Slashdot Mirror
Popup Study Confirms Most Users Are Idiots
danieltdp writes "Testing students at a University, psychologists made many of them click on a dialog box that in effect said: 'You are about to install some malware. Malware is bad. By clicking yes you are failing the Windows Darwin Test.' Nearly half of them said all they cared about was getting rid of these dialogs."
The average computer user is the same as average TV user, a.k.a. Joe Sixpack
<sarcasm>
*gasp*
</sarcasm>
We computer professionals stick around other computer professionals - and nonprofessionals around us absorb enough knowledge from us by osmosis. So of course it FEELS like everyone is computer literate -- but they're not. We develop software for the braindead zombies and the braindead zombies use it.
Did you know that "FTW" ("for the win") is a direct translation of "Sieg Heil"?
They didn't care if malware got installed on the researchers computers. Most university owned machines that are publicly accessible (e.g. in the library) get ghosted frequently. It doesn't matter what you do to them - tomorrow they will have a fresh install anyway.
My roommates' daughter, who isn't old enough to read yet, can navigate menus on the Nintendo Wii by using trial and error to determine which button "works" and which button "doesn't work" to get where she wants, then (with repetition) memorizing the position or appearance of the correct button. She has absolutely no idea what any of the text says if it isn't accompanied by pictures, but she only occasionally needs help navigating.
Shouldn't we expect better from adults using a computer?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
In the users' defense, they are so used to having inexplicable and frequent error dialogs pop up under Windows, that it's not surprising that they ignore the details and just "click through". Windows creates a "little boy who cried 'wolf'" environment.
Proverbs 21:19
Programmers continue to use them because they effectively move responsibility. Yes, they fail, but when they fail it's suddenly the user's fault, so the programmer is happy with the result.
Of course this is bad UI and the failure is ultimately that of the programmer, but this is not how it's perceived now, so programmers will continue to use them even if they know full well that they don't do the job.
If you mod me Overrated, you are admitting that you have no penis.
Was the study done on the researcher's computer? One that the subject knows he will never see again?
I would actually have caught it, but I'm by any standards, a technically sophisticated user. But even if I realized the dialog was being "faked" with JS or whatever, I still wouldn't give a crap what happened to the grad student's computer. I'd assume one of two things: If I thought the dialog was real, then my guess would be you have some linkage looking by address into a DLL whose version has changed, or, whoever made your website is either an idiot and/or has some kind of hokey web builder tool like maybe a cracked dreamweaver or something...
Maybe, if I caught on to the game enough to realize the purpose of the experiment was to see if the user caught these error boxes, then *maybe* I'd care. Mostly I'd just laugh. The user who is savvy enough to even care about these error dialogs, probably sees right through them, and the rest, as the study unsurprisingly found, just want them to go away. I'd be thinking "you know, if I had a web based test to administer to the public, I am certain it would be from an unprivileged user account on a linux box" as I clicked whatever image I thought might make the popup go away. I might have even tried to see if I could get firefox to block it :)
-fb Everything not expressly forbidden is now mandatory.
Story time:
Early in my career, I worked with a helpdesk tech who was hired more or less because he had certifications out the ying yang. So one day, he comes to me and he says, "I'm having a problem with this computer. It just won't work and I can't figure out why."
So I went with him back to the workbench and said, "Ok, show me what the problem is."
He booted up the machine and logged in. Everything looked fine. He navigated through the start menu, found the shortcut for Microsoft Word, and clicks on it. It takes a second before anything happens, and then a little window pops up with what looks like an error message. The tech immediately hits ok, and then sits there for another minute before turning to me and saying, "See. Word won't start."
I said, "Ok, well what did that error message say?"
He responds, "wha?"
I ask him to try running it again, he does, and when the error message comes up again, he again immediately hits the OK button. I say, "That! That error message. What did it say?" and he comes back again, "Huh?"
I get him to run it a third time, and ask him to take his hands off the mouse and put them in his lap until I tell him he can touch the mouse again. The third time, the error message pops up again and says, "Error: missing msvcrt.dll." (just making that up, but it was missing some DLL) I copy the DLL over from another machine and it works again.
True story. I'm not sure if there's a lesson in there somewhere, but it seemed like a relevant story.
Displaying something only the OS should know is an interesting idea... like let the users customize a window border by splattering paint and then it might be blatantly obvious which windows were their personal design, and which were fakes (different splatter pattern and different colors.) Has anybody seen anything like that implemented?
Not with window dialogs, but I've seen several browser & email plugins that use user-defined images to guard against phishing. The idea is that you assign your image to www.yourbanksite.example, then the browser will show that image whenever you visit that page... but if you end up visiting www.yourbankslte.com instead, it won't show the image, and you'll be able to notice that more clearly than the fact that the spelling is off.
It's also kind of similar to the icon that Yahoo lets you set on your login form.
The Apple user interface guidelines have always stated that verbs should be used on command buttons. Inserting a blank disk under Mac OS pops up the "Format" or "Eject" dialog box. On Windows, the text says "To format the disk, click OK. To quit, click CANCEL" with "OK" or "Cancel" buttons.
Of course, if you put something other than OK or CANCEL in the dialog box, most Windows users freeze up. They don't know what to click.
Making users read the dialog box text helps. Just make sure the text is actually useful for making a decision.
An excuse to continually ignore usability, something which many in the software industry already do a pretty good job of doing. Maybe 2009 will be the year of the Linux desktop..or maybe not.
Users, though, should be expected to have a minimum degree of intelligence before getting involved with something that requires some basic thinking, such as a computer.
There's a certain failure of the education system here, and of the society as a whole.
My sister-in-law took her car into the shop, asking to have all the warning lights and buzzers deactivated, as they were bothering her.
The service manager was somewhat reluctant to do this, thinking, no doubt, that if he went ahead with the work, it would come back to haunt him. She insisted, reasoning that these things had never happened to her before in all the years she's been driving. Five years later, she's still happy at the thought that she "took charge" of the situation. She likes to tell this story because, to her, it proves that she was right all along.
Sure, I have to agree, at the core it's a matter of priorities. But I think it's one in which simple not-caring has eroded further into not-caring-to-understand. We can laugh a bit inasmuch as it applies to ordinary people, but I find myself alarmed as this almost Orwellian regression from critical thinking into reactivity becomes more fashionable.
That's because it's not just ordinary people but also many trusted individuals who are afflicted. I've lost count of the number of IT managers and network staff who reason anecdotally, who can't seem to distinguish between different subsystems or levels of abstraction, or who don't even consistently apply commonplace notions of causality. These people may be smart and successful, but I find them hard to have as colleagues.
Physicians and car mechanics, on the other hand, seem to have somehow avoided the worst of this erosion. At least, that's what I've observed. I can't explain what, if anything, might set them apart from other technical professionals.
Parity: What to do when the weekend comes.
The problem there is that trusting self-signed SSL certs is not an inherently risky or unusual action. The solution to a crappy dialog on an action like that is not to make it vastly harder to take the normal course. So it should be fairly obvious why people didn't like it.
If you mod me Overrated, you are admitting that you have no penis.
tl;dr
Windows already has most of your suggestions implemented, the problem is that third-party developers generally ignore it.
Microsoft often ignore it too, partly because: -so far as I can tell, the "error reporter" thing is triggered when an app dies, and always reports to Microsoft, not $APPDEVELOPER -The error console is a good bit harder to write to than, say, MessageBox("Unexpected error "+errornumber+" has occurred!"). Using it also makes it a harder to make your app compatible with old Windows versions. -The "tray notifications" are nice, but it's quite annoying that there's no way to turn off generally useless ones ("Hiding your notification icons") while keeping more worthwhile ones ("It is now safe to remove $HARDWARE"). Also, I've seen those bubbles sit there through a whole class lecture without anybody noticing. Something more customizable would be nice... As for the OS-only window type: Simply reserve a specific type of window border for OS errors. Yes, apps could fake it, but most of what's making fake error boxes is web ads. An app that could fake the border could do whatever it wanted to without asking the user. The ones that need the user's help are the ones that are just an image -- you have to click it before it has a chance to do anything nasty. With a simple "error" border, the best an ad could do is copy the special border, with the browser's border around it. A bit more obvious, maybe enough to keep a few people from clicking it...
Most obvious clue for me?
It's using the default XP skin. I've never left that on a computer for more than a few minutes, and none of my family does either. Switching to the classic explorer GUI really makes a lot of fake popups and malware stand out like a sore thumb.
Pretty much every ATM machine that takes your card internally (versus the cheap gas station ones that you have to swipe manually) gives you the cash, then asks you if you want another transaction/your card back before doing anything else.
'Fast Cash' options generally spit everything out at once.
People 'forget' there cards generally once, because those machine swallow the cards to prevent them from being stolen when you walk off after being in such a hurry.
This solution is actually very effective, it makes it just enough of a pain in the butt that people do it once and then start remembering to be more careful. Since you typically have to order a new card rather than simply get your old one back, it puts you out for a few days and your brain makes the connection in most cases.
But, the point to this post is that what you claim about ATM machines is incorrect. Also, people are idiots, and the only way to prevent them from losing their cards all the time is to apply enough of an inconvience/punishment that they only do it once.
Personally, I love this idea and I'm all for applying it to software. If a popup clicks up with 10 lines of text and you click on it with say 1 second of it appearing, meaning that you've no possible chance of having read it in that period of time (well most people wouldn't be able to), then your PC shuts down and refuses to work for a day. Each time you continue to do it, it doubles the amount of time it stops working.
Like wise, occasionally throw in a random popup with a message the says something like 'We're just checking to make sure you are reading these messages, click Yes to shutdown your computer for a week because you're an idiot, or No to continue you.' Randomize the button order and which button is the safe one a little, and in a short period of time, users would be reading dialogs I think.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
And how is this supposed to show that users are ID10Ts? With the exception of the quotes that is pretty much the same crap folks are used to getting in error boxes since the days of Win95. As a PC repairman I have seen some dumb users in my time(the video.exe pr0n bug comes to mind) but I would never blame a customer for falling for that.
And let's face it,the simple fact of the matter is the user doesn't have to be an ID10T anymore,thanks to the way browsers and the Internet have conditioned most folks that the occasional download will be necessary to get through the day. The "you need a codec" dialog,the "Your flash is too old,here is the update" dialog,and don't even get me started on JavaScript and driveby malware.IMHO we are pushing this script heavy "Web 2.0" crap too fast without taking the time to worry about the average user and security.
For example,the browser should be set up with the major vendors addresses so that if you need a new version of flash,it will refuse any web links and take you straight to Adobe. And IMHO we need to really rethink JScript,perhaps with a no execute "penalty box" that can be scanned for malware before being allowed to run. Because as it is I'm giving my customers Noscript and teaching them to use it just to cut down on the malware. But the time of "blame the user" is mostly past(although I still laugh at how many fall for video.exe looking for pr0n).With so many online now,and that number going nowhere but up,we really need to work on it so the average Joe won't need a degree just to use the web. But as always this is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.