Feeds

Users inundated with pop-ups

Configure me out

The Power of One eBook: Top reasons to choose HP BladeSystem

The question comes down to, "What is the best way to inform your users without overwhelming them?" If you overwhelm them, they stop paying attention, and that doesn't help anyone. Constant popups of windows, warnings, and widgets don't help the user at all, and may in fact make them far more vulnerable. In fact, at one school I know, the Technology Coordinator's advice to his teachers was "If you see a box popup on your computer, just press OK." I'm sure that will definitely reduce the number of times he gets asked about popups, at least until a computer - or his network - gets engulfed in an virus infestation. Or worse.

Debian, the venerable Linux distro, has an interesting answer to this problem, at least when it comes to installing software. When a Debian user installs a new package, a program named "debconf" steps in to help configure the software by asking questions ... sometimes a lot of complicated, pretty technical questions. But debconf is also configurable so that users with different knowledge and skill levels get asked different questions. The debconf program desribes those four levels as follows:

• 'critical' only prompts you if the system might break. Pick it if you are a newbie, or in a hurry.

• 'high' is for rather important questions

• 'medium' is for normal questions

• 'low' is for control freaks who want to see everything

It's possible for users to change which level they want, but most Debian-based distros come pre-configured out of the box with a particular level already chosen. K/Ubuntu, for instance, is set to "critical", so that users hardly ever get asked difficult questions that many couldn't answer anyway. The beauty, however, is that the system adjusts itself based on the needs of users. Are you a newbie? Then "critical" is right for you. Control freak? Go with "low." Busy, but still want to know what's going on with your box? Try "high." And so on.

So why don't we see more of this? Why doesn't Windows work this way? Or Mac OS X? Or even more aspects of Linux? When a user first logs in, why isn't she asked to assess her skill level so that the system can respond accordingly? If Debian - traditionally thought of as one of the more hard-core Linux distros, although user-friendly versions like K/Ubuntu are changing that perception - can do it, why can't Microsoft? Or Apple? Or Red Hat? Or GNOME or KDE?

When most users are constantly faced with an overwhelming series of popups, notifications, and warnings, they stop paying attention. They have to. It's just too much information for them, and too often it's so incomprehensible that it might as well be written in Arabic. Better to try and target warnings and messages to a user's needs, so that when one appears, it will be taken seriously by a user and correctly acted upon. To me, that makes a lot more sense.

And now, if you'll excuse me, I'm off to clean pickles out of my kitchen sink. Don't ask ... you wouldn't understand.

Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.

Copyright © 2005, SecurityFocus

This article was originally published at SecurityFocus.

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.