Software updates: decisions and security implications
Kami Vaniea - Indiana University
Feb 25, 2015Size: 181.3MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractInstalling security-relevant software updates is one of the best computer protection mechanisms available to end users. Unfortunately, users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates (such as user interface changes) can impact the decisions users make about installing future security updates. As many as 70% of computers worldwide are running old versions of Java, a common target of attack. In this presentation I will talk about my research into why users choose to not update their software, and what can be done about it. I report on a multi-factor study where we investigated why users choose to not update software. We interviewed users and analysed the logs on their computers. We found that the default automatic update behaviour of Windows did not always match users' intentions, sometimes causing users to be more secure than they intended, sometimes less. Non-security components of updates, such as user interface changes, also impacted users' willingness to update software.
About the SpeakerDr. Kami Vaniea is an Assistant Professor at Indiana University's School of Informatics and Computing. She obtained her PhD in Computer Science from Carnegie Mellon University where she was a member of the Cylab Usable Privacy and Security group working in the areas of computer security and human computer interaction. Her research interests are in how people manage access to digital items and information. Her work examines how people interact with security technologies, and explores how to best design security technologies that support users and improve security.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.