Most People Will Compromise Their PC For One Cent An Hour

There are many tales in literature over millennia about people selling their soul to a malevolent deity for the right price. But at least it's usually a good price. Recent research has discovered that we are willing to compromise our computer for no more than one cent in income.

Currency picture from Shutterstock

The researchers from the Carnegie Mellon University CyLab who carried out this work, tempted users by into downloading and, in many cases, actually running a Windows application on their computer. After they had agreed to take part, they were told that it was for an academic study but were given very little other information about the application. The application pretended to run a series of computational tasks and paid those who installed it one cent for every hour it was left running.

Even though a participant's machine would give them a pop up warning when they started the download to tell them that this application wanted higher level access to essential security services, 22% of them went ahead and downloaded. And when participants were offered $1 per hour, that figure rose to 43%.

With more than 1700 downloads, the application was run about 960 times, meaning that just over half of participants fell for the ruse. Alarm bells should have rung, but they were apparently not heeded.

The fact is, this application could easily have contained malware. Participants knew little about what they were installing other than it would pay them for their processing power but they didn't seem to mind.

The ethics of this research are certainly potentially dubious. Individuals were lured into downloading this application for a seemingly good cause and we know nothing of their financial circumstances. It's a scenario that many of us can recognise in one way or another, though. We may not get a financial reward for downloading applications but how often do we click away warnings so we can get an app that offers us some other incentive, such as access to free music or movies?

Crooks will be pleased to learn from this study that it is apparently very easy to trick ordinary computer users into hosting your malware.

It is an old adage, but it is still very important to remember — if it looks too good to be true, it probably is. Do not install any application without checking if the source is reputable. Free is often good, but with free on the internet comes with many risks. This is particularly true for sites offering access to illegal movies or adult content.

Whenever you download an application from any source, trusted or otherwise, you should complete a simple mental checklist.

Did I scan for malware just before I clicked to install the application? Is my operating system warning me about the security risks with this application? Did I scan my system for malware after I installed the application? And finally, do I have up to date anti-malware software?

This all may seem tedious, but it pays to be cautious. Recent incidents have taught us that there are plenty of people out there who will take advantage of anyone who hasn't protected themselves properly. Whether this research shows that we just can't be bothered to read the pop up warnings our computers send us when we click and install or whether it shows that we are even more willing to compromise our security in the name of a quick buck, it should make us think twice about how blindly we click. Just as any character in literary history will tell you, selling your soul rarely turns out to be a good deal.The Conversation

Andrew Smith is Lecturer in Networking at The Open University. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

This article was originally published on The Conversation. Read the original article.


Comments

    and for everyone else thats semi computer literate, run it in a sandbox or a vm. so many cracks/keygens ,etc contain bitcoin miners

      The executable they distributed attempted to test whether it was being run in a VM. They mention the limitations, but identified about 2% of users were definitely using a VM. My guess is there's not a huge crossover between 'people who can quickly spin up a vm' and 'people willing to spin up a vm and install software for one dollar'

      (Bonus evil addition to the technique: Instead of actually distributing money, say for each install $10 gets donated to starving orphans. Nobody is going to check until well after the site is dead and gone, and people who genuinely want to help will go around making their friends run the file...especially if you give them unique referral link so they can track how much money they've raised. And maybe a leaderboard...)

    That's like $8k a year for doing nothin! Awesome.

    Since when did 43% equal MOST

Join the discussion!

Trending Stories Right Now