Internet Science-Creating Better browser warnings Sepideh Mesbah - - PowerPoint PPT Presentation
Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Internet Science-Creating Better browser warnings Sepideh Mesbah Advisor: Dr. Heiko Niedermayer Seminar Future Internet WS1415 Agenda
Lehrstuhl Netzarchitekturen und Netzdienste
Institut für Informatik Technische Universität München
Creating better browser warnings
2
Creating better browser warnings
3
Creating better browser warnings
4
Three kinds of browser warnings:
1) Malware 2)Phishing 3)SSL
Creating better browser warnings
5
25 million warning screens
Google chrome and Firefox Find the Click Through Rate Result: More effective security warnings can be created in practice.
Creating better browser warnings
6
Ignore any way Warning only related to windows users Trust in Automation:
Not understand
Creating better browser warnings
7
Habituation False Positives Hassle
People are lazy Economic perspective
Trusting high-reputation websites
Blue visited sites Red new sites [7]
Creating better browser warnings
8
When should a browser warning be used
Creating better browser warnings
9
Creating better browser warnings
10
Creating better browser warnings
11
Interrupt users primary task Recommend a clear option If an indicator is not read by the users, then the warning should take the
Indicators must prevent habituation Draw inappropriate trust away
Creating better browser warnings
12
Describe the risk clearly Be concise and accurate Offer meaningful options Follow a consistent layout
[15]
Creating better browser warnings
13
Influence of authority
Social influence
A person tends to commit more crimes
Concrete and vague threats
Creating better browser warnings
14
500 participants Five different warnings were presented
Creating better browser warnings
15
500 users Five different warnings were presented
Creating better browser warnings
16
Reasons for ignoring warning – Trust in automation – Not understand – Hassle – False positives – High reputation websites Creating effective warnings – When should you use a warning – Active warnings – Design guidelines – Social psychological factors
Creating better browser warnings
17
[1]Akhawe, D., Felt, A. P. : Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness [2] Egelman, S., Cranor, L. F., Hong, J: You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings [3] Modic, David and Anderson, Ross J: Reading this May Harm Your Computer: The Psychology of Malware Warnings [4] Egelman, S., Schechter, S: The Importance of Being Earnest [in Security Warnings [5] Lee, J. D., See, K. A: Trust in automation: Designing for appropriate reliance [6] Krol, K., Moroz, M., Sasse, M. A: Don't work. Can't work? Why it's time to rethink security [7] Almuhimedi, Hazim, et al: Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning. [8] Herley, C: So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users [9] Murphy, K: The Role of Trust in Nurturing Compliance: A Study of Accused Tax Avoiders, Law and Human Behavior [10] Kahan, D.M: Social Inuence, Social Meaning, and Deterrence,Virginia Law Review [11] Modic, D., Lea, S. E. G : Scam Compliance and the Psychology of Persuasion [12] Bikhchandani, S., Hirshleifer, D., Welch, I : A Theory of Fads, Fashion, Custom, and Cultural Change as Informational Cascades [13] Bearden, W.O., Netemeyer, R.G., Teel, J.E : Measurement of Consumer Susceptibility to Interpersonal Inuence [14] http://fraudavengers.org/scams/ [15] Bauer, L., Bravo-Lillo, C., Cranor, L., Fragkaki, E. : Warning Design Guidelines (C. S. Laboratory,Trans) [16] Titus, R. M., Dover, A. R : Personal Fraud: The Victims and the Scams
Creating better browser warnings
18