Feeds

Users inundated with pop-ups

Configure me out

SANS - Survey on application security programs

On the other extreme, you have those that believe that the user should be in charge at all times, and that it's the user's responsibility to learn how to use his or her own damn computer. The user should know how to set up her firewall, should make her own decision about what to do if a virus is found, and should be able to find out and remove any unnecessary programs that are loading on system startup.

Both of those extremes are pretty unrealistic, and it seems that most of the three major operating systems in use today - Windows, Mac OS, and Linux - come down somewhere in the middle. Oh, sure, different items in each OS will lean a bit closer towards one extreme than the other, but overall they take a middle path: notify the user as to what's going on most of the time, and let him make a choice, but phrase things in a simplified manner so even those without strong technical knowledge can participate in the decision-making process.

But that way too leads to problems, the kind of problem discovered by Professor of Psychology Robert Provine. Provine studies laughter, and determined that when people hear the sound of laughter, they laugh too. However, this reaction doesn't last forever. The more they heard, the less likely they were to laugh in return, and after the tenth clip of laughter, many were grimacing.

Now, think about how most operating systems deal currently with notifying the user. Windows Defender (the new name for the anti-spyware software Microsoft bought) leaves a window open after it finishes running. The Windows Firewall pops up a notice from the System Tray every time new software is installed that wants to open when you boot Windows, or whenever a new program tries to accept connections from outside your machine. Virtually every firewall product for Windows does the same thing. If Auto Update is set in Windows, a user may notice a little popup appear - again near the System Tray - informing him that new downloads have been installed on his computer. In fact, that little popup makes its first appearance right after a user boots her new Windows XP machine for the first time, when she's asked if she wants to create a Passport account.

The worst offender when it comes to creating a flurry of popup warnings, though, is undoubtedly Internet Explorer. Enter your password on a site? IE offers to remember it for you, with a popup. Hit a site whose certificate isn't up to date? IE warns you, with a popup. Go from an HTTP site to an HTTPS one? IE warns you, with a popup. Leave that HTTPS site for an HTTP one instead? IE warns you, with a popup. Popups everywhere!

Yes, I know that you could change your settings to disable most of these warnings. But will Joe Average User do that? Of course not. And I know that you can check boxes on those popups informing IE that you don't wish to be informed all the time. But you know what? I've taught classes in computer labs for years, and I'll walk around and gape in astonishment as I see my students press OK on those boxes - over and over and over and over again - and never once check the box that would banish those popups forever. They simply don't read the warning text; instead, they click on the OK button as fast as possible to close the box, ignoring the fact that the box may open back up in just a minute or two again.

IE's not the only browser that displays popups to the user. Firefox does this as well, but (unsurprisingly) it's a lot smarter about it. IE's default is to show the warning every single time, unless the user explicity tells it not to; Firefox shows the user the warning the first time, but the checkbox is to turn on the constant warnings, the exact opposite of IE's, which is to turn off the warnings. Since users don't read the box anyway, they press OK, and they never see another warning about entering HTTPS sites again.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.