, many people delayed. The results showed that participants updated only 54 percent of the time, and 65 percent of those updates were delayed. Both the risk preference and the cost of the update played relatively equal roles in driving participants to delay the security updates.

Given the prominence of security update delays, many participants experienced security failures. But did they learn their lesson? Yes and no.

"If a participant suffered a security failure, they almost always applied a security update the next day," says Gonzalez. "But that behavior usually decayed over time, and participants would fall back to their old habits."

Given these results, the researchers suggest that companies should come up with ways to incentivize users-or at least reduce the time and effort costs-to apply security updates as soon as they're available.

"Make it easier. Make it simpler. Make it cheaper," says Gonzalez. "A big influence in the decisions we make are the incentives we have to make those decisions. Reducing the cost-not only the monetary cost but also time and effort-that helps."

Website search

Recently updated

ESET Smart Security Premium ESET Smart Security Premium Advanced protection system for your PC that relies on a robust antivirus engine, providing secure online transactions, webcam protection, and an integrated password manager
Norton Security Norton Security Actively protects you from viruses, spam, identity theft and social media dangers and tracks virtually every file on the Internet
ZoneAlarm Anti-Ransomware ZoneAlarm Anti-Ransomware A security tool specifically designed to fight against ransomware attacks, preventing threats from reaching your computer and locking your files

Software News

May 24
Digital or manual? Bluetooth or GPS? Centralized or decentralized?
May 21
Mark July 17 on your calendars because it's going to be busy. It will feel a little like Christmas in the summer with two big titles scheduled for release on that day.
May 20
Norwegian tech experts said Wednesday that a government app released to help trace the spread of the new coronavirus in the country, did not sufficiently protect personal "privacy."
May 20
France, which has long been sceptical of the growing power of US tech titans, is seeking to bypass Apple and Google for a smartphone app to help trace people infected with the novel coronavirus.
May 19
Some 126 million people are playing "Minecraft" monthly and more than 200 million copies of the building and exploration game have been sold as online play surges during the pandemic.
May 18
Public concern over the use of smartphone location tracking (SLT) could jeopardize governments' efforts to slow the spread of COVID-19 using surveillance technologies.
May 18
The Australian government's contact-tracing app, COVIDSafe, has been touted as crucial for restarting the country's economy and curbing COVID-19's spread.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.