Software updates are critical to the performance, compatibility, and security of software systems. However, users do not always install updates, leaving their machines vulnerable to attackers’ exploits. While recent studies have highlighted numerous reasons why users ignore updates, little is known about how prevalent each of these beliefs is. Gaining a better understanding of the prevalence of each belief may help software designers better target their efforts in understanding what specific user concerns to address when developing and deploying software updates. In our study, we performed a survey to quantify the prevalence of users’ reasons for not updating uncovered by previous studies.We used this data to derive three factors underlying these beliefs:update costs, update necessity, and update risks. Based on our results, we provide recommendations for how software developers can better improve users’ software updating experiences, thereby increasing compliance and, with it, security.
People’s Choice Award!
Arunesh Mathur, Nathan Malkin, Marian Harbach, Eyal Peer, and Serge Egelman. Quantifying Users’ Beliefs about Software Updates. In Proceedings of the NDSS Workshop on Usable Security (USEC ’18). Internet Society, 2018.