Alert! Study finds Internet users heed browser warnings
Warnings are better designed now, which has led to users paying more attention
IDG News Service - Security warnings displayed by Web browsers are far more effective at deterring risky Internet behavior than was previously believed, according to a new study.
The study looked at how users reacted to warnings displayed by Mozilla's Firefox and Google's Chrome browsers, which warn of phishing attempts, malware attacks and invalid SSL (Secure Sockets Layer) certificates.
It was widely thought that most users ignored the warnings, based on several studies released between 2002 and 2009. However, in the past four years, browser warnings have been redesigned, but the effect of the new designs on users had not been studied.
For example, toolbars that warned of possible phishing attacks have been replaced with full-page warnings that may have influenced people's behavior, the researchers who conducted the study wrote.
More than 25 million warning impressions displayed by Chrome and Firefox in May and June were analyzed. The data was collected from telemetry programs used by Mozilla and Google, which collect what the researchers term 'pseudonymous' data from the browsers of consenting users.
In the case of both browsers, less than 25 percent of users opted to bypass malware and phishing warnings, and only a third of users cruised through the SSL warnings displayed by Firefox.
"This demonstrates that security warnings can be effective in practice; security experts and system architects should not dismiss the goal of communicating security information to end users," according to the paper, which was submitted to the Usenix Annual Technical Conference 2013 in San Jose, California, late last month.
The analysis uncovered other interesting details. It appears that more technical users bypassed security warnings more often. The researchers considered technical users as those who used Linux and pre-release browsers.
"Technically advanced users might feel more confident in the security of their computers, be more curious about blocked websites or feel patronized by warnings," the paper said.
Despite the positive influence of the warnings, the researchers found users clicked through more than 70 percent of Google's SSL warnings. By contrast, Firefox users clicked through them just 33 percent of the time.
There are a few thoughts why Chrome's SSL click-through rate is higher. Users can bypass Chrome's warning with a single click, whereas Firefox requires three clicks. Firefox displays a more stern warning, showing an image of a policeman and using the word "untrusted" to describe the site.
There may also be other mitigating factors, the researchers said. Nevertheless, Chrome's high SSL click-through rate "is undesirable," they wrote. "Our positive findings for the other warnings demonstrate that this warning has the potential for improvement."
The study was written by Devdatta Akhawe of the University of California, Berkeley, and Adrienne Porter Felt, a research scientist at Google.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cyberwarfare White Papers | Webcasts