Feeds

Users inundated with pop-ups

Configure me out

Protecting against web application threats using SSL

The question comes down to, "What is the best way to inform your users without overwhelming them?" If you overwhelm them, they stop paying attention, and that doesn't help anyone. Constant popups of windows, warnings, and widgets don't help the user at all, and may in fact make them far more vulnerable. In fact, at one school I know, the Technology Coordinator's advice to his teachers was "If you see a box popup on your computer, just press OK." I'm sure that will definitely reduce the number of times he gets asked about popups, at least until a computer - or his network - gets engulfed in an virus infestation. Or worse.

Debian, the venerable Linux distro, has an interesting answer to this problem, at least when it comes to installing software. When a Debian user installs a new package, a program named "debconf" steps in to help configure the software by asking questions ... sometimes a lot of complicated, pretty technical questions. But debconf is also configurable so that users with different knowledge and skill levels get asked different questions. The debconf program desribes those four levels as follows:

• 'critical' only prompts you if the system might break. Pick it if you are a newbie, or in a hurry.

• 'high' is for rather important questions

• 'medium' is for normal questions

• 'low' is for control freaks who want to see everything

It's possible for users to change which level they want, but most Debian-based distros come pre-configured out of the box with a particular level already chosen. K/Ubuntu, for instance, is set to "critical", so that users hardly ever get asked difficult questions that many couldn't answer anyway. The beauty, however, is that the system adjusts itself based on the needs of users. Are you a newbie? Then "critical" is right for you. Control freak? Go with "low." Busy, but still want to know what's going on with your box? Try "high." And so on.

So why don't we see more of this? Why doesn't Windows work this way? Or Mac OS X? Or even more aspects of Linux? When a user first logs in, why isn't she asked to assess her skill level so that the system can respond accordingly? If Debian - traditionally thought of as one of the more hard-core Linux distros, although user-friendly versions like K/Ubuntu are changing that perception - can do it, why can't Microsoft? Or Apple? Or Red Hat? Or GNOME or KDE?

When most users are constantly faced with an overwhelming series of popups, notifications, and warnings, they stop paying attention. They have to. It's just too much information for them, and too often it's so incomprehensible that it might as well be written in Arabic. Better to try and target warnings and messages to a user's needs, so that when one appears, it will be taken seriously by a user and correctly acted upon. To me, that makes a lot more sense.

And now, if you'll excuse me, I'm off to clean pickles out of my kitchen sink. Don't ask ... you wouldn't understand.

Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.

Copyright © 2005, SecurityFocus

This article was originally published at SecurityFocus.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.