canmove, Confirmed users
1,537
edits
User:Sidstamm/Notes July 2014 SOUPS: Difference between revisions
→Rick Wash: How automatic software updates introduce security problems
No edit summary |
|||
| Line 233: | Line 233: | ||
== Rick Wash: How automatic software updates introduce security problems == | == Rick Wash: How automatic software updates introduce security problems == | ||
"Whenever possible, secure system designers should find ways of keeping humans out of the loop" (Lorrie Cranor) | |||
Examples: Windows Update with default auto-updating (XP SP2 and later) | |||
The researchers did a survey then examined computer logs. They matched the log data with the survey and interview data. | |||
People misunderstand updates. 2/3 did not know that auto updates were on (or thought they were but were wrong). Many thought windows update was just advising them that updates were available, not that they were installed. | |||
When removing people from decision making, peoples' misunderstanding of what happens increases. This is because we tend to remove the easy decisions and leave the hard decisions (like "do you want to accept this cert?"). Thus, amateur security is harder and people end up either wrong or experts. | |||
== Saranga Komanduri: Revisiting popup fatigue == | == Saranga Komanduri: Revisiting popup fatigue == | ||