UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Don't work. Can't work? Why it's time to rethink security warnings

Krol, K; Moroz, M; Sasse, MA; (2012) Don't work. Can't work? Why it's time to rethink security warnings. In: 7th International Conference on Risk and Security of Internet and Systems (CRiSIS). IEEE Green open access

[img]
Preview
PDF
KrolWarnings-CameraReady.pdf
Available under License : See the attached licence file.

Download (297kB)

Abstract

As the number of Internet users has grown, so have the security threats that they face online. Security warnings are one key strategy for trying to warn users about those threats; but recently, it has been questioned whether they are effective. We conducted a study in which 120 participants brought their own laptops to a usability test of a new academic article summary tool. They encountered a PDF download warning for one of the papers. All participants noticed the warning, but 98 (81.7%) downloaded the PDF file that triggered it. There was no significant difference between responses to a brief generic warning, and a longer specific one. The participants who heeded the warning were overwhelmingly female, and either had previous experience with viruses or lower levels of computing skills. Our analysis of the reasons for ignoring warnings shows that participants have become desensitised by frequent exposure and false alarms, and think they can recognise security risks. At the same time, their answers revealed some misunderstandings about security threats: for instance, they rely on anti-virus software to protect them from a wide range of threats, and do not believe that PDF files can infect their machine with viruses. We conclude that security warnings in their current forms are largely ineffective, and will remain so, unless the number of false positives can be reduced.

Type: Proceedings paper
Title: Don't work. Can't work? Why it's time to rethink security warnings
Event: 7th International Conference on Risks and Security of Internet and Systems
ISBN: 978-1-4673-3088-6
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/CRISIS.2012.6378951
Publisher version: http://dx.doi.org/10.1109/CRISIS.2012.6378951
Language: English
UCL classification: UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: http://discovery.ucl.ac.uk/id/eprint/1389027
Downloads since deposit
548Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item