This article is more than 1 year old

Choc Factory research shows users just don't get security

Users shirk managers for manual p@sswords claiming: 'Nobody can hack my mind'

Antivirus software has copped another beating from security experts, who axed the tool from their list of top five security-enhancing recommendations.

The findings are contained in the Google study No one can hack my mind: Comparing Expert and Non-Expert Security Practices which polled 231 security experts, and 294 normal users over Amazon's Mechanical Turk.

Choc Factory researchers Iulia Ion, Rob Reeder, and Sunny Consolvo conducted the research finding that the popularity of antivirus among users could be due to the platform's shiny click-and-play usability which also made firewalls attractive.

"Further data we collected also confirms that non-experts consider using antivirus software very effective at protecting their security," the research says.

"Though using them was considered good advice by experts, password managers were regarded with skepticism by non-experts, who instead preferred to remember passwords, partly because, as one participant said, 'no one can hack my mind'.

"The high adoption of antivirus software among non-experts and their high willingness to follow this advice might be due to the good usability of the install-once type of solution that antivirus software offers."

The research found further differences between experts and users; the former recommend patching as the chief security tool while the latter rejected it. The Google bots suggest users are suspicious of what the updates would do to their systems.

It also found experts recommended unique passwords and two factor authentication while users opted for regular passwords resets and try to visit only known websites.

"Non-expert participants reported being reluctant to promptly install software updates, perhaps due to lack of understanding of their effectiveness or bad past experiences caused by software updates."

Regular password resets are considered by some to result in users picking weaker passwords over time as they are forced to remember codes anew.

The user suggestion of visiting only 'known websites' is similarly bad advice since this renders obsolete much of the benefits of the internet and does not protect users from malvertising and exploit kits which regularly affect big name sites.

The trio say the research could help design better security education and outreach programs and recommend security advice should be comprehensible, effective, and contain limited drawbacks. ®

More about

TIP US OFF

Send us news


Other stories you might like