People ignore software security warnings up to 90 percent of the time

Discussion in 'other security issues & news' started by Minimalist, Aug 17, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    http://phys.org/news/2016-08-people-software-percent.html
     
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I wonder if they appreciate the importance of promptly alerting users to security problems. Delaying the reporting of a security issue could result in additional damage being done.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Maybe prompts could be presented differently, so they wouldn't interfere with what users were doing and on the same time inform them about problem?
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,152
    Location:
    in a remote land :)
    yes i BIG HUGE RED LETTERED prompt that lock everything until they answer would be good :D
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I was thinking the same thing. And even more, the exact moment when a security warning appears is sometimes a good indicator about the security issue itself; for instance, I wouldn't want to get a warning that site X is malicious after I close it and go to site Y because that would be very misleading about the cause of the warning.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    Yes and maybe hide the Cancel button and only leave user one option :)
     
  7. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,152
    Location:
    in a remote land :)
    and if he still refuse to click "block " , a SWAT team is sent to his house :p
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    :) :) yes that will teach them :)
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Yet they still fall for fake AV ads...
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,152
    Location:
    in a remote land :)
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I didn't read anything that led me to believe that he doesn't understand UAC, you must have read another article. :D
     
  13. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I understand the points the author intended to make and while I can agree with him on those points he mentioned, I have to respectfully disagree with UAC being called useless.

    The author only makes the argument from the POV of what he sees UAC as - that is the prompts only - and expect it to be a security boundary...which as we all know by now, it is not.

    UAC encompasses more than just the prompts. Without UAC, we would still be stuck with the admin mentality developers have in XP days whereby programs run with high privileges even if they do not require it.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Yes, this is true of course. But the points that he made are valid, it's basically why so many people are skeptical about UAC. But to get back at the topic, that's why it's important to keep alerts to a minimum when trying to protect most regular users.
     
  15. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,974
    Location:
    Brasil
    It doesn't really matter that much, IMO. I've been in the business of fixing infections for around 8 years, and people don't really care about the message being presented. You can have a full-screen flashing warning with a death threat in exotic colors, and most people would still be like "meh, whatever" :p I think that's because we feel less threatened in front of a monitor.

    What really changes people's behavior is time and money. If those are hurt, they change.
     
  16. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    The problem with security warnings has less to do with timing and more to do with mere psychology. Most people hate warnings. If there's an easy way to dismiss it, people will dismiss it.

    I would rather software developers default to the safer choice to prevent access and provide a way to override. The exception would be in cases where a false positive may break a working system or cause downtime..
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,152
    Location:
    in a remote land :)
    How many times i have to repeat it...:'(:thumbd::D

    UAC is made to block elevation NOT malwares (as this writer obviously think it is, he even said it) ! if a malware doesn't require elevation , UAC will stay silent.

    UAC isn't a protection feature working as an HIPS or anti-exe that detect and block malicious/suspicious processes/executable; Smartscreen + WD does it; not UAC.
    UAC was made as a convenient feature to avoid users to logout SUA and login in as Admin to install softwares or make changes to the system; from this, some people consider it as a protection feature (because many malwares needs elevation).

    when people will understand that, they will stop bashing UAC...
     
    Last edited: Aug 20, 2016
  18. hjlbx

    hjlbx Guest

    They can just adopt Microsoft tactics and give user no choice...
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I doubt that some ever will...
     
  20. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    854
    Once cleaned a person's computer and made it much faster, removing a number of trojans/adware/spyware. They complained afterwards that they missed having to close all the popups on Windows start.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    No, I don't believe the writer thinks it's meant to block malware. He even says that the intention behind UAC is good. But he is trying to explain why most people might as well turn it off. And that is because of the fact that most people probably don't understand the purpose of the alert, will become annoyed, and as a result will blindly click on Yes/OK.
     
Loading...