Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences

Authors: 

Rick Wash, Emilee Rader, Kami Vaniea, and Michelle Rizor, Michigan State University

Abstract: 

When security updates are not installed, or installed slowly, end users are at an increased risk for harm. To improve security, software designers have endeavored to remove the user from the software update loop. However, user involvement in software updates remains necessary; not all updates are wanted, and required reboots can negatively impact users. We used a multi-method approach to collect interview, survey, and computer log data from 37 Windows 7 users. We compared what the users think is happening on their computers (interview and survey data), what users want to happen on their computer (interview and survey data), and what was actually going on (log data). We found that 28 out of our 37 participants had a misunderstanding about what was happening on their computer, and that over half of the participants could not execute their intentions for computer management.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {185292,
author = {Rick Wash and Emilee Rader and Kami Vaniea and Michelle Rizor},
title = {Out of the Loop: How Automated Software Updates Cause Unintended Security Consequences},
booktitle = {10th Symposium On Usable Privacy and Security ({SOUPS} 2014)},
year = {2014},
isbn = {978-1-931971-13-3},
address = {Menlo Park, CA},
pages = {89--104},
url = {https://www.usenix.org/conference/soups2014/proceedings/presentation/wash},
publisher = {{USENIX} Association},
month = jul,
}
Download
Wash PDF