backtop


Print 98 comment(s) - last by SlyNine.. on Sep 26 at 9:28 PM


The new study from the North Carolina State University's Psych department shows just how dumb the average user is when it comes to computer security. The study shows users are willing to do anything, including throwing security caution to the wind, to get rid of minor annoyances.  (Source: DailyTech)
A new study is giving computer savvy users a look at the "other" users' behavior

You often wonder how users fall for seemingly obvious ploys -- you know, the letter from Makib in Ethiopia seeking for donations for an orphanage, or perhaps the most recent fake ticket emails that claim to have your ticket in a ZIP file.  To the computer savvy, these silly attempts might make for a good morning laugh, but security experts say there's nothing to laugh about when millions of naïve users fall for the scheme and their computers become part of a botnet, used to launch devastating DoS attacks.

A new study from the Psychology Department of North Carolina State University gives some insight into just how easily tricked many users are.  On compromised websites one form of malware distribution is through popup windows.  If users click to dismiss them, they often download malware onto their computers.  So just how many users would be tricked into clicking?

The researchers crafted 4 dialog boxes and exposed 42 college students to them in a normal browsing atmosphere.  Each box contained the cryptic message "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c."  The first one bore the markings of a standard Windows dialog, but the remainder had noticeable differences that should have warned users that it was malware.

In each of the dialogs putting the mouse over the "OK" button turned the cursor into a hand, a sign that it was a browser control, not a Windows dialog.  The dialogs also all had minimize and maximize buttons.  Starting with the second one, a browser status bar was added to the bottom.  Finally the last one was made blatantly obvious by text that flashed from black on a white background to white on a black background.

To properly lure the college students into the ruse, they created a series of fake medical websites in Flash.  The students were told they were going to be quizzed on the information on the sites after the test.  The popups were then activated as the students were browsing the sites.

Of the 42 college students, 26 clicked the "OK" button on the most normal looking dialog, 25 clicked on each of the more obvious fakes, and 23 clicked on the most obvious fake, the one with the flashing text.  This study should be welcome news to malware crafters -- college educated users will click obviously dangerous dialogs over 50 percent of the time.

In all only 9 users closed the dialogs.  The rest minimized them, or dragged them out of the way, risky behaviors, as the next user at the computer could be exposed to the dialog.  The time between the dialog appearing and the user clicking remained approximately constant for all the dialogs.  This seems to indicate that the users did not even think much before clicking the foreign message.

In follow up questions, over half of students said the dialog boxes were a distraction from the task at hand and they would do anything to get rid of them.  The study seems to indicate that computer exposure, with lack of understanding has bred an atmosphere where users are unsurprised by dialogs and GUIs, and care little for their contents.

While the study's authors suggested education of students to warn them of these kind of dangers, the apathy of the students towards the dialogs seems to bring the fruits of such education into question. 

The study is appearing soon in the journal Proceedings of the Human Factors and Ergonomics Society.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Another Fine Example Of Journalism
By UppityMatt on 9/24/2008 8:24:15 AM , Rating: 1
To the computer savvy, these silly attempts might make for a good morning laugh, but security experts say there's nothing to laugh about when millions of naieve users fall for the scheme and their computers become part of a botnet, used to launch devastating DoS attacks.

Do you use wordpad to type these up? I believe the word is Naive.




RE: Another Fine Example Of Journalism
By JasonMick (blog) on 9/24/2008 8:31:50 AM , Rating: 5
Actually its naïve.

How could could you forget the umlaut? Tsk tsk, says the spelling police.


By UppityMatt on 9/24/2008 8:55:11 AM , Rating: 5
So why did you catch it after the fact =)


By Spivonious on 9/24/2008 11:46:05 AM , Rating: 2
Actually it can be naive or naïve. Never naieve.


By gamerk2 on 9/24/2008 8:39:01 AM , Rating: 2
Proving why people need a decent popup blocker, like stopzilla or something simmilar. In 5 years, stopzilla has caught EVERYTHING that comes my why (it blocks chrone, last I saw :D ).


RE: Another Fine Example Of Journalism
By thehat2k5 on 9/24/2008 9:32:03 AM , Rating: 5
You spelling bee guys are really starting to piss me off. Go back to grade school where your spelling skills will be rewarded. What, are u tu smrt for that college boy?
I expect to go through comments and browse through an interesting dialoque in regards to the subject. Instead I get this useless whining about spelling and grammar mistakes. I bet it is you who click on these oh so obvious popups that are the subject of this article...
I am used to reading such errors in the National Post, so why should I give a hoot if an online news source makes a few mistakes with no 6 figure a year editor on staff to hit SPELLCHECK?


By retrospooty on 9/24/2008 9:36:26 AM , Rating: 1
+1

totally agreed Its really annoying.


RE: Another Fine Example Of Journalism
By spuddyt on 9/24/2008 11:37:24 AM , Rating: 5
so wuld u lk it if ppl spk lk ths? Although I agree that something as anal as naieve (which is actually the recognised spelling, assuming that you cannot do umlauts) is rather unnecesary - but still a certain level of spelling must be maintained...


By BladeVenom on 9/24/2008 12:19:24 PM , Rating: 5
This is a tech site; he should be using a spellchecker.


RE: Another Fine Example Of Journalism
By johnadams on 9/24/2008 12:50:00 PM , Rating: 3
Its about professionalism.


RE: Another Fine Example Of Journalism
By gamerk2 on 9/24/2008 4:08:24 PM , Rating: 2
You'd be surpised how many people on the internet DONT speak english as their first language...


By PhoenixKnight on 9/25/2008 9:23:33 PM , Rating: 2
True, but if you're a professional journalist posting an article online and English isn't your first language, how hard is it to have an editor who is a native English speaker proof-read it for you?


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki