Abstract:
This article discusses a laboratory experiment that examined a user’s choice of when to update their devices and what components influenced their decisions. Software updates are often important, whether they provide enhanced security or patch vulnerabilities, usually they are released as a result of finding a distinct flaw. However, most user’s do not download updates immediately, which is the motivation for this investigation. Specifically, this experiment delves into three topics: the effect of individual experience, the effect of opportunity cost, and the impact of individual risk preference. The researchers created a system called the Repeated Protective Decision paradigm to create a mock decision making experiment based on security-related decisions. The researchers found that only around 30% of users chose updates immediately, while only 50% totally ever chose to update their devices. Even the simulation of an attack on their device did not incentivize downloading updates in a timely manner. Essentially the researchers concluded that users tend to under weigh the probability of an attack on their device, so they opt out of taking updates as it is seen as a use of valuable time. Ultimately, more communication about the severity and plausibility of software attacks is necessary.
Author:
Prashanth Rajivan, Efrat Aharonov-Majar, Cleotilde Gonzalez