Feeds

Users inundated with pop-ups

Configure me out

SANS - Survey on application security programs

The question comes down to, "What is the best way to inform your users without overwhelming them?" If you overwhelm them, they stop paying attention, and that doesn't help anyone. Constant popups of windows, warnings, and widgets don't help the user at all, and may in fact make them far more vulnerable. In fact, at one school I know, the Technology Coordinator's advice to his teachers was "If you see a box popup on your computer, just press OK." I'm sure that will definitely reduce the number of times he gets asked about popups, at least until a computer - or his network - gets engulfed in an virus infestation. Or worse.

Debian, the venerable Linux distro, has an interesting answer to this problem, at least when it comes to installing software. When a Debian user installs a new package, a program named "debconf" steps in to help configure the software by asking questions ... sometimes a lot of complicated, pretty technical questions. But debconf is also configurable so that users with different knowledge and skill levels get asked different questions. The debconf program desribes those four levels as follows:

• 'critical' only prompts you if the system might break. Pick it if you are a newbie, or in a hurry.

• 'high' is for rather important questions

• 'medium' is for normal questions

• 'low' is for control freaks who want to see everything

It's possible for users to change which level they want, but most Debian-based distros come pre-configured out of the box with a particular level already chosen. K/Ubuntu, for instance, is set to "critical", so that users hardly ever get asked difficult questions that many couldn't answer anyway. The beauty, however, is that the system adjusts itself based on the needs of users. Are you a newbie? Then "critical" is right for you. Control freak? Go with "low." Busy, but still want to know what's going on with your box? Try "high." And so on.

So why don't we see more of this? Why doesn't Windows work this way? Or Mac OS X? Or even more aspects of Linux? When a user first logs in, why isn't she asked to assess her skill level so that the system can respond accordingly? If Debian - traditionally thought of as one of the more hard-core Linux distros, although user-friendly versions like K/Ubuntu are changing that perception - can do it, why can't Microsoft? Or Apple? Or Red Hat? Or GNOME or KDE?

When most users are constantly faced with an overwhelming series of popups, notifications, and warnings, they stop paying attention. They have to. It's just too much information for them, and too often it's so incomprehensible that it might as well be written in Arabic. Better to try and target warnings and messages to a user's needs, so that when one appears, it will be taken seriously by a user and correctly acted upon. To me, that makes a lot more sense.

And now, if you'll excuse me, I'm off to clean pickles out of my kitchen sink. Don't ask ... you wouldn't understand.

Scott Granneman is a senior consultant for Bryan Consulting Inc. in St. Louis. He specializes in Internet Services and developing Web applications for corporate, educational, and institutional clients.

Copyright © 2005, SecurityFocus

This article was originally published at SecurityFocus.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.