There are many tales in literature over millennia about people selling their soul to a malevolent deity for the right price. But at least it's usually a good price. Recent research has discovered that we are willing to compromise our computer for no more than one cent in income.
Currency picture from Shutterstock
The researchers from the Carnegie Mellon University CyLab who carried out this work, tempted users by into downloading and, in many cases, actually running a Windows application on their computer. After they had agreed to take part, they were told that it was for an academic study but were given very little other information about the application. The application pretended to run a series of computational tasks and paid those who installed it one cent for every hour it was left running.
Even though a participant's machine would give them a pop up warning when they started the download to tell them that this application wanted higher level access to essential security services, 22% of them went ahead and downloaded. And when participants were offered $1 per hour, that figure rose to 43%.
With more than 1700 downloads, the application was run about 960 times, meaning that just over half of participants fell for the ruse. Alarm bells should have rung, but they were apparently not heeded.
The fact is, this application could easily have contained malware. Participants knew little about what they were installing other than it would pay them for their processing power but they didn't seem to mind.
The ethics of this research are certainly potentially dubious. Individuals were lured into downloading this application for a seemingly good cause and we know nothing of their financial circumstances. It's a scenario that many of us can recognise in one way or another, though. We may not get a financial reward for downloading applications but how often do we click away warnings so we can get an app that offers us some other incentive, such as access to free music or movies?
Crooks will be pleased to learn from this study that it is apparently very easy to trick ordinary computer users into hosting your malware.
It is an old adage, but it is still very important to remember — if it looks too good to be true, it probably is. Do not install any application without checking if the source is reputable. Free is often good, but with free on the internet comes with many risks. This is particularly true for sites offering access to illegal movies or adult content.
Whenever you download an application from any source, trusted or otherwise, you should complete a simple mental checklist.
Did I scan for malware just before I clicked to install the application? Is my operating system warning me about the security risks with this application? Did I scan my system for malware after I installed the application? And finally, do I have up to date anti-malware software?
This all may seem tedious, but it pays to be cautious. Recent incidents have taught us that there are plenty of people out there who will take advantage of anyone who hasn't protected themselves properly. Whether this research shows that we just can't be bothered to read the pop up warnings our computers send us when we click and install or whether it shows that we are even more willing to compromise our security in the name of a quick buck, it should make us think twice about how blindly we click. Just as any character in literary history will tell you, selling your soul rarely turns out to be a good deal.
Andrew Smith is Lecturer in Networking at The Open University. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.