Study Shows People Willing to Install Unknown Programs in PCs for a Dollar

Study Shows People Willing to Install Unknown Programs in PCs for a Dollar

According to a report, 22 to 43 percent of people are willing to install unknown software on their devices in return for payment ranging from a few cents to a dollar.

In news that's kind of baffling, it seems a good number of people are willing to install unknown programs on their PCs for a little pocket change -- and I mean that literally. In a study, it states that between 22 to 43 percent of people are willing to inflict their computer devices with unknown software, even when their OS flagged the program as a potential threat, in return for payments ranging from a penny to a dollar. According to Nicolas Cristin who wrote the report, just 17 people out of 965 were running virtual machines that could limit the potential damage; and that only one person told him in the debrief that they were doing this on purpose.

Important to note that the study isn't done on a grand scale, so we don't know if a large consensus would react the same way. Nonetheless, it's never a good idea to install unknown software in your devices regardless of the incentive. And here I thought that malware had to be disguised as popular games for people to bite.

In somewhat related news, a cyberattack was traced to an infected fridge which we reported on early this year, which sounds odder than it really is. Would you be willing to install programs in your devices for a sum? If so, how much would it take?

Source: Carnegie Mellon University, Twitter via Engadget

Permalink

In my experience people are willing to click through most things if it presents it's self right. Installing a hard .exe is a pretty extreme red-flag occurrence in these days of insecure Java and infected adverts you don't even need to click to get malware. I find it so surprising people would ignore blatant red flags though. Maybe it's because modern windows throws up so many alerts so often you become numb to them.

22-43% is an odd face figure to give range. I think you could better represent what percentage of people were willing to install for what price as the study has quite a wide range of scenarios.

In a sand box - sure.

mindfaQ:
In a sand box - sure.

or a virtual machine ... or that laptop that i never use but installed windows 2000 on for the laughs

:P

RedBackDragon:

mindfaQ:
In a sand box - sure.

or a virtual machine ... or that laptop that i never use but installed windows 2000 on for the laughs

:P

Or Windows ME. It almost deserves that kind of punishment.

Obligatory continuation: Really? That's a higher percentage of people willing to do that than it should be.

Everyone has their price. Mine is the price of a slightly better PC than the one I'm putting at risk, so at least if I get infected I can bin it and get a free upgrade.

Having said that, I can't see "Please enter your bank information to receive payment" ending well for me.

So most Computer uysers are idiots.. anyone who's ever worked techsupport could tell you this.

As a PC technician, I welcome the people who install this crap on their machines. A fool and their money are soon parted.

For a dollar? I've done it for free...

I'd be firmly in the NOPE crowd. Even though I know how to set up a virtual machine on a separate drive, it's still not worth the dollar.

Am I the only one impressed it's less than 50%?

Scrumpmonkey:
I find it so surprising people would ignore blatant red flags though. Maybe it's because modern windows throws up so many alerts so often you become numb to them.

It's definitely this. Windows gives their stupid user account control warning even when installing Microsoft programs and drivers. There's no difference between Joe Smoe's apps and anything from a major publisher so why would anyone care?

PoolCleaningRobot:
Am I the only one impressed it's less than 50%?

Scrumpmonkey:
I find it so surprising people would ignore blatant red flags though. Maybe it's because modern windows throws up so many alerts so often you become numb to them.

It's definitely this. Windows gives their stupid user account control warning even when installing Microsoft programs and drivers. There's no difference between Joe Smoe's apps and anything from a major publisher so why would anyone care?

Oh it's even better; one of the first times I got a drive-by infection, UAC let it right in, and then tried to prevent me from removing the malware.

It also didn't prevent Google Earth from getting silently installed on one of my machines due to a bug in Google Update. I'm no longer sure what UAC is really for, to be honest.

Well, at least people are consistent. If you did not change a single habit after the NSA leaks, you might as well let anyone into your digital life, especially if there is money involved. :)

McMullen:
Oh it's even better; one of the first times I got a drive-by infection, UAC let it right in, and then tried to prevent me from removing the malware.

It also didn't prevent Google Earth from getting silently installed on one of my machines due to a bug in Google Update. I'm no longer sure what UAC is really for, to be honest.

As shameful as it is to admit, I got a pop up one time when I turned my pc on hastily clicked yes on it because it I thought it was some kind of update, but UAC didn't even pop up for a confirmation. Next thing I know, I was getting green hyperlinks in the text on webpage that link to ads. I figured I learn how to reinstall windows to get rid of it as my pc could have used a fresh start anyway. I'm building a new pc and I've been learning the ins and outs of Linux over the last few months so I'll probably just install Windows for games and use Linux in a virtual machine for everything else

Certainly, on my old XP laptop from 2003. Still works, it's just too slow for flash these days.

I've also got an old installation of XP on a hard drive I can shove into my linux box temporarily to do it.

Ooh, come to think of it, I have a windows 7 laptop with a broken screen lying around useless. I'd do it with that and my HDMI monitor.

Also, I'd require at least a few hundred of the things at once (the full $1 ones) minimum to make it worth the time I'll spend running DBAN, formatting and reinstalling... but then I'd be willing to do it again. I could do that for a living, if advertisers would pay me to.

I am honestly not surprised. It seems that A LOT of people are completely ignorant to computer virus/malware being installed on their machine. Fun story: My mother's Ex and his kids managed to download a metric shit-ton of malware/virus filled software on her machine. It was all from free sound editing software, games, and tabs that she allowed them to download(although she would go ballistic when I would download safe programs like Steam). She had to get he computer professorially cleaned just to get most of them off.

Does anyone take UAC seriously? It pops up way too often for me to take it seriously, and it's very vague.
I've installed "risky" software before, and windows problems are relatively easy to deal with, but I wouldn't do it on my phone.

Alex Co:
Would you be willing to install programs in your devices for a sum?

Yes, if...

If so, how much would it take?

...I was paid an amount equal to or greater than the price of my rig at the time of purchase.

The way I see it, why risk a hard-drive format for a few bucks when I can risk a hard-drive format for a second computer of equal or better value?

That is ridiculous. So much software out there and available on the web is already malicious, from "foistware" and "bundleware" to more serious threats like trojans and rootkits, why would you invite it by installing software you are getting paid $1 or less to install?
It will cost these fools much more money to get their computer cleaned up afterwards.

EDIT: I will say this, if someone offered me a large enough sum of money, say $50+, I would install the software in one of my virtual machines.

And this is why I'm constantly looking over my mom's shoulder when she's on her PC, or my nieces, or any other family member. I am the Yoda to their Luke. Patience they must have if game they want. Blindly click through windows they cannot.

I wouldn't blindly install software on my PC for any amount. I have a 500GB HD that's nearly full with the games I want, the programs I want... I really need to get a 1TB. My computer's stable, clean, has been for years. It runs better than PCs my family members buy new, because I built it, I maintain it, nobody else touches it.

mindfaQ:
In a sand box - sure.

Agreed. I totally have an ancient PC that I don't care about. For a a couple hundred a month, I'd be happy to load that POS up with more POS, then wipe the damn thing and start over again.

Scrumpmonkey:
In my experience people are willing to click through most things if it presents it's self right. Installing a hard .exe is a pretty extreme red-flag occurrence in these days of insecure Java and infected adverts you don't even need to click to get malware. I find it so surprising people would ignore blatant red flags though. Maybe it's because modern windows throws up so many alerts so often you become numb to them.

22-43% is an odd face figure to give range. I think you could better represent what percentage of people were willing to install for what price as the study has quite a wide range of scenarios.

Indeed. I had literally just gotten home from a vacation a week ago and got a message from my mother about needing to fix her computer (due to pop-ups and slowed processing). I went over and looked at her machine and found that she had inadvertantly installed a bunch of random, unnecessary crap (screensavers and "Pc boosters" of varying types).

It's really easy to just bombard and/or frighten people nowadays when it comes to computers and security (lol LifeLock...) that I'm never surprised to hear from people who need help "fixing" their machines.

The "average" computer user is a drooling moron. I work Linux tech support at a web host and there have been a few times where people submit support tickets to help them block incoming spam containing .zip files with an infected executable, and the server owners mail users open them up. As if that's OUR problem.

Easiest solution, DON'T OPEN THE DAMN ZIP! If you don't know what it is, or who it's from, don't touch it!

Literal quote from a customer: "You can't fix stupid"

The people who are just as bad are the people with Macs who insist that there's nothing wrong with their computer, because Macs are so perfect it's surely someone else's fault!

I partly blame the education system for being so far behind in teaching basic computer science in schools, and I also partly blame software companies like Microsoft and Apple who mislead people who buy their products. Because "Capitalism".

Nemu:

Scrumpmonkey:
In my experience people are willing to click through most things if it presents it's self right. Installing a hard .exe is a pretty extreme red-flag occurrence in these days of insecure Java and infected adverts you don't even need to click to get malware. I find it so surprising people would ignore blatant red flags though. Maybe it's because modern windows throws up so many alerts so often you become numb to them.

22-43% is an odd face figure to give range. I think you could better represent what percentage of people were willing to install for what price as the study has quite a wide range of scenarios.

Indeed. I had literally just gotten home from a vacation a week ago and got a message from my mother about needing to fix her computer (due to pop-ups and slowed processing). I went over and looked at her machine and found that she had inadvertantly installed a bunch of random, unnecessary crap (screensavers and "Pc boosters" of varying types).

It's really easy to just bombard and/or frighten people nowadays when it comes to computers and security (lol LifeLock...) that I'm never surprised to hear from people who need help "fixing" their machines.

I've seen the opposite problem. I set up some good security systems in my mother's computer but when something quite benign like the anti-spyware program giving a flag that you haven't had a scheduled scan yet or the anti-virus saying it is 2hours out of date she freaks out and says the computer is broken because she can't tell real red flags from just regular system messages. Either way it leaves most computer users ill equipped to make security decisions or properly maintain and run their systems. Windows effectively cries wolf to the average user with it's shitty way of doing things.

I'm careful with security. I keep my start-up clean, i monitor process activity and i run programs on my broswer that limit my exposure to possible attack (ones that can't be mentioned here because apparently taking the now pretty essential step of protecting your PC by controlling the launching of web scrips is against the fucking law or something) . I do run a virtual machine in some cases if I'm testing software. Even then i still manage to get some pieces of annoying spyware that thankfully mostly don't make it past my temporary files.

I can only imagine how terrifying or incomprehensible the world of PC security seems.

Remus:
And this is why I'm constantly looking over my mom's shoulder when she's on her PC, or my nieces, or any other family member.

OMFG the amount of times I've had to check my GF's PC because her mom just clicks away on anything that says "install", to the point were one time even the anti-virus got disabled. To then check the install log and see ten thing installed on the same date just cause.

McMullen:

Oh it's even better; one of the first times I got a drive-by infection, UAC let it right in, and then tried to prevent me from removing the malware.

It also didn't prevent Google Earth from getting silently installed on one of my machines due to a bug in Google Update. I'm no longer sure what UAC is really for, to be honest.

UAC was created to annoy the users to maximum degree, and whats quite ironic is that Vista of all things was the only windows version where you can actually turn it OFF, and i mean trully OFF not just this "its still working just does not give you warnings" crap. No, i WANT to run programs with admin priviledes. yet i have to force windows to do that every time because microsoft decided im too stupid.

Oh, well now. If I have any real complaints about this poll, I can actually go on up to the guys at CMU and talk to them about it. Does the KGB have anything to do with this or just an independent sort of test?

My main beef: This only proves that you can fool some of the people all of the time or all of the people some of the time, which we have known for a long while.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here