Quantifying Users’ Beliefs about Software Updates

TitleQuantifying Users’ Beliefs about Software Updates
Publication TypeConference Paper
Year of Publication2018
AuthorsMathur, A., Malkin N., Harbach M., Peer E., & Egelman S.
Published inProceedings of the NDSS Workshop on Usable Security (USEC ’18)

Software updates are critical to the performance, compatibility, and security of software systems. However, users do not always install updates, leaving their machines vulnerable to attackers’ exploits. While recent studies have highlighted numerous reasons why users ignore updates, little is known about how prevalent each of these beliefs is. Gaining a better understanding of the prevalence of each belief may help software designers better target their efforts in understanding what specific user concerns to address when developing and deploying software updates. In our study, we performed a survey to quantify the prevalence of users’ reasons for not updating uncovered by previous studies.We used this data to derive three factors underlying these beliefs:update costs, update necessity, and update risks. Based on our results, we provide recommendations for how software developers can better improve users’ software updating experiences, thereby increasing compliance and, with it, security.


This research was supported by NSF grant CNS-1528070, BSF grant #2014626 and The Center for Long-Term Cybersecurity at the University of California, Berkeley

ICSI Research Group

Usable Security and Privacy