Slashdot Mirror
Popup Study Confirms Most Users Are Idiots
danieltdp writes "Testing students at a University, psychologists made many of them click on a dialog box that in effect said: 'You are about to install some malware. Malware is bad. By clicking yes you are failing the Windows Darwin Test.' Nearly half of them said all they cared about was getting rid of these dialogs."
Summary is under ENTERTAINMENT. Tag says HUMOR. If it had been accurately reporting on the study, it would have been under SCIENCE. Read all the words.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Quit bugging me. Much more work needs to be done to eliminate "Are you sure?" requests. Working undo is always better than asking the user and making him regret the answer seconds later.
Study determines that people ignore dire warnings after experiencing that they're virtually always overstating and end up disregarding them as an annoyance.
Same general psychological area as the boy who cried wolf.
And more interestingly, the study says that most users are in fact *not* idiots, but that a distressingly high percentage (almost half) are.
Not that I have any objections towards a happy pattern of contempt toward everyone, but I prefer my contempt be fact based - {G}.
Pug
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
This was not surprising and I don't place all the blame on the users.
There's a similar situation with semi experienced administrators. They may configure logging and monitoring on a system. Being security paranoid, they set the log level fairly low so they end up getting lots of alerts.
Somewhere along the line, however, the administrator stops paying as much attention. Maybe a CPU alert hits 100% every night. Then one day someone in Finance runs a half-assed join across a gateway and brings down a DB. The admin gets the alert but has gotten so used to them that it was ignored. This is worse than if he'd never gotten the alert at all.
The alerts that OSes put up (Vista, for example) and the host of browser and AV and IDE warnings get useless after a while. The system should do this transparently and not rely on the user to be the MAC layer.
There is plenty to drink about these days...
Money is the root of all evil?
I don't think this says as much about the users as it does the usability of our computers.
Computers are commodity items now, the days where nerds interested in technical details were the primary demographic are long gone. People just want to do their job and move on with life, they don't care about memory registers or malware they just want to not be interrupted.
It really illustrates how dialog boxes as a warning system are a flawed mechanic, we got this fancy computer with a fancy operating system, why can't it figure out the right thing to do when an application tries to access memory it's not supposed to?
Guess my point is if we put as much effort into error handling and/or malware detection as we do our whiz-bang graphics, it might not even be a problem anymore.
This was my thought too. Study participants were asked to give their opinion on a web site. If they close the offending window, they'd be unable to give their opinion on that website. If they just clicked through, they stand a chance of getting to the web site, and whatever happens to that terminal is none of their business. So these 'idiot' users were just following instructions.
Give me Classic Slashdot or give me death!
The attitude that users who do something wrong are idiots is a large part of why computers, operating systems and applications are generally pretty shit. They're made by and for geeks, not normal people. If 1% of your users do the wrong thing they may well be idiots. If 50% of your users are doing the wrong thing, you are the idiot for designing your software so badly half the population can't use it.
(I mean "you" in the general sense, not the parent specifically)
Chernobyl 'not a wildlife haven' - BBC News
And frankly they shouldn't have to be. I have no idea why developers seem to think they should/are. Fail safe and log it so someone who does understand what's happening can make an alternative choice.
Deleted
It isn't just Windows either. Apps in Gnome, KDE and OpenOffice also open up stupid dialogs.
It is unreasonable to consider training users to be driven by popups. What would make more sense is for programmers to design their pop up use better so that it is more meaningful for the user.
Engineering is the art of compromise.
"Testing students at a University, psychologists
Like most psychological studies, it takes a small sample of american students and extrapolates the entire world's behaviour from that.
No wonder the "science" is so bad
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I don't really get why clicking OK on something that vaguely looks like a system error is a problem. If it is a script running inside a web browser, the script cannot do anything that it wouldn't be able to do without the script. If it is already a process running inside the OS, it means that you are already in trouble because it could also erase files or install programs without you clicking OK.
It would be more beneficial to malware if they could make a REAL Windows dialog ("Install new software, Allow?") look like a harmless message ("Print job finished."), but that would be pretty tough to do.
Avantslash: low-bandwidth mobile slashdot.
Education is definitely not enough because people just don't care. They want to do what they want to do and the computer should magically understand that and play along. There's little respect for the complexity of general purpose computers and any possible learning curve needed to use them properly.
My wife has occasionally complained that her computer was acting "strange". After hearing the symptoms I've often asked, "Did any messages appear?". "Yes." "Well what did it say?" "I don't know. I just clicked OK." She simply doesn't care enough to deal with an issue when she's trying to browse a web site or send an email.
My favorite was the time she complained my laptop must be broken because it turned itself off. I got nervous thinking it was broken. I asked if a message had popped up before it turned off. She said no, then thought about it and remembered something popped up a few minutes earlier. She couldn't remember what it said. I told her it said to plug it in or it would turn itself off. Her response: "Oops".
Developers: We can use your help.
Computers are not for everybody!
Actually it may be that the study found that "college students don't care what happens to some researcher's computer and get annoyed when the researcher has obvious spy ware on their comptuer's". After all, they had these folks come in to do research: they didn't have them run this stuff on the student's own computers. If I had a dialog like this on some computer in some silly study - I wouldn't care what the heck I clicked.
One thing worth noting is whether the students were using their own computers or computers on loan from the department. It's worth noting because most people care what happens to their own personal systems (because they're the ones who will be stuck fixing them) but care less if a school computer is infected for instance.
I'm not sure if this makes them idiots or just uncaring, either way it could be relevant.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
The attitude that users who do something wrong are idiots is a large part of why computers, operating systems and applications are generally pretty shit.
I enthusiastically agree. Over the last few years, I've had the "pleasure" of working with applications specific to healthcare and insurance industries. Overall, they're definitely shit.
I have to give Apple some credit here: activities requiring kernel access (or, for that matter, most anything that has a substantial potential for causing a security breach) are preceeded by a very friendly, clear message AND a requirement to enter a password before continuing.
The advantages here are clear:
1) The user actually gets honest-to-god informed about the effects of something they might agree to next and
2) Is slowed down (briefly) to ponder their action as they type in their password.
We can blame the user all we want, but anyone cognizant of human factors and ergonomic design knows that this is a paltry response...
Working in support, I have seen so many times where if an unfamiliar dialog box pops up, people either click on the option they are used to clicking on, or call support without even reading the message on the dialog box. It is like they are unable to physically see the contents of the dialog anymore, it has been beaten out of them. Often all I have to do is make them read me the dialog over the phone, which makes them process the info mentally, and they know which button they need to press then, having actually read and comprehended what was asked.
It is a very interesting problem, I think the solution is to make the buttons themselves say what they do, rather than clicking Ok or Cancel, have the button say "Exit crashed program", or "Install new program" or what have you. Always being OK or Cancel conditions people to just blindly click.
I see a lot of people jumping to conclusions about how this is the fault of programmers for using the dialog box too much, etc, etc, etc. I call BS. If you write software for people who are computer illiterate (which happens a lot in my field. i write software for veterinarians), they'll click on anything and do everything, no matter the consequences. A simple "undo" isn't enough. They need to understand what they just did. If a popup don't pop up and say "you're about to delete something" they won't even know they deleted it until its too late (closing program, etc). You can't keep an infinite list of "undos" either. So, you're left to assume one of two things. 1) The person has read instructions, understands what they're doing, and understands they're responsible for breaking it OR 2) They haven't read any instructions, will click on what they think makes sense and when they break it, they call support, bitch and moan, taking up valuable time. Maybe in a bigger company, thats acceptable, however, *I* do both the programming AND support as we're a company of about 5 people. I can't be dealing with people who are idiots. I challenge anyone to make something thats completely foolproof without popups AND thats still aesthetically pleasing to look at AND easy to use.
Maybe people should just realize they're using delicate instruments and should treat them as such. These aren't toys, but systems that cost hundreds, sometimes thousands of dollars to build. Its not the programmers' fault. Its the user's. If the user refuses to educate himself to not be a fool, there's really no way to try and make something foolproof.
She couldn't remember what it said. I told her it said to plug it in or it would turn itself off. Her response: "Oops".
And you decided to spend the rest of your life with this woman, and mingle your genes with hers, and have her raise your children????
My wife is far from a technophile, but she's smart enough to know that pop-up windows transmit important information, and need to be answered correctly. (So, she calls me, and asks what to do.)
"I don't know, therefore Aliens" Wafflebox1
Computers are not for everybody!
Amen, brother.
"I don't know, therefore Aliens" Wafflebox1
If the tools aren't working well for people then the design of the tool is wrong.
If you build a ATM (cash dispenser) that spits out the money before it returns the card then you'll find that a not insignificant number of people leave the machine without retrieving their card. In their brains the task they are doing (getting money) is complete so they walk away.
Thus cash machines return the card first and then give you your money.
You have to design things to work the way real people work. Calling people idiots is just a cop out.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
That kind of personality quirk is not necessarily a sign of genetic stupidity. It's just a sign of extreme disinterest.
There are people who treat their cars more or less the same way: they are not the least bit interested in what is going on, literally, "under the hood". Warning lights? Pffff. Unless it stops the car, interrupting their life, they don't give a crap.
Car dealers love them.
And frankly, while such people can be annoying, I find them infinitely preferable to type that treats people like inanimate objects.
Microsoft has trained people to click "OK", "Open", "Run", "Install", "Continue", or whatever button (wherever it is) that gets you past the idiot box.
Apple had until recently avoided this mistake. NOT (as some people have said) by making the buttons more meaningful, but by simply NOT trying to use warning dialogs in place of good design.
For example, Mac OS doesn't ask you if you want to move a file to the trash, and it doesn't ask you if you want to empty the trash, because these are common actions, and the dialog box becomes something you reflexively accept.
Recently, as I say, Apple has started to deviate from the path of virtue. I've caught my Mac in bed with promiscuous dialogs on many occasions.
But by comparison with Windows (particularly Vista)... my Mac's still pretty much a dialog virgin. Really.
I've been fighting that for decades.
If you users can't use it, it fails.
If your user doesn't understand it, it fail's.
If you complain that your users are idiots, you fail.
The Kruger Dunning explains most post on
This is an unmodified screen capture of an actual Windows dialogue box. I have no idea what program triggered it.
http://i246.photobucket.com/albums/gg109/splorpdotorg/whatwouldyoudo.jpg
(I left it onscreen until I rebooted -to be fair, this was Windows 98SE).
Please don't humanize the morons around me. It makes me very uncomfortable.
And frankly, while such people can be annoying, I find them infinitely preferable to type that treats people like inanimate objects.
I don't prefer either. And the two personality types are not mutually exclusive.
"I don't know, therefore Aliens" Wafflebox1
> In short, in two or three generations when all the people who don't know basic computer
> security and operation have died, and not being able to spot a phishing scam will be
> looked upon much the same way that being illiterate is now, then the problem will have
> fixed itself.
It would appear that you believe that all of those who "grew up with computers" know basic computer security and operation. This is just as true as it is that all of those who "grew up with books" are able to read and understand James Joyce.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
To the late great Carlin.
Think of how dumb the average person is, and realize half of them are dumber than that
Everytime I think about that I laugh...and die a little inside.
What's funny, or sad depending on how you look at it, is that half of the people aren't dumber than the average person. It's not the average where half are under and half over, the median is the point where half are over and half under.
Falcon
Should there be a Law?
The "read" version is definitely more common, though, for some reason.
Most computers spend more time reading than writing. I know this is insanely simple, but that is why you see more read errors.
Tequila: It's not just for breakfast anymore!
"Education is definitely not enough because people just don't care. They want to do what they want to do and the computer should magically understand that and play along. There's little respect for the complexity of general purpose computers and any possible learning curve needed to use them properly."
There is absolutely nothing wrong with this expectation.
Until you have internalized this, you won't be able to design great software.
If this is the dialog in question, then I think even I would have clicked 'Ok', and I'm paranoid as all get out. (Which is why I use Firefox so perhaps I'm not so familiar with IE look and feel).
I mean it's not like you have a lot of options is it? Crash out of IE? And just looking at the still image, other than the minimise/maximise controls, there's nothing that screams 'malware' to me. Even the presence of the maximise controls doesn't immediately grab me, because Microsoft changes GUI schemes and widget sets so often (Office 2007, ahem) that it's really hard to tell what a 'typical' dialog should or shouldn't look like.
Isn't the real question: if you're always only ever ONE 'OK' BUTTON CLICK from hosing your computer and giving up all control to an attacker - isn't something very wrong already?
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
I grew up surrounded with books and I can't stand James Joyce.
Possibly the same reason why people who grew up with Unix can't stand Windows... :)
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
That dialog has a few things wrong with it. The most damning is the status bar on the bottom (which, admittedly, wasn't on all the fake dialogs), but more obvious would be that your mouse turns into a hand on the dialog/okay button, or that there are minimize/maximize buttons.
The other option is to click the "x" in the top right, and it's something you should do when unexpected windows pop up while web browsing. Even if it's possibly a legit error, there's no harm in hitting "x" instead of "OK".
I don't think your comment about switching GUI schemes and widgets so often is correct, especially since you pointed to a piece of software that had almost no scheme/widget changes for 12 years before getting a complete makeover. The fact is, windows had a very consistent look and feel from 95 through 2000, and xp/vista/W7 (screenshots that have been released, I cannot comment on internal look and feel, as that is always subject to change) only had slight modifications to what is still a relatively consistent GUI.
As for the "one OK button click away" - that depends if the relevant link was simply an ad-farm link or if it used a known exploit to silently install software. If the latter, then a patch should be issued, but it's something that can happen to any piece of sufficiently advanced (read: complex) software.
I just don't get it.
Some people, as soon as a computer (or something else they've convinced themselves is a magic black box) enters the picture, turn off every shred of intelligence and common sense they ever had. There's simply no excuse for it, in my experience. These people aren't just ignorant, they refuse to try, because they've already convinced themselves that they can't understand $thing.
A car analogy applies well to me personally (and is obligatory on this site). I don't know cars that well. I can change my oil, and filter, and that's it. I don't pretend I understand cars, either, but I know what normal operating parameters for my car are, and when it starts acting weird, I can give a mechanic a decent description of what's going wrong. This is because even though I know I'm ignorant of how the car works, I pay fucking attention, and remember that it's just a machine like any other, and there's a cause for what's going wrong. Probably a very logical one, too!
Others can't be bothered to use the shred of intelligence required to do this. They're the kind of people who make me want to get a law passed making it legal to shoot stupid people. That, or reproduce as much as possible, so I can have smart kids, and do my part to help keep the morons from overrunning the earth.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
The error message is legit, this is something that a regular Windows user might see (I don't want to use the word "commonly", but it's relatively common as far as Windows error messages go).
... dare I say it ... OFFENDED!!
Ooh pwease mister, don't say that Windows error messages are common! That would be tewwible! Ye gods, the MS supporters might even be
You can always take up the party line and blame it on bad memory or low-quality third-party drivers. I notice that the "bad memory" excuse has become less popular lately. That's probably because I've personally used linux on unmodified machines that some MCSE declared to have bad memory and decided that either Linux can fix defective hardware or the memory wasn't why Windows was (relatively) unstable. I doubt I'm the only person who ever tried this. Of course you could always run a goddamned boot CD with memtest86 on it to rule this out but that's not as fun and won't be much faster.
That leaves faulty/low-quality third-party drivers, which is what I hear the most from Windows (Windows, not necessarily Microsoft) apologists when talking reasonably about this subject. This is a more perfect excuse since there are many third-party drivers for Windows that come from different sources, all or nearly all of them are closed-source, and if you fixed such a machine by modifying only a driver there is still no assurance that you fixed the actual flaw and did not merely replace a driver which reveals or exposes a bug with a driver that does not reveal or expose a bug. So the claim is completely unverifiable/unfalsifiable and is only credible if you grant the assumption that Microsoft always/very often produces relatively high-quality software and so the flaw is likely to be "the other guy", an unnamed third-party vendor among many third-party vendors.
That there are many third-party drivers and some truly are low-quality makes it more believable that third-party drivers are why Windows is generally less stable than a *nix platform, but this too relies on an assumption. There are multiple events that can cause Windows to crash. The assumption is that this single problem is more common than the others, that it is less preventable (good design) or more difficult to mitigate (i.e. with patches/updates) than all of the rest. If this were all I had to stand on, I would not confidently assert that I knew what the cause of the instability is and that the cause implies that it's not really Microsoft's fault. I might say that in a hopeful manner, if I believed or wanted it to be true, but that alone is not fact; stating it as such is dishonest if intentional and delusional if done out of ignorance.
Look at your log file sometime. Full of useless crap that buries the good stuff. You've got 75% of your log full of stupid failed SSH attempts from script kiddies, 10% from "hi, I'm named and my log level is not perfect so I'm going to tell you that somebody looked for pornjunction.com and I couldn't find it". 10% for "errors" in daemons, only they aren't really errors. Then you've got 4% from some fucked up cron job. That leaves like 1% for the truely useful error message that might actually be of value.
My point? Linux, FreeBSD or any other unix OS has just as many inexplicable, frequent error messages, only instead of dialog boxes, they pollute your log files instead.
PS: The event log is no different.
So... How goes the hunt then, friend?
Hunt's long over. Been married to a wonderful woman for 10 years, and have two great children.
"I don't know, therefore Aliens" Wafflebox1
I can understand this, but what still amazes is me is that people deduce that because the error message doesn't mean squat to them, that it doesn't mean anything to anyone, so they don't even write it down, and then they expect someone like me, later on, and even over the phone, to tell them what it meant!
I'm generalising horribly here, but please bear with me.
You would not believe the number of people who basically judge everyone based on themselves. It's like a slightly more sophisticated equivalent of a small child deciding that if they can't see you, you can't see them and so they can make themselves invisible by closing their eyes.
Of course there's a lesson in there: alert dialogs are a idiotic solution to a real problem. Users don't care about them while a task is being performed (they effectively send them to /dev/null), just when the task ends in an undesired way.
So the lesson is: log all those unread dialogs and provide a diagnosis tool where the user can read them all after the task has finished, i.e. when the user will care about what they said. Why is it that computers have log files aimed to developers, but not ones aimed to log in a friendly way the events aimed to end users? Is there really so little empathy in the programmers mindset?
Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
No, we should expect better from computers.
Nintendo has very smart HID people working for them, who can actually design an interface that is so dead easy to use, someone like the little girl you describe can do it. And old, half-blind people can do it, too. Which means everyone can do it.
Meanwhile, your average windos installation is "useable" only by techies or those daring enough to play one at their own risk.
Assorted stuff I do sometimes: Lemuria.org
This didn't pop up on their personal computers, they were in a computer lab, and they thought they were supposed to be looking at medical information. I doubt you change the skin on every computer you sit down at.