A hoax report earlier this year claimed that people who used Internet Explorer had a lower IQ than those using other browsers. Inspired by this bit of fun, Projection Point decided to carry out a poll to compare the risk intelligence (RQ) of people using different browsers. We found that Internet Explorer users performed worse than everyone else; they had lower RQ scores and were grossly overconfident.
We define Risk Intelligence as the ability to estimate probabilities accurately. Our Basic RQ Test consists of fifty statements—some true, some false—and your task is to say how likely you think it is that each statement is true. It’s a simple process; if you are absolutely sure that a statement is true, you assign a probability of 100 percent to it. If you are convinced that a statement is false, you should assign it a probability of 0 percent. If you have no idea at all whether it is true or false, you should rate it as 50 percent probable. If you are fairly sure that it is true but you aren’t completely sure, you would give it 60 percent, 70 percent, 80 percent, or 90 percent, depending on how sure you are. Conversely, if you are reasonably confident that it is false but you aren’t completely sure, you would give it 40 percent, 30 percent, 20 percent, or 10 percent.
When you have estimated the likelihood of all fifty statements in the test, the website will calculate your risk intelligence quotient, or RQ, a number between 0 and 100. Although our small sample size of 351 participants does not permit strong conclusions, they do suggest an interesting possibility; users of monopoly software (that historically has been responsible for many of the most severe software vulnerabilities) are not as good at estimating probabilities as their more adventurous counterparts. Perhaps the use of Microsoft Internet Explorer should be considered an indicator of poor risk intelligence. This would be consistent with studies showing that the computers of Internet Explorer users contain more malicious software than the machines of those using other browsers, that about 7% of downloads by Internet Explorer users are malicious and that the browser is amongst the most popular means of infecting Windows machines (this holds especially true for older versions). Although Microsoft’s efforts are slowly changing vulnerability trends for the better, these findings should come as no surprise given the company’s attention to security in the past: “Many of the products we designed [...] have been less secure than they could have been because we were designing with features in mind rather than security. [...] In the past we sold new applications on the strength of new features, most of which people didn’t use.” – Chief Research and Strategy Officer at Microsoft, Craig Mundie (2002).
Right now it looks like Apple users are the best when it comes to dealing with risk, a skill that should come in quite handy considering that Mac OS X was the first system to go down during the Pwn2Own hacking contest of 2011. But only time, a larger sample size and careful scrutiny may validate our observations.