Getting End Users to Patch – A Simple Idea for Security
Security is a constant game of cat and mouse in the sense that researchers and hackers alike are constantly discovering new flaws with technology and vendors are having to push out patches to remove those flaws. This is how it always has been, and how it will probably stay for the foreseeable future. and this model actually works quite while too. A major issue arises is when the vendors are unable to push patches out to their end users. This is a tough problem for vendors to deal with because most end users don’t want their systems automatically updating because they feel like it makes them have less control over their systems.
The solution to this problem has actually been right under our noses for a long time, and some developers have picked up on it and used it to keep their devices and software updated frequently. The solution is to put it simply is adding new features. Most end users will update their devices only if new features are provided to them, no matter how small the features are they are what entices users to update their devices sooner rather then later. Now depending on the frequency of flaws found in your software this might not always be a usable solution, because you can’t add a new feature every time someone releases a new exploit for your systems, however if you have a well tested platform that only has a handful of vulnerabilities discovered every few months then this model is perfectly viable. A perfect example of a company that uses this method to keep their devices updated frequently would be Apple. Some of their iOS updates have just a few simple features and 90% of them are security or stability updates. This is a perfect example of how companies should try to push out security updates to the average end user.
This is obviously not the nirvana of computer security, however , combine this method of pushing out good updates with some others and we can eliminate a large amount of attacks to the average user, and at the same time we can give the users a sense of accomplishment for updating their devices and being rewarded with new features. We are in an age where we should trust all or most updates pushed to our devices, so lets reward our users and give them incentives to update and keep the internet more secure.
TL;DR : Reward your users for updates