The top four reasons users don’t upgrade their software (but probably ought to)

The top four reasons users don't upgrade their software (but probably ought to)

Bet you didn’t you know that it’s ITUW!

That’s right.

It’s International Technology Upgrade Week.

Don’t worry – I didn’t know, either.

ITUW probably isn’t what you think. It’s not a marketing pitch by electronics retailers to flog you a new TV or to get you to sign a new mobile phone contract.

Don’t get me wrong – it is a marketing vehicle, and it’s created an unusual promotional foursome consisting of Skype, Adobe, Norton and Tom Tom.

Nevertheless, it has revealed some interesting factoids, following a survey commissioned by the participants.

The standout figure is that 40% of users don’t upgrade when they probably ought to. (Actually, Skype carefully states that 40% of adults don’t upgrade. Whether children are more or less diligent is not reported.)

The primary reasons are given by Skype as:

  • Worried about computer security, so I don’t download everything I’m prompted to.
  • There is no real benefit to me.
  • Upgrades take too long.
  • Lack of understanding about what the update(s) will do.

Ouch. We’re stuck in a sort of Catch-22. Downloading and running stuff whenever you’re asked is risky behaviour. But not installing security fixes when they’re available is risky, too.

This is a tricky dilemma, and one which Chester Wisniewski and I rather presciently happen to have discussed in a recent Sophos Techknow podcast:

(Duration 15’25”, size 11MBytes)

Intriguingly, despite a 40% resilience to updating amongst those surveyed, Skype’s survey reports that 25% of users admitted that “they need to see a prompt twice before upgrading software.”

Be warned: cybercrooks know that. It’s one of the reasons that fake anti-virus software keeps pestering you with warnings, and why the support call scammers phone over and over again to try to coerce you into paying for their fraudulent help.

Don’t agree to upgrade or update just because you’re nagged about it.

Take stock of the software you have; make sure you know how to update it and to check that those updates are working; and follow those update procedures regularly.

Think about it: if you don’t wait until you’re nagged, then you won’t ever be tricked by fraudulent software which does nag!

And why not take a reductionist approach to security?

If you’ve got software installed for which you don’t trust the updates and upgrades, or which has let you down before, why not simply get rid of it? You’ll soon find out whether you really need it.

Naked Security’s Graham Cluley recommended this approach to Java for Mac users back in April 2012. I followed his advice and ditched Java from my web browsing setup to see what difference it made. Turns out I could live without it, so I have.

Bingo. One less thing to worry about.

Why not try something similar yourself? Removing stuff you don’t need is a form of upgrade – a security upgrade!

IUTW images from the infographic on the Skype Big Blog.