Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Internet Science-Creating Better browser warnings Sepideh Mesbah Advisor: Dr. Heiko Niedermayer Seminar Future Internet WS1415
Agenda • Introduction • Reasons for ignoring warning • Trust in Automation • Hassle • False positives • High reputation web site • Creating effective warning • Design Guidelines • Active warnings • Social psychological factors • Conclusion Creating better browser warnings 2
Introduction Have you ever faced a warning? Which option did you choose? Creating better browser warnings 3
Introduction Three kinds of browser warnings: 1) Malware 2)Phishing 3)SSL Creating better browser warnings 4
Research Study in May and June 2013 25 million warning screens Google chrome and Firefox Find the Click Through Rate Result: More effective security warnings can be created in practice. Creating better browser warnings 5
Reasons for turning Off browser warnings Ignore any way Warning only related to windows users Trust in Automation: Misuse Trust inappropriately Disuse Do not trust Not understand What are the words Phishing? SSL? Creating better browser warnings 6
Reasons for turning Off browser warnings Habituation False Positives Hassle People are lazy Economic perspective Trusting high-reputation websites Blue visited sites Red new sites [7] Creating better browser warnings 7
Creating effective warnings When should a browser warning be used Zone 1: Don’t bother Zone 2: Block action Zone 3: Ask user [15] Creating better browser warnings 8
Creating effective warnings- Active warnings Passive Active Creating better browser warnings 9
Creating effective warnings- Active warnings C-HIP model: 60 participants Results: Creating better browser warnings 10
Creating effective warnings- Active warnings Suggestions: Interrupt users primary task Recommend a clear option If an indicator is not read by the users, then the warning should take the recommended action Indicators must prevent habituation Draw inappropriate trust away Creating better browser warnings 11
Creating effective warnings- Warning Design Guidelines Describe the risk clearly Be concise and accurate Offer meaningful options Follow a consistent layout [15] Creating better browser warnings 12
Creating effective warnings- Social psychological factors Influence of authority - When the users trust the tax authorities They pay taxes Social influence -Fashion -If the other members of the community also comply crime A person tends to commit more crimes Concrete and vague threats -Present clear information about the negative consequences Creating better browser warnings 13
Creating effective warnings- Social psychological factors 500 participants Five different warnings were presented Control Authority Social Influence Concrete threat Vague threat Creating better browser warnings 14
Creating effective warnings- Social psychological factors 500 users Five different warnings were presented Control Authority Social Influence Concrete threat Most significant effect Vague threat Creating better browser warnings 15
Conclusion Reasons for ignoring warning – Trust in automation – Not understand – Hassle – False positives – High reputation websites Creating effective warnings – When should you use a warning – Active warnings – Design guidelines – Social psychological factors Creating better browser warnings 16
References [1]Akhawe, D., Felt, A. P. : Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness [2] Egelman, S., Cranor, L. F., Hong, J: You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings [3] Modic, David and Anderson, Ross J: Reading this May Harm Your Computer: The Psychology of Malware Warnings [4] Egelman, S., Schechter, S: The Importance of Being Earnest [in Security Warnings [5] Lee, J. D., See, K. A: Trust in automation: Designing for appropriate reliance [6] Krol, K., Moroz, M., Sasse, M. A: Don't work. Can't work? Why it's time to rethink security [7] Almuhimedi, Hazim, et al: Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning. [8] Herley, C: So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users [9] Murphy, K: The Role of Trust in Nurturing Compliance: A Study of Accused Tax Avoiders, Law and Human Behavior [10] Kahan, D.M: Social Inuence, Social Meaning, and Deterrence,Virginia Law Review [11] Modic, D., Lea, S. E. G : Scam Compliance and the Psychology of Persuasion [12] Bikhchandani, S., Hirshleifer, D., Welch, I : A Theory of Fads, Fashion, Custom, and Cultural Change as Informational Cascades [13] Bearden, W.O., Netemeyer, R.G., Teel, J.E : Measurement of Consumer Susceptibility to Interpersonal Inuence [14] http://fraudavengers.org/scams/ [15] Bauer, L., Bravo-Lillo, C., Cranor, L., Fragkaki, E. : Warning Design Guidelines (C. S. Laboratory,Trans) [16] Titus, R. M., Dover, A. R : Personal Fraud: The Victims and the Scams Creating better browser warnings 17
Thank you for your attention! Creating better browser warnings 18
Recommend
More recommend
