Print 98 comment(s) - last by SlyNine.. on Sep 26 at 9:28 PM

The new study from the North Carolina State University's Psych department shows just how dumb the average user is when it comes to computer security. The study shows users are willing to do anything, including throwing security caution to the wind, to get rid of minor annoyances.  (Source: DailyTech)
A new study is giving computer savvy users a look at the "other" users' behavior

You often wonder how users fall for seemingly obvious ploys -- you know, the letter from Makib in Ethiopia seeking for donations for an orphanage, or perhaps the most recent fake ticket emails that claim to have your ticket in a ZIP file.  To the computer savvy, these silly attempts might make for a good morning laugh, but security experts say there's nothing to laugh about when millions of naïve users fall for the scheme and their computers become part of a botnet, used to launch devastating DoS attacks.

A new study from the Psychology Department of North Carolina State University gives some insight into just how easily tricked many users are.  On compromised websites one form of malware distribution is through popup windows.  If users click to dismiss them, they often download malware onto their computers.  So just how many users would be tricked into clicking?

The researchers crafted 4 dialog boxes and exposed 42 college students to them in a normal browsing atmosphere.  Each box contained the cryptic message "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c."  The first one bore the markings of a standard Windows dialog, but the remainder had noticeable differences that should have warned users that it was malware.

In each of the dialogs putting the mouse over the "OK" button turned the cursor into a hand, a sign that it was a browser control, not a Windows dialog.  The dialogs also all had minimize and maximize buttons.  Starting with the second one, a browser status bar was added to the bottom.  Finally the last one was made blatantly obvious by text that flashed from black on a white background to white on a black background.

To properly lure the college students into the ruse, they created a series of fake medical websites in Flash.  The students were told they were going to be quizzed on the information on the sites after the test.  The popups were then activated as the students were browsing the sites.

Of the 42 college students, 26 clicked the "OK" button on the most normal looking dialog, 25 clicked on each of the more obvious fakes, and 23 clicked on the most obvious fake, the one with the flashing text.  This study should be welcome news to malware crafters -- college educated users will click obviously dangerous dialogs over 50 percent of the time.

In all only 9 users closed the dialogs.  The rest minimized them, or dragged them out of the way, risky behaviors, as the next user at the computer could be exposed to the dialog.  The time between the dialog appearing and the user clicking remained approximately constant for all the dialogs.  This seems to indicate that the users did not even think much before clicking the foreign message.

In follow up questions, over half of students said the dialog boxes were a distraction from the task at hand and they would do anything to get rid of them.  The study seems to indicate that computer exposure, with lack of understanding has bred an atmosphere where users are unsurprised by dialogs and GUIs, and care little for their contents.

While the study's authors suggested education of students to warn them of these kind of dangers, the apathy of the students towards the dialogs seems to bring the fruits of such education into question. 

The study is appearing soon in the journal Proceedings of the Human Factors and Ergonomics Society.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Fanon on 9/24/2008 8:51:09 AM , Rating: 2
It took a study to "prove" this? I knew most users were dumb after my first day in IT. They could've saved money and time by just asking IT departments.

RE: Duh
By jajig on 9/24/2008 9:00:38 AM , Rating: 5
People aren't dumb they just don't care. Just like I don't care about a strange rattle in a hire car.

RE: Duh
By nosfe on 9/24/2008 9:16:07 AM , Rating: 3
the problem is that nobody teaches basic troubleshooting at schools, only how to use the computer when its working as it should.
another problem is that when something goes wrong the first thing people tend to do is call their friends who know how to use computers, they don't bother to at least try to fix it themselves so of course they'll run for help at the slightest problem

Example: while using a partitioning program a friend of mine got an error saying that what he was trying to do wasn't supported yet in vista 64 and that he should make a recovery CD and use that. so he calls me to tell him what to do, even though I've never used that program ever; and after he managed to make a recovery CD(on his own, i convinced him to at least try and he did it without help) he called me again because he didn't know what to do with it(boot the system from the CD, which was written in the first error message, but who reads error messages?)

RE: Duh
By bharatwaja on 9/24/2008 9:32:55 AM , Rating: 3
when something goes wrong the first thing people tend to do is call their friends who know how to use computers, they don't bother to at least try to fix it themselves

So true and so annoying... I get at least 15-20 calls when I return from college everyday, from friends, asking so silly questions....

Once a friend called me up and said his computer wasn't powering up at all, and the first question I asked him was, "is your PSU switch turned on?" and he said "oops, sorry dude!"...... and I swore to god to switch off my mobile when college gets over, change my number, n give it only to ppl who absolutely need to have it (girlfriend, family, best of friends etc)..... and this was the only way to stop those annoying calls after college.....

Even the most uncommon of errors or problems can be solved by simply googling it, but ppl never even try! Damn, that's so annoying....

RE: Duh
By Hieyeck on 9/24/2008 11:03:37 AM , Rating: 4
Its amazing how experience can turn the ever-hopeful college grad into a mass of apathy. My buddy actually "I'm feeling lucky" 'ed a user.

RE: Duh
By ggordonliddy on 9/24/2008 8:07:43 PM , Rating: 2
15-20 support calls every day?! I find that very hard to believe.

Maybe 15-20 a month... maybe. Should be less than that per year.

RE: Duh
By bharatwaja on 9/25/2008 6:51:36 AM , Rating: 2
I got my friends their systems.... I built them, so whatever the hell happens, they come to me..... 15-20 a day, well not so much like you said, but I used to get atleast half a dozen annoying calls a day.....

RE: Duh
By Targon on 9/25/2008 8:55:01 AM , Rating: 1
When there are very few people in an area that have a clue about computers, they tend to track down those who do. I would not be surprised if some people get that many calls every day just to answer stupid questions. The real key is how long this will go on before the response is, 'If you want to pay me for my help, then fine, but otherwise, leave me the fuck alone!'.

RE: Duh
By LiquidIce1337 on 9/24/2008 10:41:35 AM , Rating: 2
AMEN to that. I get calls like crazy and it's all the friends that want the "free help" I don't mind doing it once or twice but when my cellphone is becoming a help hotline with question after question and walking people through it gets very frustrating. Contemplating changing my number as well.

And your right no one teaches people basic troubleshooting. They get scared when they see an error and panic. I think back ot the days when people use to believe the computer would blow up if you got a virus. My most common complaint is "my computer is slow" and it's usually a ocmputer they just bought form Bestbuy that is LOADED with all kinds of 3rd party ad's and apps that come with the customized OS. And they don't understand that you shouldn't leave your laptop on your bed (mostly girls in college have this problem)

RE: Duh
By Proxes on 9/24/2008 2:28:48 PM , Rating: 2
I'm rude and I don't care. After I started getting calls I just flat out told people: if you want me to fix your computer you need to bring it over to my place and I'll look at it. I will not walk you through figuring stuff out over the phone.

I did it all day at work and I sure as hell wasn't going to do it all night when I got home.

People don't like loading up their computer and taking it some place so it's a strong deterrent and they normally end up figuring it out on their own when they find their "easy out" isn't there anymore.

RE: Duh
By mircea on 9/24/2008 9:25:04 AM , Rating: 4
Aha, and then you ask why are you in the hospital with a bag of antivenom sticking to your your arm ;)

RE: Duh
By mdogs444 on 9/24/2008 10:02:00 AM , Rating: 5
Cmon, you have to admit that people are just flat out dumb. How many fell for the Nigerian email scam? How many actually think the government is going to give them something for nothing? How many people actually make business decisions based on what some random drunk guy in a bar tells them to do.

Yes, perhaps people really don't care, but that doesn't mean they are not truly dumb.

RE: Duh
By jajig on 9/24/2008 10:04:55 AM , Rating: 2
I like to believe people like that are in the minority.

RE: Duh
By mdogs444 on 9/24/2008 11:08:10 AM , Rating: 3
I like to believe that too, but wishful thinking won't change the world. That's why hope is not a strategy, and change is not a policy.

RE: Duh
By sgw2n5 on 9/24/2008 1:13:46 PM , Rating: 2
Staying the course works so much better... never mind the ship is headed for an iceberg.

RE: Duh
By FITCamaro on 9/24/2008 12:36:32 PM , Rating: 3
I would like to believe it too. But then I look around.

RE: Duh
By foolsgambit11 on 9/24/2008 2:34:50 PM , Rating: 2
They are in the minority. Not necessarily the vast minority, but less than 50% fall for those obvious scams. And less than 50% of these people fell for the obviously fake pop-ups.

RE: Duh
By RDC on 9/25/2008 9:34:26 AM , Rating: 2
23 of 42 that is. ;)

RE: Duh
By crleap on 9/24/2008 11:04:40 AM , Rating: 3
You hit it on the nose. They were using school computers, so who cares? This study would have been more valid if it used their own personal PC's, which may have used browsers with popup blockers, addons, who knows? Plus the fact that they care about that computer. On lab computers I was always more careless because I didn't have to face the consequences directly of clicking the wrong thing.

RE: Duh
By Oregonian2 on 9/24/2008 1:02:51 PM , Rating: 3
I agree completely. What do they care about the computer they were using? It's the IT department's (or the psych department's) business to take care of them and the software that's running on them.

Besides, if a box pops up who's to say that both "yes" and "no" both do the same thing (I recall one can have actions taken on both depending upon what's generating it)?

What the study demonstrated was excellent problem solving focus with most students not getting distracted by other issues (assuming they actually did quiz them on the material with successful results).

RE: Duh
By leexgx on 9/25/2008 12:53:46 AM , Rating: 1
if its an popup box or flash that be ture but there is still windows Box poping up asking do you want to run this virus open save close (exe program), as i know from watching alot of users thay waste alot of time closeing the x inside box's like in M$ word when thay close it thay press the inner x box first thay tend to do the same with popup box's and trigering maybe an bug in windows

i work for my self mostly doing home call outs and most of it is removeing malware off the pc some of it thats been on there for months thay just ignore it untill it realy stops them from useing the pc (some have parted money but most are not stuped to do that)

Alt+F4 or an reboot are some times the only option to get out of it (unless your useing opera in its default setup or Firefox with some plugins that may work with it)

XP malware is anoying but can be removed , Vista malware is most of the time an Full system restore as it brakes things that to not affect XP but stop things from working in vista

in vista you get at lest 2-3 warnings when in IE when the web site wants to do something that needs Admin or installing,

Problem with UAC is that Microsoft may have made the problem worse as M$ thinks users know what an UAC box is and are not even warrnred or given Any info about that User Account contol does for securty protection so thay just press ok and ignore it as "just another box" instead of checking why it poped up as in useing vista norm it should not need to come up

on vista theres not even an Wellcome to windows like we had on XP to explane whats new things are on it (not expect them to use the new help button)

RE: Duh
By afkrotch on 9/24/2008 11:38:01 AM , Rating: 2
People aren't dumb they just don't care. Just like I don't care about a strange rattle in a hire car.

That's exactly what makes them dumb. 20 miles down the road that strange rattle kills the car. Have fun.

RE: Duh
By ZoSo on 9/24/2008 12:13:46 PM , Rating: 2
The appropriate "Book(s)" for Dummies should be included and mandatory in the selling of new computers.
But then again, how many would actually read them? ,,LOL

RE: Duh
By Bonesdad on 9/24/2008 11:28:48 PM , Rating: 2
no, they're me.

RE: Duh
By myhipsi on 9/25/2008 9:25:03 AM , Rating: 2
It's not so much being dumb as it is being ignorant. Most people these days are simply ignorant. They figure there is someone else who will fix their problems, or that the problem will just magically go away. It's laziness and ignorance and it's a product of our modern compartmentalized society where people are trained like dogs to do one thing. It's like my neighbor who happens to be a doctor but can't manage to configure his home theater system. The Jack-of-all-trades kind of person is slowly dying out unfortunately.

RE: Duh
By BMFPitt on 9/24/2008 8:47:49 PM , Rating: 5
There were 4 totally unnecessary words at the end of that headline.

“So far we have not seen a single Android device that does not infringe on our patents." -- Microsoft General Counsel Brad Smith

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki