Study Shows Average User Is Pretty Stupid When It Comes to Popups
September 24, 2008 8:15 AM
comment(s) - last by
The new study from the North Carolina State University's Psych department shows just how dumb the average user is when it comes to computer security. The study shows users are willing to do anything, including throwing security caution to the wind, to get rid of minor annoyances.
A new study is giving computer savvy users a look at the "other" users' behavior
You often wonder how users fall for seemingly obvious ploys -- you know, the letter from Makib in Ethiopia seeking for donations for an orphanage, or perhaps the most recent
fake ticket emails that claim to have your ticket in a ZIP file
. To the computer savvy, these silly attempts might make for a good morning laugh, but security experts say there's nothing to laugh about when millions of naïve users fall for the scheme and their computers become part of a botnet, used to
launch devastating DoS attacks
A new study from the Psychology Department of North Carolina State University gives some insight into just how
easily tricked many users are
. On compromised websites one form of malware distribution is through popup windows. If users click to dismiss them, they often download malware onto their computers. So just how many users would be tricked into clicking?
The researchers crafted 4 dialog boxes and exposed 42 college students to them in a normal browsing atmosphere. Each box contained the cryptic message "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c." The first one bore the markings of a standard Windows dialog, but the remainder had noticeable differences that should have warned users that it was malware.
In each of the dialogs putting the mouse over the "OK" button turned the cursor into a hand, a sign that it was a browser control, not a Windows dialog. The dialogs also all had minimize and maximize buttons. Starting with the second one, a browser status bar was added to the bottom. Finally the last one was made blatantly obvious by text that flashed from black on a white background to white on a black background.
To properly lure the college students into the ruse, they created a series of fake medical websites in Flash. The students were told they were going to be quizzed on the information on the sites after the test. The popups were then activated as the students were browsing the sites.
Of the 42 college students, 26 clicked the "OK" button on the most normal looking dialog, 25 clicked on each of the more obvious fakes, and 23 clicked on the most obvious fake, the one with the flashing text. This study should be welcome news to malware crafters -- college educated users will click obviously dangerous dialogs over 50 percent of the time.
In all only 9 users closed the dialogs. The rest minimized them, or dragged them out of the way, risky behaviors, as the next user at the computer could be exposed to the dialog. The time between the dialog appearing and the user clicking remained approximately constant for all the dialogs. This seems to indicate that the users did not even think much before clicking the foreign message.
In follow up questions, over half of students said the dialog boxes were a distraction from the task at hand and they would do anything to get rid of them. The study seems to indicate that computer exposure, with lack of understanding has bred an atmosphere where users are unsurprised by dialogs and GUIs, and care little for their contents.
While the study's authors suggested education of students to warn them of these kind of dangers, the apathy of the students towards the dialogs seems to bring the fruits of such education into question.
The study is appearing soon in the journal
Proceedings of the Human Factors and Ergonomics Society.
This article is over a month old, voting and posting comments is disabled
9/24/2008 11:04:40 AM
You hit it on the nose. They were using school computers, so who cares? This study would have been more valid if it used their own personal PC's, which may have used browsers with popup blockers, addons, who knows? Plus the fact that they care about that computer. On lab computers I was always more careless because I didn't have to face the consequences directly of clicking the wrong thing.
9/24/2008 1:02:51 PM
I agree completely. What do they care about the computer they were using? It's the IT department's (or the psych department's) business to take care of them and the software that's running on them.
Besides, if a box pops up who's to say that both "yes" and "no" both do the same thing (I recall one can have actions taken on both depending upon what's generating it)?
What the study demonstrated was excellent problem solving focus with most students not getting distracted by other issues (assuming they actually did quiz them on the material with successful results).
9/25/2008 12:53:46 AM
if its an popup box or flash that be ture but there is still windows Box poping up asking do you want to run this virus open save close (exe program), as i know from watching alot of users thay waste alot of time closeing the x inside box's like in M$ word when thay close it thay press the inner x box first thay tend to do the same with popup box's and trigering maybe an bug in windows
i work for my self mostly doing home call outs and most of it is removeing malware off the pc some of it thats been on there for months thay just ignore it untill it realy stops them from useing the pc (some have parted money but most are not stuped to do that)
Alt+F4 or an reboot are some times the only option to get out of it (unless your useing opera in its default setup or Firefox with some plugins that may work with it)
XP malware is anoying but can be removed , Vista malware is most of the time an Full system restore as it brakes things that to not affect XP but stop things from working in vista
in vista you get at lest 2-3 warnings when in IE when the web site wants to do something that needs Admin or installing,
Problem with UAC is that Microsoft may have made the problem worse as M$ thinks users know what an UAC box is and are not even warrnred or given Any info about that User Account contol does for securty protection so thay just press ok and ignore it as "just another box" instead of checking why it poped up as in useing vista norm it should not need to come up
on vista theres not even an Wellcome to windows like we had on XP to explane whats new things are on it (not expect them to use the new help button)
"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home
Hackers Inject Trojans Into Computers with Airline Ticket Scam
September 22, 2008, 10:11 AM
CNN.com Repels Hacker Attack After Coverage On Tibet
April 21, 2008, 9:55 AM
Chris Poole Retires From Role as 4Chan After a Decade of Success, Struggles
January 23, 2015, 1:45 PM
Study Shows People are Dumb as Ever With Passwords, Still Using "123456"
January 20, 2015, 3:19 PM
Site for "Glitter as a Service" Mail Pranks, ShipYourEnemiesGlitter, Launches
January 13, 2015, 2:22 PM
OS X Yosemite Compromises Security by Retrieving Embedded Email Images
January 13, 2015, 11:30 AM
ISIS JIhadi From NZ Accidentally Shares Location on Twitter, Outs Cohorts in Selfie
January 3, 2015, 11:35 PM
Amazon's Kindle Fire HDX 8.9 Drops to $299 (30 Percent Off) for a Day
December 22, 2014, 10:57 AM
Most Popular Articles
Microsoft Shows Off Latest Windows 10 Build, Preps it for Next Week Release
January 21, 2015, 2:57 PM
Under the Hood: How DirectX 11.3 and 12 Will Supercharge Windows 10 Gaming
January 23, 2015, 12:34 PM
IDC: 2014 Sales Show PC Isn't Dead, But Desktop May be Dying
January 19, 2015, 1:50 PM
Police are Using New Handheld Radar Sensors to Peer Into Houses w/out Warrant
January 20, 2015, 1:35 PM
Report: HTC One M9 (2015) is Tied to Under Armour-Powered HTC Smartwatch
January 19, 2015, 11:10 AM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information