Nicolas Christin, Serge Egelman, Timothy Vidas, Jens Grossklags
Citation
Nicolas Christin, Serge Egelman, Timothy Vidas, Jens Grossklags. "It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice". Proceedings Financial Crypto 2011, February, 2011.
Abstract
We examine the cost for an attacker to pay users to execute arbitrary
code—potentially malware.We asked users at home to download and run an executable
we wrote without being told what it did and without any way of knowing
it was harmless. Each week, we increased the payment amount. Our goal was to
examine whether users would ignore common security advice—not to run untrusted
executables—if there was a direct incentive, and how much this incentive
would need to be.We observed that for payments as low as $0.01, 22% of the people
who viewed the task ultimately ran our executable. Once increased to $1.00,
this proportion increased to 43%. We show that as the price increased, more and
more users who understood the risks ultimately ran the code. We conclude that
users are generally unopposed to running programs of unknown provenance, so
long as their incentives exceed their inconvenience.
Electronic downloads
Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
| Citation formats |
- HTML
Nicolas Christin, Serge Egelman, Timothy Vidas, Jens Grossklags. <a href="http://www.truststc.org/pubs/785.html" >It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice</a>, Proceedings Financial Crypto 2011, February, 2011.
- Plain text
Nicolas Christin, Serge Egelman, Timothy Vidas, Jens Grossklags. "It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice". Proceedings Financial Crypto 2011, February, 2011.
- BibTeX
@inproceedings{ChristinEgelmanVidasGrossklags11_ItsAllAboutBenjaminsEmpiricalStudyOnIncentivizingUsers, author = {Nicolas Christin and Serge Egelman and Timothy Vidas and Jens Grossklags}, title = {It's All About the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice}, booktitle = {Proceedings Financial Crypto 2011}, month = {February}, year = {2011}, abstract = {We examine the cost for an attacker to pay users to execute arbitrary code—potentially malware.We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice—not to run untrusted executables—if there was a direct incentive, and how much this incentive would need to be.We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.}, URL = {http://www.truststc.org/pubs/785.html} }
Posted by Nicolas Christin on 1 Oct 2011.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.