Elissa Redmiles said Wanna Cry , a global ransomware attack could have been avoided if users had an updated computer software
.The malicious software attacked users showing that in more than 150 countries thousands of computers were running outdated software putting them at risk.
Microsoft fixed the defect, but it protected the users having updated computers. A hacker’s group, Shadow Brokers , revealed stolen information from the US National Security Agency showing details of the defect to the public. Hackers used the shortcoming in Microsoft’s software and changed the user data codes to charge money if they want to use their data further. Hackers were not fully successful however users were outraged by this attack.
Updating is Pain
Users had to keep their software updated to avoid attack but users think that it is effortful. A research conducted in 2016 by University of Edinburgh and Indiana University with 307 people. Where they were asked to discuss their experiences of installing software updates. Half of the participants said that the process of installing is frustrating. Only 21% participants felt positive about regular updates. One of the participant pointed that the Windows updates are frequent and some are time consuming. Even shorter updates can disturb the workflow so many users avoid updating.
Companies running large number of computers with special software, worry that updating might cause problems with their regular working. Also it is hard to tell if the new update is necessary. Like the software that fixed ransomware attack looked like a routine update that users easily ignore. Research shows that ignoring security warning messages result in ignoring monthly updates. Microsoft released 18 updates in march along with the attack fix, half were rated ‘critical’ and half ‘important’ , if users knew that a certain update would make their computers safe they would have installed the update. Even security experts such as Chris Goettel , Microsoft watcher, prioritized four updates excluding the Wanna Cry fix. Security company Qualys did not include it in its list of most important updates.
In 2015 a survey done by google showed that one third of security professionals do not keep their systems updated. Only 64% of security experts update shortly after being notified or keep it automatically updated. Few regular users update so often . Another research on software update records showed computer experts update immediately unlike non experts. Experts take an average of 24 days to update after the release, whereas normal users take twice of this time .
Experts know the importance of certain update so they interrupt their workflow to update. Software companies are making efforts to make updates less disruptive , in google chrome updates are downloaded in the background ,on reopening the browser new changes are already made without interruptions . However some updates require restart like the fix of Wanna Cry but users will not allow restarting of their systems without any prior notification so software companies should try to make users more aware of the importance of an update.