This blog post is in reaction to the USENIX/Google research titled “Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.”
https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe
The overarching questions I have are:
1) how and when should the notifications be displayed to users and
2) how should the notifications be written
For additional commentary on how Google Chrome is reacting to the findings from the research, see the WeLiveSecurity post Google Chrome security warnings – now in plain English.
It would be interesting to see the results of clickthrough rates with antivirus dialogs when combined with the browser dialogs. Users don’t purchase/use a web browser to have dialog warnings as a primary feature, but an argument can be made that by purchasing antivirus these users prefer an extra layer of security and additional warnings/notifications – this could inform whether this will impact if those users visit more malicious sites. As the study indicated as a limitation, we need to “consider user behaviors that are indicative of attention to warnings” (258). Continue reading