Blog

Convincing users to update software

Posted on July 31, 2012 - 11:38 by ccondon

Evidently, last week was International Technology Upgrade Week, as christened by an unlikely brand-band: Skype, Adobe, Norton, and TomTom. The goal of this self-styled ITUW was to raise awareness, chiefly among consumers, about why it's important to keep software updated. The initiative armed itself with the results of a Skype-commissioned survey, the gist of which was that a large chunk of people (40%) don't (always) update their software when they're prompted to. Why? Because it's inconvenient, they don't understand how updates benefit them, and they get nervous about computer security when they see update notifications.

The good news is that of the people who do claim to update software promptly, the number one reason for their doing so was to secure themselves against viruses and hacks. Obviously, we're advocates of anything that gets the message across to users that keeping software updated is crucial for security. In honor of the week gone by, here's my own take on how companies might better convince users to update software:

  • A quick (and extremely unofficial) field test of browser and software update options revealed that update options were under the "Advanced" tab as often as not. Something that everyone should know how to configure should not be buried in a section that will daunt and dissuade the average user.
  • Each of the companies promoting ITUW took a different tack in explaining why users should keep their software up-to-date, and one of the common threads was the "Get cool new features!" spin. Does anyone else remember the collective moaning and groaning that accompanied The Great Facebook Timeline Push? Cool new features are exciting for early adopters and for the companies initiating said changes, but consumers on the whole are a lot more resistant to change. Reliable or better performance, in my view, makes a much more effective incentive for users to update.
  • More companies have been building automatic update capability into their software and either enabling it by default or giving users a clear option to do so. One place I haven't seen this option a lot, surprisingly, is in the update notifications themselves. Letting people know right in the annoying notification that they can avoid the annoying notification = good move.
  • It's both gratifying and frustrating that users don't download updates they're supposed to because they're afraid of downloading something bad. Caution is good; lack of knowledge driving that caution is a problem. Reliable communications –clear language, simple explanations, predictable frequency –can go a long way toward building trust here. As for methodology, I'll just say it: Pop-up notifications seem hopelessly outdated to me. They're frequently aped by bad actors, they're annoying, and they aren't self-contained (the actual update usually occurs outside the notification). In other words, they don't inspire trust. In an increasingly app-centric digital world, it's becoming easier to manage software settings and permissions, centrally and in a way that users know is reliable and trustworthy. Update options and notifications shouldn't be any different.

Building a better Clearinghouse, part 2

A few months ago, I blogged about our foray into building a new, improved Badware URL Clearinghouse. At the time, we were starting a three month pilot project. That pilot has since concluded, and I'm back to share what we learned and accomplished during that time.

On the technical side, our developer, Matthew, built a production-ready platform to store badware URLs and associated data. He stuck with his original plan to use MongoDB and Java, and it seems to have worked well. He had to perform some multi-thread magic to efficiently resolve large numbers of domain names efficiently within Java, but he pulled it off. We look forward to migrating the data we currently collect from our data providers and our review process onto the new platform in the coming months.

I'm an executive, not a developer, so for me, the more interesting part of the pilot was talking with current and potential Partners about their interest in data sharing. Nearly every company we talked to craves data, whether to help clean up their own environments (in the case of hosting providers and registrars, for example) or to better protect their customers (in the case of security vendors). But would they be willing to share data to get data? We heard several reservations about sharing data:

  • Revealing proprietary methods or information.
  • Losing competitive advantage.
  • Violating legal restrictions on sharing.
  • Helping freeloaders.
  • Giving away data that could be marketable.
  • Exposing themselves to liability or negative PR.

Despite these concerns, though, several Partners are still interested. Why? Well, the aforementioned demand for data is one reason. Another is the opportunity to help shape a new effort  with great potential for helping the Web: by sharing data, our Partners will help each other protect users and help StopBadware to report on badware trends and facilitate cleanup efforts. Some Partners also recognized that a data sharing program is a vehicle for demonstrating their expertise to, and learning from, industry peers.

In that spirit, we're putting together plans to try out a data sharing program with a handful of our Partners. We'll use the new platform that Matthew built, and Partners will be required to contribute substantive data of their own if they want to see others' data. Eventually, we plan to build an API and a Web interface, though we'll likely start with a much more basic daily data feed. Meanwhile, we'll continue looking for opportunities to learn from, and perhaps even combine efforts with, other data sharing initiatives already underway.

Tags: 
clearinghouse, data, stopbadware

Announcing the Ads Integrity Alliance

Posted on June 14, 2012 - 08:44 by ccondon

At StopBadware, we participate in a unique combination of on-the-ground badware defense and high level multi-stakeholder initiatives that have a far-reaching positive effect on the security ecosystem. On particularly auspicious days, we get to connect these two parts of our job in ways that are extremely rewarding both for us and for the people we work with – whether those people are consumer webmasters dealing with a hacked site or policy executives at big Internet companies.

Today is an auspicious day. StopBadware is proud to announce the launch of the Ads Integrity Alliance, a collaborative initiative to protect users from bad ads and maintain trust in the online advertising ecosystem. The Alliance's charter members include Facebook, Google, Twitter, AOL, and the Interactive Advertising Bureau (IAB); each of these organizations is deeply invested in maintaining the integrity of the advertising infrastructure that supports your favorite websites and online companies.

As many Internet users are aware, online advertising is a driving force in business on the Web. Advertising allows your favorite platforms and services –like Facebook, Twitter, or Google Search– to get to know you, understand what you want, and interact with you more personally. What many people may not realize is that with the success of online advertising come bad actors who abuse the system and threaten the trust people place in their favorite sites. Companies like the Alliance's charter members already work hard to protect users from bad ads, such as those that deliver malware, direct users to scams, or sell counterfeit goods. The Ads Integrity Alliance will allow these companies to work together and build upon existing efforts to protect users.

StopBadware is proud to be spearheading this collaborative effort. We regularly encounter people and organizations that are affected by bad ads, and we know firsthand the damage this abuse can cause. The Alliance is a natural extension of our mission and our ethos; we're excited to work together with these industry leaders to stop the proliferation of bad ads and create a more trustworthy Web infrastructure for all users.

To learn more about the Ads Integrity Alliance and its activities, visit www.AdsIntegrityAlliance.org. A press release with additional details is available at www.stopbadware.org/home/pr_06142012. We're also hiring a part-time program manager to oversee the program. The job description is available here.

 

Tags: 
advertising, collaboration, malware, security, stopbadware

Pages