Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
Stopping spyware at the gate: a user study of privacy, notice and spyware
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
IEEE Security and Privacy
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
Crowdsourcing user studies with Mechanical Turk
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Proceedings of the 17th ACM conference on Computer and communications security
Measuring the perpetrators and funders of typosquatting
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Putting out a HIT: crowdsourcing malware installs
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Fashion crimes: trending-term exploitation on the web
Proceedings of the 18th ACM conference on Computer and communications security
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
Moving forward, building an ethics community (panel statements)
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Short paper: location privacy: user behavior in the field
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Towards a bayesian network game framework for evaluating DDoS attacks and defense
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
We examine the cost for an attacker to pay users to execute arbitrary code--potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice--not to run untrusted executables--if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.