Failing the Windows Darwin Test
Heh -- from
Slashdot comes this link to a
North Carolina State University Psychology Department test and the results:
Fake popup study sadly confirms most users are idiots
For most of us, security issues happen to "other people"�we block popup ads, we carefully examine dialog boxes and, for those of us on the Mac platform, we snicker when confronted with something that attempts to mimic a Windows system warning. But everyone knows that they are exceptional�what's the behavior of a more typical user like? Some researchers have tested how college students respond to fake dialog boxes in browser popup windows and found that the students are so anxious to get the dialog out of the way, they click right through obvious warning signs.
The authors, who work in the Psychology Department of North Carolina State University, crafted a set of four fake dialog boxes. All of them contained the following warning: "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c.' The memory could not be 'read.' Click OK to terminate program." One of the warnings was indistinguishable from the standard Windows XP system dialog, but the remaining three were had a number of warning signs that should tip off users to potential malware.
And the results:
Of the 42 students, 26 clicked the OK button for the "real" dialog. But 25 clicked the same button for two of the fakes, and 23 hit OK on the third (the one with the status bar showing). Only nine of them closed the window�two fewer than had closed the real dialog. In all cases, a few of the users simply minimized the window or dragged it out of the way, presumably leaving the machine's next user at risk.
The response time, which tracked how long it took the users to perform any action, was not significantly different among the different dialogs, indicating that there wasn't even any thought expended on evaluating the fakes.
Follow-up questions revealed that the students seemed to find any dialog box a distraction from their assigned task; nearly half said that all they cared about was getting rid of these dialogs. The results suggest that a familiarity with Windows dialogs have bred a degree of contempt and that users simply don't care what the boxes say anymore.
Why am I not surprised. When I worked for an engineering company in Seattle, a senior engineer complained that his laptop was sluggish. I started examining this and found that one virus had shut down Norton (we had a company-wide license for it -- not my choice). He had several hundred processes running on XP (it should be well under 50) and I was able to clean up about 3,000 instances of malware and general crap...
It turned out that he would routinely let his grandkids 'play the free computer games' on his system when they came to visit. And this was a laptop that had confidential client data on it. Needless to say, I gave a lunchtime talk with some demonstrations and advised that people in his situation get a cheap stand-alone system for the grandkids to use.
Posted by DaveH at September 23, 2008 2:34 PM
