Slashdot Mirror
Popup Study Confirms Most Users Are Idiots
danieltdp writes "Testing students at a University, psychologists made many of them click on a dialog box that in effect said: 'You are about to install some malware. Malware is bad. By clicking yes you are failing the Windows Darwin Test.' Nearly half of them said all they cared about was getting rid of these dialogs."
"You are about to submit a bad summary. The summary is bad. By clicking yes you are failing at Slashdot Darwin Test."
Doh!
For those of you just joining us, the article says nothing of the sort. The article actually says that they created fake "Application Error" dialogs with various numbers of "fake" aspects. e.g. The cursor turning to a hand over the "Ok" button, reverse colored text, browser borders, etc. Basically, stuff that should have made it obvious that these were malware windows. Nearly half of those tested "accepted" the dialogs to get them out of the way. Some of them simply minimized them for later.
The text referred to in the summary is an image created by Ars Technica with the caption, "Even this warning might not have helped".
Javascript + Nintendo DSi = DSiCade
The actual text was "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c.' The memory could not be 'read.' Click OK to terminate program." You're right, this is not "basically" (or even remotely close to) the text in Ars's little joke screenshot or what was posted in the summary.
The average computer user is the same as average TV user, a.k.a. Joe Sixpack
<sarcasm>
*gasp*
</sarcasm>
We computer professionals stick around other computer professionals - and nonprofessionals around us absorb enough knowledge from us by osmosis. So of course it FEELS like everyone is computer literate -- but they're not. We develop software for the braindead zombies and the braindead zombies use it.
Did you know that "FTW" ("for the win") is a direct translation of "Sieg Heil"?
They didn't care if malware got installed on the researchers computers. Most university owned machines that are publicly accessible (e.g. in the library) get ghosted frequently. It doesn't matter what you do to them - tomorrow they will have a fresh install anyway.
From the article
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
Quit bugging me. Much more work needs to be done to eliminate "Are you sure?" requests. Working undo is always better than asking the user and making him regret the answer seconds later.
The bottom of the article has the actual conclusion that the article was trying to make:
Follow-up questions revealed that the students seemed to find any dialog box a distraction from their assigned task; nearly half said that all they cared about was getting rid of these dialogs. The results suggest that a familiarity with Windows dialogs have bred a degree of contempt and that users simply don't care what the boxes say anymore.
The authors suggest that user training might help more people recognize the risks involved with fake popups and the diagnostic signs of genuine Windows dialogs, but the fact that the students didn't appear to spend any more time evaluating the fake dialogs raises questions as to whether education is enough.
"All great wisdom is contained in .signature files"
Be that as it may, to call a user an "idiot" because he does not know the appropriate style for an error dialog box, or having seen an odd style, does not associate that with malware, but prefers to continue on task if possible, shows how arrogant the author of the summary is.
Currently hooked on AMP
the people writing the dialog boxes assume clicking no just shuts down the dialog box.
You could easily have events fire on the No as you do on the yes.
It takes a little work, but it is doable.
The Kruger Dunning explains most post on
This was not surprising and I don't place all the blame on the users.
There's a similar situation with semi experienced administrators. They may configure logging and monitoring on a system. Being security paranoid, they set the log level fairly low so they end up getting lots of alerts.
Somewhere along the line, however, the administrator stops paying as much attention. Maybe a CPU alert hits 100% every night. Then one day someone in Finance runs a half-assed join across a gateway and brings down a DB. The admin gets the alert but has gotten so used to them that it was ignored. This is worse than if he'd never gotten the alert at all.
The alerts that OSes put up (Vista, for example) and the host of browser and AV and IDE warnings get useless after a while. The system should do this transparently and not rely on the user to be the MAC layer.
My roommates' daughter, who isn't old enough to read yet, can navigate menus on the Nintendo Wii by using trial and error to determine which button "works" and which button "doesn't work" to get where she wants, then (with repetition) memorizing the position or appearance of the correct button. She has absolutely no idea what any of the text says if it isn't accompanied by pictures, but she only occasionally needs help navigating.
Shouldn't we expect better from adults using a computer?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I don't think this says as much about the users as it does the usability of our computers.
Computers are commodity items now, the days where nerds interested in technical details were the primary demographic are long gone. People just want to do their job and move on with life, they don't care about memory registers or malware they just want to not be interrupted.
It really illustrates how dialog boxes as a warning system are a flawed mechanic, we got this fancy computer with a fancy operating system, why can't it figure out the right thing to do when an application tries to access memory it's not supposed to?
Guess my point is if we put as much effort into error handling and/or malware detection as we do our whiz-bang graphics, it might not even be a problem anymore.
And frankly they shouldn't have to be. I have no idea why developers seem to think they should/are. Fail safe and log it so someone who does understand what's happening can make an alternative choice.
Deleted
It isn't just Windows either. Apps in Gnome, KDE and OpenOffice also open up stupid dialogs.
It is unreasonable to consider training users to be driven by popups. What would make more sense is for programmers to design their pop up use better so that it is more meaningful for the user.
Engineering is the art of compromise.
I don't really get why clicking OK on something that vaguely looks like a system error is a problem. If it is a script running inside a web browser, the script cannot do anything that it wouldn't be able to do without the script. If it is already a process running inside the OS, it means that you are already in trouble because it could also erase files or install programs without you clicking OK.
It would be more beneficial to malware if they could make a REAL Windows dialog ("Install new software, Allow?") look like a harmless message ("Print job finished."), but that would be pretty tough to do.
Avantslash: low-bandwidth mobile slashdot.
One thing worth noting is whether the students were using their own computers or computers on loan from the department. It's worth noting because most people care what happens to their own personal systems (because they're the ones who will be stuck fixing them) but care less if a school computer is infected for instance.
I'm not sure if this makes them idiots or just uncaring, either way it could be relevant.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Working in support, I have seen so many times where if an unfamiliar dialog box pops up, people either click on the option they are used to clicking on, or call support without even reading the message on the dialog box. It is like they are unable to physically see the contents of the dialog anymore, it has been beaten out of them. Often all I have to do is make them read me the dialog over the phone, which makes them process the info mentally, and they know which button they need to press then, having actually read and comprehended what was asked.
It is a very interesting problem, I think the solution is to make the buttons themselves say what they do, rather than clicking Ok or Cancel, have the button say "Exit crashed program", or "Install new program" or what have you. Always being OK or Cancel conditions people to just blindly click.
I see a lot of people jumping to conclusions about how this is the fault of programmers for using the dialog box too much, etc, etc, etc. I call BS. If you write software for people who are computer illiterate (which happens a lot in my field. i write software for veterinarians), they'll click on anything and do everything, no matter the consequences. A simple "undo" isn't enough. They need to understand what they just did. If a popup don't pop up and say "you're about to delete something" they won't even know they deleted it until its too late (closing program, etc). You can't keep an infinite list of "undos" either. So, you're left to assume one of two things. 1) The person has read instructions, understands what they're doing, and understands they're responsible for breaking it OR 2) They haven't read any instructions, will click on what they think makes sense and when they break it, they call support, bitch and moan, taking up valuable time. Maybe in a bigger company, thats acceptable, however, *I* do both the programming AND support as we're a company of about 5 people. I can't be dealing with people who are idiots. I challenge anyone to make something thats completely foolproof without popups AND thats still aesthetically pleasing to look at AND easy to use.
Maybe people should just realize they're using delicate instruments and should treat them as such. These aren't toys, but systems that cost hundreds, sometimes thousands of dollars to build. Its not the programmers' fault. Its the user's. If the user refuses to educate himself to not be a fool, there's really no way to try and make something foolproof.
If the tools aren't working well for people then the design of the tool is wrong.
If you build a ATM (cash dispenser) that spits out the money before it returns the card then you'll find that a not insignificant number of people leave the machine without retrieving their card. In their brains the task they are doing (getting money) is complete so they walk away.
Thus cash machines return the card first and then give you your money.
You have to design things to work the way real people work. Calling people idiots is just a cop out.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Well, obviously, after clicking ok on a popup, another popup should open that contains a picture of the previous popup and a message "This is what you just clicked. Are you sure it's not malware?" That should take care of it. If enough of us send suggestions to Microsoft, there may be enough time to get it into Windows 7.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Microsoft has trained people to click "OK", "Open", "Run", "Install", "Continue", or whatever button (wherever it is) that gets you past the idiot box.
Apple had until recently avoided this mistake. NOT (as some people have said) by making the buttons more meaningful, but by simply NOT trying to use warning dialogs in place of good design.
For example, Mac OS doesn't ask you if you want to move a file to the trash, and it doesn't ask you if you want to empty the trash, because these are common actions, and the dialog box becomes something you reflexively accept.
Recently, as I say, Apple has started to deviate from the path of virtue. I've caught my Mac in bed with promiscuous dialogs on many occasions.
But by comparison with Windows (particularly Vista)... my Mac's still pretty much a dialog virgin. Really.
This is an unmodified screen capture of an actual Windows dialogue box. I have no idea what program triggered it.
http://i246.photobucket.com/albums/gg109/splorpdotorg/whatwouldyoudo.jpg
(I left it onscreen until I rebooted -to be fair, this was Windows 98SE).
Please don't humanize the morons around me. It makes me very uncomfortable.
> In short, in two or three generations when all the people who don't know basic computer
> security and operation have died, and not being able to spot a phishing scam will be
> looked upon much the same way that being illiterate is now, then the problem will have
> fixed itself.
It would appear that you believe that all of those who "grew up with computers" know basic computer security and operation. This is just as true as it is that all of those who "grew up with books" are able to read and understand James Joyce.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I've even gotten used to the slashdot editors not reading the articles. After all, there are a lot of submissions and it's not like it's their job. The queue is long, the day is short, etc etc. I understand all that.
But when I realized that even the submitters don't read the articles they summarize... that is when I cried. Something broke inside me.
Even that was a couple of years ago, though. I'm all better now, and life is wonderful now that things don't have to make sense anymore. I feel so free!
Also one must consider the situation. The students were placed in front of a screen and given a task. If it were me I wouldn't be to concerned about error messages if I could just click them away, finish the job and collect my $5 or whatever. If it was my own PC, or one I used every day for work, I would indeed take much more care. But a machine used by many people is probably going to get fucked up in very short order regardless of what I personally do, so why bother.
Mod parent up - I couldn't agree more. Users are not idiots. Users just don't care about reading dialog boxes because a lot of the time the message isn't useful or helpful.
Here's a suggestion for everyone. Whenever you display an error message, don't just display the error message. The user (normally) doesn't particularly care what went wrong. They just want to know how to fix it.
Eg, I was trying to buy an AudioBook on iTunes the other day, when it said to me "Users in Australia cannot purchase tracks on the UK site". Now it didn't tell me "well, go to the Australian site, and here's a link to go to it" or say "would you like to go to the Australian site?". It just gave me a dumb error message. It took me ten minutes to find the link to the Australian site (scroll down to the bottom of the front page, dur. Seems so obvious now).
Dammit, be helpful to your users. Don't just display the error message. Display what to do about it. Even "please try again later" is better than nothing.
Really? I wouldn't know. I've been drinking.