Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creating Better Malware Warnings Through Psychology

Posted by Unknown on from the this-web-page-will-eat-your-cat dept.

msm1267 writes "Generic malware warnings that alert computer users to potential trouble are largely ineffective and often ignored. Researchers at Cambridge University, however, have proposed a change to the status quo, believing instead that warnings should be re-architected to include concrete, specific warnings that are not technical and rely less on fear than current alerts."

22 of 85 comments (clear)

  1. Waste of Time by Anonymous Coward · · Score: 4, Informative

    The fake warnings that get people to click on them will just copy the wording and format of the new warnings and use those to entice people to "click here to avert catastrophe".

    1. Re:Waste of Time by Anonymous Coward · · Score: 5, Funny

      I don't know what the article said. I was afraid to download the paper linked because it occurred to me that it might have been one of the very malware warnings they were talking about since they said "Reading this May Harm Your Computer: The Psychology of Malware Warnings".

      Preeety clever guys, but I ain't gonna let y'all pull a fast one on me

    2. Re:Waste of Time by Pope · · Score: 5, Funny

      Maybe you should read about this one weird computer security tip discovered by a mom. Malware writers hate her!

      --
      It doesn't mean much now, it's built for the future.
    3. Re:Waste of Time by geminidomino · · Score: 3, Interesting

      Right, but the point of the article is to do so on sites that ARE bad and WILL drive-by software that will try to log your keystrokes, steal your passwords and account numbers, and use your computer to send out spam (concrete threats), and not "this could be something scary and microsoft doesn't approve" because you have a GUI IP scanner installed.

    4. Re:Waste of Time by Pentium100 · · Score: 2

      I especially like it when AV software flag a keygen for being a keygen. No, not because the keygen also has a trojan or whatever, but that it is a keygen. The explanation usually states "keygens may contain malware" - so, tell me whether it actually contains malware or not - maybe that's why I scanned it with the AV software...

    5. Re:Waste of Time by tlhIngan · · Score: 2

      I especially like it when AV software flag a keygen for being a keygen. No, not because the keygen also has a trojan or whatever, but that it is a keygen. The explanation usually states "keygens may contain malware" - so, tell me whether it actually contains malware or not - maybe that's why I scanned it with the AV software...

      The problem is, a lot (if not most) keygens are wrapped in ways that make it impossible to tell. After all, a wrapped keygen is a trojan, and it's so easy to do tons of things that no anti-malware can detect them call because it's so easy to do. All the trojan has to do is spawn a downloader process, then launch the real keygen, and you're none the wiser.

      There's nothing any anti-malware can do about it - there's no way to tell if it's a clean keygen or a wrapped one. Heck, many of them are also packed EXEs just like the keygens themselves.

      And yes, trojans are impossible to scan - your malware scanner might detect when the wrapped keygen actually downloads a known piece of malware, but that downloader will quietly run in the background until someone actually analyzes it.

  2. specific warnings that are not technical by kruach+aum · · Score: 4, Funny

    If you click this link you will literally want to kill yourself like that time you thought you'd pulled your underwear all the way down but instead re-enacted the slicing frame scene from Cube but with poop

    If you click this link you will be tricked into being tricked into giving Russians money to make a non-existent problem not go away, like that time you bought a can opener because you chipped a tooth opening a beer bottle and then never used it

    If you click this link you will experience the mental equivalent of three elephant births through a human sized vagina worth of pain over the course of a week and a half

    1. Re:specific warnings that are not technical by gstoddart · · Score: 2

      Of course, the problem with your warnings is they need a warning to precede them.

      Because, well, ick.

      --
      Lost at C:>. Found at C.
  3. Re:Warning: Potholes ahead by Joce640k · · Score: 2

    Why should anyone be running an operating system that is vulnerable to malware?

    Because they want to do some work?

    --
    No sig today...
  4. Re:Hmmm ... by gstoddart · · Score: 2

    My other personal favorite is some of the dumb warnings from IE -- you are about to use the internet, are you sure you really want to do that? followed by when you use the internet, people can see what you do, are you sure?.

    --
    Lost at C:>. Found at C.
  5. Too much repetition by asmkm22 · · Score: 3, Insightful

    This is just based on my experience, but it seems like users are very quick to develop habits based on repetition. UAC is a good example, in that it doesn't take more than a few days to get used to clicking OK on the box that pops up when then screen fades out a little. Changing what the message says won't change that behavior.

    1. Re:Too much repetition by zakkudo · · Score: 2

      This is a very Windows-ish problem. I always read dialogs on Linux and Mac OS X. I tried doing that for a while on Windows, and found out that most of them are meaningless, overly vague, or just plain overely intrusive. I found myself ignoring them on Windows like everybody else does.

      Microsoft is the primary perpitrator of this problem. They are the reason that 90% of the casual computer users ignore any and all dialogs. It's aggrivating as a web dev and you have to double-think yourself because of MS's actions.

  6. Oxymorons by barakn · · Score: 2

    "concrete, specific warnings" and "not technical"

    --
    "I'm so moist I'm sticking to the leather." -Kermit the Frog on The Late Late Show
    1. Re:Oxymorons by Tablizer · · Score: 3, Funny

      "concrete, specific warnings" and "not technical"

      "Don't click the purple button shaped like the bow-tie Justin Beiber wore on 'Dancing with Stars' last week".

      See, it can be done.

      --
      Table-ized A.I.
    2. Re:Oxymorons by phantomfive · · Score: 2

      I've gone through pieces of my software and made sure that each error message is clear and understandable, and explains exactly what the user needs to do to fix the problem.

      It's not easy, requires a lot of debugging, and I estimate that it will at least double the time of development of moderately complicated projects (if all you have is a webpage like facebook, you can say, "please reload the page" or "try again in ten minutes" and hopefully that will fix things).

      The time is doubled, and you don't normally get much benefit from it.

      --
      "First they came for the slanderers and i said nothing."
  7. Advice for the enemy? by Cantankerous+Cur · · Score: 2

    So why are we giving malware programmers suggestions?

  8. Re:Hmmm ... by vux984 · · Score: 3, Interesting

    The NSA would use a major signing authority so as to avoid any warnings. And it would say it was signed by whoever they wanted it to say it was signed by because... NSA.

    You are actually better off using your own PKI all the way up and adding your own root certs etc to your browsers if you are concerned about the NSA.

    This isn't actually bad advice in general.

  9. Re:Warning: Potholes ahead by Tablizer · · Score: 2

    I applaud them for their honesty. They could have skipped any such notice, as is typically done in the commercial world.

    --
    Table-ized A.I.
  10. Re:Not Realistic by jader3rd · · Score: 2

    The real problem here is that most people view computers as little black boxes that use a lot of elves and magic to keep them working.

    There's the problem. We need to inform people that computers are little black boxes that use smoke to keep them working. How do I know? Because every time I've seen the smoke escape from the computer, it stopped working.

  11. Re:Hmmm ... by lgw · · Score: 3, Insightful

    Pretty hard to prevent when they can display arbitrary images. You'd have to do something they couldn't replicate, like personalizing it per user, or using a reserved part of the screen.

    Trivial: just put a very obvious and different border around any dialog raised by the browser, like thick red and black hashing or something equally unsubtle. It's wouldn't solve every problem, but making it really obvious when it's a pop-up would help.

    Or, better, just remove the whole horrible idea of pop-ups from the world of browsers. It solves a problem that no longer exists in tabbed browsing. Restrict web pages from opening anything but a new tab, and nothing of value will be lost.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  12. Re:Hmmm ... by houstonbofh · · Score: 2

    If I just took the access point out of the box, and I am connecting to it on a local network, I am fairly sure I know EXACTLY the identity of the computer I am connecting to.

    The computer doesn't know you did that, and there's no good way for it to know that which wouldn't involve digital signatures...

    How about "Accept this cert forever, regardless of what IP it is on."
    Or, "Accept self signed certs on local subnets."
    Problem solved in two optional check boxes.

  13. Re:Hmmm ... by BradleyUffner · · Score: 2

    A certificate from a CA says 'I am yourbank.com and Verisign can vouch for me.'

    It's more like "I am yourbank.com because I gave Verisign $500, behold my green lock icon!".