Betrayed by updates: How negative experiences affect future security

Installing security-relevant software updates is one of the best computer protection mechanisms. Through interviewing non-expert Windows users, we found that users frequently decide not to install future updates, regardless of whether they are important for security, after negative experiences with past updates. This means that even non-security updates can impact the security of a computer. We discuss three themes impacting users’ willingness to install updates: unexpected new features in an update, the difficulty of assessing whether an update is “worth it’, and confusion about why an update is necessary.