Australia's communications regulator estimates over two million internet-connected users don't keep security software updated or forgo it entirely.
The top reason cited by users not to have security software is owning a "brand of computer" that is immune to the threats, according to research by the Australian Communications and Media Authority. (pdf)
For those that have software and don't update it, some say they don't know how, others "don't have time", and about the same number indicate they just "couldn't be bothered".
The ACMA's extrapolations (pdf) are based on a nationally representative telephone survey of 1500 people by Roy Morgan Research and four focus group discussions. From the sample, 188 respondents said they didn't need software, or didn't keep it updated if they had it.
Focus group participants reported a general lack of security trust around Microsoft's desktop OS. One said they ran a dual-boot machine with Windows and Linux but did their internet banking in Linux only; others similarly said they trusted Linux more. All were listed as aged "35+".
Most computer users employed a range of methods to keep malware off their systems, including avoiding unknown links, deleting emails from unknown sources, not visiting certain websites, and keeping browsers updated.
When asked about security protections for mobile devices, only half of respondents said their devices were "protected".
This was mostly based on an understanding "that the [mobile] operating system has built-in protections", or because the user had installed security software on the mobile device.