CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Software updates: decisions and security implications

Kami Vaniea

Kami Vaniea - Indiana University

Feb 25, 2015

Size: 181.3MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


Installing security-relevant software updates is one of the best computer protection mechanisms available to end users. Unfortunately, users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the decisions users make about installing future security updates. As many as 70% of computers worldwide are running old versions of Java, a common target of attack. In this presentation I will talk about my research into why users choose to not update their software, and what can be done about it. I report on a multi-factor study where we investigated why users choose to not update software. We interviewed users and analysed the logs on their computers. We found that the default automatic update behaviour of Windows did not always match users' intentions, sometimes causing users to be more secure than they intended, sometimes less. Non-security components of updates, such as user interface changes, also impacted users' willingness to update software.

About the Speaker

Dr. Kami Vaniea is an Assistant Professor at Indiana University's School of Informatics and Computing. She obtained her PhD in Computer Science from Carnegie Mellon University where she was a member of the Cylab Usable Privacy and Security group working in the areas of computer security and human computer interaction. Her research interests are in how people manage access to digital items and information. Her work examines how people interact with security technologies, and explores how to best design security technologies that support users and improve security.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.