Become a fan of Slashdot on Facebook


Forgot your password?
Security Software The Almighty Buck

Research Project Pays People To Download, Run Executables 76

msm1267 (2804139) writes Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences. The more cash the researchers offered, capping out at $1, the more people complied with the experiment. The results toss a big bucket of cold water on long-standing security awareness training advice that urges people not to trust third-party downloads from unknown sources in order to guard the sanctity of their computer. A Hershey bar or a Kennedy half-dollar, apparently, sends people spiraling off course pretty rapidly and opens up a potential new malware distribution channel for hackers willing to compensate users. The study was released recently in a paper called: "It's All About The Benjamins: An empirical study on incentivizing users to ignore security advice." While fewer than half of the people who viewed the task actually ran the benign executable when offered a penny to do so, the numbers jumped to 58 percent when offered 50 cents, and 64 percent when offered $1.
This discussion has been archived. No new comments can be posted.

Research Project Pays People To Download, Run Executables

Comments Filter:
  • Re:Business plan (Score:3, Insightful)

    by Anonymous Coward on Thursday June 19, 2014 @01:48PM (#47274249)

    1. Set up VM
    2. Download all the crap they ask me to
    3. Profit

    Seriously, what kind of idiot would download an unknown executable on his main PC to earn a fucking dollar?

    They usually do it for free.

  • Duh (Score:5, Insightful)

    by rabtech ( 223758 ) on Thursday June 19, 2014 @02:08PM (#47274447) Homepage

    People were happy to install ActiveX controls to "Punch the Monkey" in 1998. Nothing has changed since then.

    It's also why the Android security model is a complete joke and always has been.

    Any security model that requires users to make perfect security decisions is an automatic failure because there is no "undo", so one mistake after 10 years of perfect vigilence owns your entire machine.

Some people carve careers, others chisel them.