Remarkable paper, over 40% of people are willing to run an executable that scans their machine and does arbitrary harm for a payment of 50 cents. As the paper says, "users actually do not attach any signiﬁcant economic value to the security of their systems. While ignorance could explain this state of affairs, we show that the reality is much worse, as some users readily turn a blind eye to questionable activities occurring on their systems, as long as they can themselves make a modest proﬁt out of it."
6 plus ones
Shared publicly•View activity
- Updated this post to correct the percentage to 40% (which is what it says in the abstract). Table 1 in the paper shows it is 60%, but the percentage appears to be incorrectly calculated from the data. Seems to be an error in the paper.Jun 19, 2014
- The paper has good details. It includes that 70% of participants understood the dangers of executing arbitrary code and that very few of the participants used a VM (which would protect them from the code). A couple things I would have liked to see explored more was whether the people owned the computer they are risking (maybe people are willing to run code on a business computer or other computer they don't own, easily could see an agency problem being the issue) and whether even higher payments like $10 change the results (might increase willingness as it is a higher payment, or might be interpreted as a signal that the executable is really bad and so might decrease participation, unclear which effect you would see).Jun 19, 2014
Add a comment...