Feb. 25, 2015
Installing security-relevant software updates is one of the best computer protection mechanisms available to end users. Unfortunately, users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the decisions users make about installing future security updates. As many as 70% of computers worldwide are running old versions of Java, a common target of attack. In this presentation I will talk about my research into why users choose to not update their software, and what can be done about it. I report on a multi-factor study where we investigated why users choose to not update software. We interviewed users and analysed the logs on their computers. We found that the default automatic update behaviour of Windows did not always match users' intentions, sometimes causing users to be more secure than they intended, sometimes less. Non-security components of updates, such as user interface changes, also impacted users' willingness to update software. About the speaker: Dr. Kami Vaniea is an Assistant Professor at Indiana University's School of Informatics and Computing. She obtained her PhD in Computer Science from Carnegie Mellon University where she was a member of the Cylab Usable Privacy and Security group working in the areas of computer security and human computer interaction. Her research interests are in how people manage access to digital items and information. Her work examines how people interact with security technologies, and explores how to best design security technologies that support users and improve security.
