Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43440
  • Total Topics: 16532
  • Online today: 3045
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3042
Total: 3044









Author Topic: Study by Berkeley University: "PC users love browsers warnings !?"  (Read 2206 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Security warnings displayed by Web browsers are far more effective at deterring risky Internet behavior than was previously believed, according to a new study.

The study looked at how users reacted to warnings displayed by Mozilla’s Firefox and Google’s Chrome browsers, which warn of phishing attempts, malware attacks and invalid SSL (Secure Sockets Layer) certificates.

It was widely thought that most users ignored the warnings, based on several studies released between 2002 and 2009. However, in the past four years, browser warnings have been redesigned, but the effect of the new designs on users had not been studied.

For example, toolbars that warned of possible phishing attacks have been replaced with full-page warnings that may have influenced people’s behavior, the researchers who conducted the study wrote.

More than 25 million warning impressions displayed by Chrome and Firefox in May and June were analyzed. The data was collected from telemetry programs used by Mozilla and Google, which collect what the researchers term ‘pseudonymous’ data from the browsers of consenting users.

In the case of both browsers, less than 25 percent of users opted to bypass malware and phishing warnings, and only a third of users cruised through the SSL warnings displayed by Firefox.

“This demonstrates that security warnings can be effective in practice; security experts and system architects should not dismiss the goal of communicating security information to end users,” according to the paper, which was submitted to the Usenix Annual Technical Conference 2013 in San Jose, California, late last month.

The analysis uncovered other interesting details. It appears that more technical users bypassed security warnings more often. The researchers considered technical users as those who used Linux and pre-release browsers.

“Technically advanced users might feel more confident in the security of their computers, be more curious about blocked websites or feel patronized by warnings,” the paper said.

Despite the positive influence of the warnings, the researchers found users clicked through more than 70 percent of Google’s SSL warnings. By contrast, Firefox users clicked through them just 33 percent of the time.

There are a few thoughts why Chrome’s SSL click-through rate is higher. Users can bypass Chrome’s warning with a single click, whereas Firefox requires three clicks. Firefox displays a more stern warning, showing an image of a policeman and using the word “untrusted” to describe the site.

There may also be other mitigating factors, the researchers said. Nevertheless, Chrome’s high SSL click-through rate “is undesirable,” they wrote. “Our positive findings for the other warnings demonstrate that this warning has the potential for improvement.”

The study was written by Devdatta Akhawe of the University of California, Berkeley, and Adrienne Porter Felt, a research scientist at Google.

(PCW)

Download Study (PDF): http://www.cs.berkeley.edu/~devdatta/papers/alice-in-warningland.pdf

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023