"They Keep Coming Back Like Zombies": Improving Software Updating Interfaces
作者: Josefine Engel , Marshini Chetty , Arunesh Mathur , Victoria Chang , Sonam Sobti
DOI:
关键词: Computer science 、 Low fidelity 、 Software upgrade 、 Interrupt 、 Formative assessment 、 Software 、 World Wide Web 、 Software engineering 、 Work (electrical) 、 Sociotechnical system
摘要: Users often do not install security-related software updates, leaving their devices open to exploitation by attackers. We are beginning understand what factors affect this updating behavior but the question of how improve current interfaces however remains unanswered. In paper, we begin tackling studying behaviors, designing alternative interfaces, and evaluating these designs. describe a formative study 30 users’ practices, low fidelity prototype developed address issues identified in work, evaluation our with 22 users. Our findings suggest that updates interrupt users, users lack sufficient information decide whether or update, vary terms they want be notified provide consent for updates. Based on study, make four recommendations desktop outline sociotechnical considerations around will ultimately end-user security.
参考文章(36)
Michael Fagan, Mohammad Maifi Hasan Khan, Ross Buck, A study of users' experiences and beliefs about software update messages Computers in Human Behavior. ,vol. 51, pp. 504- 519 ,(2015) , 10.1016/J.CHB.2015.04.075
Stefan Frei, Thomas Duebendorfer, Why Silent Updates Boost Security ,(2009)
Iulia Ion, Sunny Consolvo, Rob Reeder, “...No one Can Hack My Mind”: Comparing Expert and Non-Expert Security Practices symposium on usable privacy and security. pp. 327- 346 ,(2015)
Antonio Nappa, Richard Johnson, Leyla Bilge, Juan Caballero, Tudor Dumitras, The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching 2015 IEEE Symposium on Security and Privacy. pp. 692- 708 ,(2015) , 10.1109/SP.2015.48
Farnam Jahanian, Jon Oberheide, Evan Cooke, If it ain't broke, don't fix it: challenges and new directions for inferring the impact of software patches HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems. pp. 17- 17 ,(2009)
Lorrie Faith Cranor, A framework for reasoning about the human in the loop UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security. pp. 1- ,(2008)
Lorrie Faith Cranor, Neha Atri, Joshua Sunshine, Hazim Almuhimedi, Serge Egelman, Crying wolf: an empirical study of SSL warning effectiveness usenix security symposium. pp. 399- 416 ,(2009)
M A Sasse, S Brostoff, D Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security Bt Technology Journal. ,vol. 19, pp. 122- 131 ,(2001) , 10.1023/A:1011902718709
Erica L. Olmsted-Hawala, Elizabeth D. Murphy, Sam Hawala, Kathleen T. Ashenfelter, Think-aloud protocols Proceedings of the 28th international conference on Human factors in computing systems - CHI '10. pp. 2381- 2390 ,(2010) , 10.1145/1753326.1753685