Alert! Study finds Internet users heed browser warnings
Warnings are better designed now, which has led to users paying more attention
IDG News Service - Security warnings displayed by Web browsers are far more effective at deterring risky Internet behavior than was previously believed, according to a new study.
The study looked at how users reacted to warnings displayed by Mozilla's Firefox and Google's Chrome browsers, which warn of phishing attempts, malware attacks and invalid SSL (Secure Sockets Layer) certificates.
It was widely thought that most users ignored the warnings, based on several studies released between 2002 and 2009. However, in the past four years, browser warnings have been redesigned, but the effect of the new designs on users had not been studied.
For example, toolbars that warned of possible phishing attacks have been replaced with full-page warnings that may have influenced people's behavior, the researchers who conducted the study wrote.
More than 25 million warning impressions displayed by Chrome and Firefox in May and June were analyzed. The data was collected from telemetry programs used by Mozilla and Google, which collect what the researchers term 'pseudonymous' data from the browsers of consenting users.
In the case of both browsers, less than 25 percent of users opted to bypass malware and phishing warnings, and only a third of users cruised through the SSL warnings displayed by Firefox.
"This demonstrates that security warnings can be effective in practice; security experts and system architects should not dismiss the goal of communicating security information to end users," according to the paper, which was submitted to the Usenix Annual Technical Conference 2013 in San Jose, California, late last month.
The analysis uncovered other interesting details. It appears that more technical users bypassed security warnings more often. The researchers considered technical users as those who used Linux and pre-release browsers.
"Technically advanced users might feel more confident in the security of their computers, be more curious about blocked websites or feel patronized by warnings," the paper said.
Despite the positive influence of the warnings, the researchers found users clicked through more than 70 percent of Google's SSL warnings. By contrast, Firefox users clicked through them just 33 percent of the time.
There are a few thoughts why Chrome's SSL click-through rate is higher. Users can bypass Chrome's warning with a single click, whereas Firefox requires three clicks. Firefox displays a more stern warning, showing an image of a policeman and using the word "untrusted" to describe the site.
There may also be other mitigating factors, the researchers said. Nevertheless, Chrome's high SSL click-through rate "is undesirable," they wrote. "Our positive findings for the other warnings demonstrate that this warning has the potential for improvement."
The study was written by Devdatta Akhawe of the University of California, Berkeley, and Adrienne Porter Felt, a research scientist at Google.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- Omnichannel: From Buzzword to Strategy Customers demand a seamless experience across channels, especially mobile. Read this whitepaper for a research-based framework for using omnichannel for higher customer engagement.
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- 10GbE in the Data Center Improvements in 10GbE technology, lower pricing, and improved performance make 10GbE for the mid-market a viable and cost-effective strategy. This white paper discusses...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cyberwarfare White Papers | Webcasts