TY - GEN
T1 - Stopping spyware at the gate
T2 - Symposium on Usable Privacy and Security, SOUPS 2005
AU - Good, Nathaniel
AU - Dhamija, Rachna
AU - Grossklags, Jens
AU - Thaw, David
AU - Aronowitz, Steven
AU - Mulligan, Deirdre
AU - Konstan, Joseph
PY - 2005
Y1 - 2005
N2 - Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable. While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs. In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions. Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions. We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g, KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.
AB - Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable. While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs. In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions. Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions. We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g, KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.
KW - EULA
KW - End user license agreement
KW - Notice
KW - Privacy
KW - Security and usability
KW - Spyware
KW - Terms of service
KW - ToS
UR - http://www.scopus.com/inward/record.url?scp=77953767524&partnerID=8YFLogxK
U2 - 10.1145/1073001.1073006
DO - 10.1145/1073001.1073006
M3 - Conference contribution
AN - SCOPUS:77953767524
SN - 1595931783
SN - 9781595931788
T3 - ACM International Conference Proceeding Series
SP - 43
EP - 52
BT - SOUPS 2005 - Proceedings of the Symposium on Usable Privacy and Security
Y2 - 6 July 2005 through 8 July 2005
ER -