Software updates are essential to enhance security, fix bugs, and add better features to existing software. However, while some users comply and update their systems upon notification, non-compliance is common. Delaying or ignoring updates leaves systems exposed to security vulnerabilities. Despite research efforts, users' noncompliance behavior with software updates is still prevalent. In this study, we explored how psychological factors influence users' perception and behavior toward software updates. In addition, we proposed a model to assess the security risk score associated with delaying software updates. We conducted a user study with Windows OS users to explore how information about potential vulnerabilities and risk scores influence their behavior. Furthermore, we also studied the influence of demographic factors such as gender on the users' decision-making process for software updates. Our results showed that psychological traits, such as knowledge, awareness, and experience, impact users' decision-making about software updates. To increase users' compliance, providing a risk score for not updating their systems and information about vulnerabilities statistically significantly increased users' willingness to update their systems. Additionally, our results indicated no statistically significant difference in male and female users' responses in terms of concerns about securing their systems. The implications of this study are relevant for software developers and manufacturers as they can use this information to design more effective software update notification messages. Highlighting potential risks and corresponding risk scores in future software updates can motivate users to act promptly to update the systems in a timely manner, which can ultimately improve the overall security of the system.
翻译:软件更新对于增强安全性、修复漏洞以及为现有软件添加更优功能至关重要。然而,尽管部分用户在收到通知后会遵从并更新其系统,但不遵从行为仍普遍存在。延迟或忽略更新会使系统暴露于安全漏洞之下。尽管已有研究努力,用户对软件更新的不遵从行为依然盛行。在本研究中,我们探讨了心理因素如何影响用户对软件更新的感知与行为。此外,我们提出了一个模型,用于评估与延迟软件更新相关的安全风险评分。我们对Windows操作系统用户进行了一项用户研究,以探讨关于潜在漏洞和风险评分的信息如何影响其行为。此外,我们还研究了性别等人口统计学因素对用户软件更新决策过程的影响。我们的结果表明,知识、意识和经验等心理特质会影响用户关于软件更新的决策。为提高用户的遵从性,提供不更新系统的风险评分及漏洞信息在统计上显著增加了用户更新系统的意愿。此外,我们的结果表明,在关注系统安全方面,男性和女性用户的回应无统计学显著差异。本研究的意义对软件开发者和制造商具有相关性,因为他们可以利用这些信息设计更有效的软件更新通知消息。在未来软件更新中突出潜在风险及相应的风险评分,可以激励用户及时采取行动更新系统,从而最终提升系统的整体安全性。