Stop Clicking on “Update Later”: Persuading Users They Need Up-to-Date Antivirus Protection

  • Leah Zhang-Kennedy
  • Sonia Chiasson
  • Robert Biddle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8462)


Online security advice aims to persuade users to behave securely, but appears to have limited effects at changing behaviour. We propose security advice targeted at end-users should employ visual rhetoric to form an effective, memorable, and persuasive method of communication. We present the design and evaluation of infographics and an online interactive comic developed to persuade users to update their antivirus software. Results show superior learning and behavioural outcomes compared to mainstream text-only security advice.


Antivirus Persuasive Visualization Usable Security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armitage, C.J., Conner, M.: Efficacy of the theory of planned behaviour: A meta-analytic review. British Journal of Social Psychology 40(4), 471–499 (2001)CrossRefGoogle Scholar
  2. 2.
    Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you: Raising awareness of data leaks on smartphones. In: Symposium on Usable Privacy and Security (2013)Google Scholar
  3. 3.
    Bogost, I.: Persuasive games: The expressive power of videogames. MIT Press (2007)Google Scholar
  4. 4.
    Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing users towards better passwords: Persuasive Cued Click-Points. In: British HCI, pp. 121–130. British Computer Society (2008)Google Scholar
  5. 5.
    Chiasson, S., van Oorschot, P.C., Biddle, R.: A usability study and critique of two password managers. In: USENIX Security Symposium (2006)Google Scholar
  6. 6.
    Craik, K., James, W.: The nature of explanation. Cambridge Univ. Press (1967)Google Scholar
  7. 7.
    Crano, W.D., Prislin, R.: Attitudes and persuasion. Annual Review of Psychology 57, 345–374 (2006)CrossRefGoogle Scholar
  8. 8.
    Eisner, W.: Comics & Sequential Art. Poorhouse Press, Tamarac (1985)Google Scholar
  9. 9.
    Fogg, B.J.: Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, San Francisco (2003)Google Scholar
  10. 10.
    Fogg, B.J.: A behavior model for persuasive design. In: Persuasive Technology, p. 40. ACM (2009)Google Scholar
  11. 11.
    Forget, A., Chiasson, S., van Oorschot, P.C., Biddle, R.: Persuasion for stronger passwords: Motivation and pilot study. In: Oinas-Kukkonen, H., Hasle, P., Harjumaa, M., Segerståhl, K., Øhrstrøm, P. (eds.) PERSUASIVE 2008. LNCS, vol. 5033, pp. 140–150. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Gustafson, K.L., Branch, R.M.: What is instructional design? In: Trends and Issues in Instructional Design and Technology, pp. 16–25 (2002)Google Scholar
  13. 13.
    Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: Symposium on Usable Privacy and Security. ACM (2009)Google Scholar
  14. 14.
    Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology 10(2), 7 (2010)CrossRefGoogle Scholar
  15. 15.
    Logical PC Solutions. 5 Popular Computer Virus Misconceptions, (accessed June 2013)
  16. 16.
    Pastor-Satorras, R., Vespignani, A.: Epidemic spreading in scale-free networks. Physical Review Letters 86(14), 3200 (2001)CrossRefGoogle Scholar
  17. 17.
    Raja, F., Hawkey, K., Hsu, S., Wang, K.L.C., Beznosov, K.: A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings. In: Symposium on Usable Privacy and Security. ACM (2011)Google Scholar
  18. 18.
    Scott, L.M.: Images in advertising: The need for a theory of visual rhetoric. Journal of Consumer Research, 252–273 (1994)Google Scholar
  19. 19.
    Smiciklas, M.: The power of infographics: Using pictures to communicate and connect with your audiences. Que Publishing (2012)Google Scholar
  20. 20.
    Srikwan, S., Jakobsson, M.: Using cartoons to teach internet security. Cryptologia 32(2), 137–154 (2008)CrossRefGoogle Scholar
  21. 21.
    Tembhurne, R.: 15 Myths and Misconceptions about Viruses and Security Applications (2013), (accessed June 2013)
  22. 22.
    Versipass. Secure Comics,
  23. 23.
    Whitten, A., Tygar, J.D.: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In: USENIX Security Symposium (1999)Google Scholar
  24. 24.
    Wikipedia. Antivirus Software, (accessed June 2013)

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Leah Zhang-Kennedy
    • 1
  • Sonia Chiasson
    • 1
  • Robert Biddle
    • 1
  1. 1.Carleton UniversityOttawaCanada

Personalised recommendations