The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Kami Vaniea - Indiana University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

Software updates: decisions and security implications

Feb 25, 2015

Download: Video Icon MP4 Video Size: 181.3MB  
Watch on Youtube Watch on YouTube


Installing security-relevant software updates is one of the best computer protection mechanisms available to end users. Unfortunately, users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the decisions users make about installing future security updates. As many as 70% of computers worldwide are running old versions of Java, a common target of attack. In this presentation I will talk about my research into why users choose to not update their software, and what can be done about it. I report on a multi-factor study where we investigated why users choose to not update software. We interviewed users and analysed the logs on their computers. We found that the default automatic update behaviour of Windows did not always match users' intentions, sometimes causing users to be more secure than they intended, sometimes less. Non-security components of updates, such as user interface changes, also impacted users' willingness to update software.

About the Speaker

Kami Vaniea
Dr. Kami Vaniea is an Assistant Professor at Indiana University's School of Informatics and Computing. She obtained her PhD in Computer Science from Carnegie Mellon University where she was a member of the Cylab Usable Privacy and Security group working in the areas of computer security and human computer interaction. Her research interests are in how people manage access to digital items and information. Her work examines how people interact with security technologies, and explores how to best design security technologies that support users and improve security.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!