Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Creating Better Malware Warnings Through Psychology

Unknown Lamer posted about 9 months ago | from the this-web-page-will-eat-your-cat dept.

Security 85

msm1267 writes "Generic malware warnings that alert computer users to potential trouble are largely ineffective and often ignored. Researchers at Cambridge University, however, have proposed a change to the status quo, believing instead that warnings should be re-architected to include concrete, specific warnings that are not technical and rely less on fear than current alerts."

Sorry! There are no comments related to the filter you selected.

Waste of Time (4, Informative)

Anonymous Coward | about 9 months ago | (#45889687)

The fake warnings that get people to click on them will just copy the wording and format of the new warnings and use those to entice people to "click here to avert catastrophe".

Re:Waste of Time (5, Funny)

Anonymous Coward | about 9 months ago | (#45889897)

I don't know what the article said. I was afraid to download the paper linked because it occurred to me that it might have been one of the very malware warnings they were talking about since they said "Reading this May Harm Your Computer: The Psychology of Malware Warnings".

Preeety clever guys, but I ain't gonna let y'all pull a fast one on me

Re:Waste of Time (5, Funny)

Pope (17780) | about 9 months ago | (#45890465)

Maybe you should read about this one weird computer security tip discovered by a mom. Malware writers hate her!

Re:Waste of Time (1)

Lazere (2809091) | about 9 months ago | (#45890595)

That sounds amazing! Where can I read more about this, haphazardly animated ad?

Re:Waste of Time (0)

Anonymous Coward | about 9 months ago | (#45893925)

Any Windows computer.

Re:Waste of Time (1)

ancientt (569920) | about 9 months ago | (#45890981)

Mod parent up. I'm submitting to seenonslash.

Re:Waste of Time (1)

VortexCortex (1117377) | about 9 months ago | (#45896219)

Maybe you should read about this one weird computer security tip discovered by a mom. Malware writers hate her!

People viewing this warning, also clicked on these:
    Solve the Captcha to Remove Her Towel!
    \V/ Download Now \V/
    Let your PC make US $$$ while you sleep.
    Bitcoin trading is Hard. BTC Millionaire Secrets Revealed
    You're the <% $UCKER %>th Visitor! Claim Your Prize!

Re:Waste of Time (1)

Anonymous Coward | about 9 months ago | (#45890715)

I did not RTFA, but the general practice of scaring the user needs to stop - even from the point of view of the AV vendors. Most AV products show warnings like "Potentially unwanted product" using the exact same design/messaging as they show warnings for actual viruses. Yes, it's a good idea to alert the user. No, it's not a good idea to do so in a way that makes them believe their world is about to end because they might see an ad or something.

Re:Waste of Time (1)

Anonymous Coward | about 9 months ago | (#45890807)

Well, then you're not going to like the article. It says to tell the user "this IS bad and WILL damage your computer" instead of "this may be a potential hazard".

Re:Waste of Time (3, Interesting)

geminidomino (614729) | about 9 months ago | (#45891241)

Right, but the point of the article is to do so on sites that ARE bad and WILL drive-by software that will try to log your keystrokes, steal your passwords and account numbers, and use your computer to send out spam (concrete threats), and not "this could be something scary and microsoft doesn't approve" because you have a GUI IP scanner installed.

Re:Waste of Time (0)

Anonymous Coward | about 9 months ago | (#45900239)

The problem with this line of reasoning is that the current notifications are ignored not because they are incorrect or misunderstood but rather due to being displayed so often for known false positives. People who misunderstand warnings like these take the most conservative (overreactive) action of completely shutting everything down (setting it on fire) quickly (in a panic).

Which leads me personally to believe this problem -will- never be solved. Attempting to be too specific will lead to false negatives and no one is going to buy AV that doesn't stop everything. Attempting to not let ANY malware through leads back to where we are now.

Re:Waste of Time (2)

Pentium100 (1240090) | about 9 months ago | (#45892295)

I especially like it when AV software flag a keygen for being a keygen. No, not because the keygen also has a trojan or whatever, but that it is a keygen. The explanation usually states "keygens may contain malware" - so, tell me whether it actually contains malware or not - maybe that's why I scanned it with the AV software...

Re:Waste of Time (2)

tlhIngan (30335) | about 9 months ago | (#45893241)

I especially like it when AV software flag a keygen for being a keygen. No, not because the keygen also has a trojan or whatever, but that it is a keygen. The explanation usually states "keygens may contain malware" - so, tell me whether it actually contains malware or not - maybe that's why I scanned it with the AV software...

The problem is, a lot (if not most) keygens are wrapped in ways that make it impossible to tell. After all, a wrapped keygen is a trojan, and it's so easy to do tons of things that no anti-malware can detect them call because it's so easy to do. All the trojan has to do is spawn a downloader process, then launch the real keygen, and you're none the wiser.

There's nothing any anti-malware can do about it - there's no way to tell if it's a clean keygen or a wrapped one. Heck, many of them are also packed EXEs just like the keygens themselves.

And yes, trojans are impossible to scan - your malware scanner might detect when the wrapped keygen actually downloads a known piece of malware, but that downloader will quietly run in the background until someone actually analyzes it.

Re:Waste of Time (1)

Anonymous Coward | about 9 months ago | (#45894105)

The problem is, a lot (if not most) keygens are wrapped in ways that make it impossible to tell. After all, a wrapped keygen is a trojan, and it's so easy to do tons of things that no anti-malware can detect them call because it's so easy to do. All the trojan has to do is spawn a downloader process, then launch the real keygen, and you're none the wiser.

There's nothing any anti-malware can do about it - there's no way to tell if it's a clean keygen or a wrapped one. Heck, many of them are also packed EXEs just like the keygens themselves.

And yes, trojans are impossible to scan - your malware scanner might detect when the wrapped keygen actually downloads a known piece of malware, but that downloader will quietly run in the background until someone actually analyzes it.

Sandboxie [sandboxie.com] is your friend. :)

Warning! Your news website is infected (-1)

Anonymous Coward | about 9 months ago | (#45889801)

with boring pointless articles. Click the red X in the top right hand corner of the screen to make this garbage go away.

Hmmm ... (1)

gstoddart (321705) | about 9 months ago | (#45889805)

You mean like when Microsoft Windows tells me that a zip file has "unspecified problems on the current page" or whatever it is?

Because the ones I see now are pretty meaningless and come down to something bad can happen, click Yes to say it's your fault if it does.

Oh, and browsers shouldn't be able to put up dialog boxes which look like native ones -- that would prevent some of the malware from getting onto people's machine in the first place.

Re:Hmmm ... (2)

gstoddart (321705) | about 9 months ago | (#45889919)

My other personal favorite is some of the dumb warnings from IE -- you are about to use the internet, are you sure you really want to do that? followed by when you use the internet, people can see what you do, are you sure?.

Re:Hmmm ... (1, Informative)

Anonymous Coward | about 9 months ago | (#45889973)

Oh, and browsers shouldn't be able to put up dialog boxes which look like native ones

Pretty hard to prevent when they can display arbitrary images. You'd have to do something they couldn't replicate, like personalizing it per user, or using a reserved part of the screen.

Re:Hmmm ... (0)

Anonymous Coward | about 9 months ago | (#45890819)

Pretty hard to prevent when they can display arbitrary images. You'd have to do something they couldn't replicate, like personalizing it per user, or using a reserved part of the screen.

Personalized, like with some sort of personal key?

Re:Hmmm ... (1)

ancientt (569920) | about 9 months ago | (#45891037)

Oh, I like that. Pick your own warning totem from this list or from this handy Yahoo/Google/AnythingButBing search.

Re:Hmmm ... (3, Insightful)

lgw (121541) | about 9 months ago | (#45891615)

Pretty hard to prevent when they can display arbitrary images. You'd have to do something they couldn't replicate, like personalizing it per user, or using a reserved part of the screen.

Trivial: just put a very obvious and different border around any dialog raised by the browser, like thick red and black hashing or something equally unsubtle. It's wouldn't solve every problem, but making it really obvious when it's a pop-up would help.

Or, better, just remove the whole horrible idea of pop-ups from the world of browsers. It solves a problem that no longer exists in tabbed browsing. Restrict web pages from opening anything but a new tab, and nothing of value will be lost.

Re:Hmmm ... (1)

jdschulteis (689834) | about 9 months ago | (#45902121)

Pretty hard to prevent when they can display arbitrary images. You'd have to do something they couldn't replicate, like personalizing it per user, or using a reserved part of the screen.

Trivial: just put a very obvious and different border around any dialog raised by the browser, like thick red and black hashing or something equally unsubtle. It's wouldn't solve every problem, but making it really obvious when it's a pop-up would help.

Your "trivial" solution won't help when the pop-up is a floating div on a web page instead of an actual window. You need to decorate the real OS windows in a way that an attacker cannot know ("personalizing it per user", in GP AC's words). This is similar to the "personal security image" used by some banking and credit card sites, where an attacker trying to make a fake login page has no way of knowing what picture is supposed to be next to the password entry box.

Re:Hmmm ... (1)

satuon (1822492) | about 9 months ago | (#45895555)

You can't duplicate the cursor behavior, though - if the image is a link, it shows, the cursor turns to a hand.

Re:Hmmm ... (1)

houstonbofh (602064) | about 9 months ago | (#45890133)

Or like the apoplectic fit browsers go into every time you want to use a self signed cert! Yes, my router/ap/storage appliance is self signed. Shut up already!

Or the "You didn't check all the boxes in your jar" java warning that pops up every time you open a Trendnet camera, AND CAN NOT BE OVERRIDDEN!

No wonder people ignore them now.

Re:Hmmm ... (1)

Anonymous Coward | about 9 months ago | (#45890203)

my router/ap/storage appliance is signed by the NSA

FTFY. Or did you memorize the thumbprint of your cert and check it against the thumbprint the "apoplectic" browser alert to make sure you're talking to who you think you're talking to?

Re:Hmmm ... (3, Interesting)

vux984 (928602) | about 9 months ago | (#45890285)

The NSA would use a major signing authority so as to avoid any warnings. And it would say it was signed by whoever they wanted it to say it was signed by because... NSA.

You are actually better off using your own PKI all the way up and adding your own root certs etc to your browsers if you are concerned about the NSA.

This isn't actually bad advice in general.

Re:Hmmm ... (1)

ancientt (569920) | about 9 months ago | (#45891089)

How would this work exactly? I'm used to having my browser and OS start with trusted roots, but I can imagine taking them out and replacing them with my own, then having to add in cert by cert, individually and specifically trusting each one. It sounds like a real hassle, but one that would grow easier as time goes on. I use NoScript to do very much the same thing, but it's no defense against MITM. Is there some system where there is a web of trust being built to do the same thing? I would *really* like to learn about that.

Re:Hmmm ... (1)

vux984 (928602) | about 9 months ago | (#45890255)

Or like the apoplectic fit browsers go into every time you want to use a self signed cert! Yes, my router/ap/storage appliance is self signed. Shut up already!

The browser warning is correct. You don't know the identity of the computer you are connecting to. Only that it was signed at some point, by somebody.

Verify the cert, then add the signing chain to your browser. The warning goes away and you actually know you are talking to your device.

Re:Hmmm ... (1)

gnasher719 (869701) | about 9 months ago | (#45890441)

The browser warning is correct. You don't know the identity of the computer you are connecting to. Only that it was signed at some point, by somebody.

You know something more. It was signed at some point, by somebody who is either you or pretending to be you. Well, not helpful.

Re:Hmmm ... (1)

houstonbofh (602064) | about 9 months ago | (#45890635)

The browser warning is correct. You don't know the identity of the computer you are connecting to. Only that it was signed at some point, by somebody.

If I just took the access point out of the box, and I am connecting to it on a local network, I am fairly sure I know EXACTLY the identity of the computer I am connecting to. And as I am in the networking industry, and do this all the time in lots of locations, I see the warning a whole lot.

Re:Hmmm ... (1)

drinkypoo (153816) | about 9 months ago | (#45893197)

If I just took the access point out of the box, and I am connecting to it on a local network, I am fairly sure I know EXACTLY the identity of the computer I am connecting to.

The computer doesn't know you did that, and there's no good way for it to know that which wouldn't involve digital signatures...

Re:Hmmm ... (2)

houstonbofh (602064) | about 9 months ago | (#45893479)

If I just took the access point out of the box, and I am connecting to it on a local network, I am fairly sure I know EXACTLY the identity of the computer I am connecting to.

The computer doesn't know you did that, and there's no good way for it to know that which wouldn't involve digital signatures...

How about "Accept this cert forever, regardless of what IP it is on."
Or, "Accept self signed certs on local subnets."
Problem solved in two optional check boxes.

Re:Hmmm ... (1)

sjames (1099) | about 9 months ago | (#45893705)

Whereas with an 'official' cert you can rest assured that someone somewhere (possibly using photoshop) convinced one of hundreds of companies you've never heard of to take their money and issue a cert.

Re:Hmmm ... (1)

squiggleslash (241428) | about 9 months ago | (#45890589)

Browsers only warn you about self-signed certs if you don't install your CA certificate on that browser, which is completely reasonable and they absolutely should be doing that, given you're asking them for a secure connection and they're not getting anything from the server indicating that there's a genuinely secure connection in progress.

Re:Hmmm ... (1)

jd2112 (1535857) | about 9 months ago | (#45890663)

Or like the apoplectic fit browsers go into every time you want to use a self signed cert! Yes, my router/ap/storage appliance is self signed. Shut up already!

Why do browsers show warnings when self-signed certs are encountered?
A self-signed cert says 'I am yourbank.com because I say I am.'
A certificate from a CA says 'I am yourbank.com and Verisign can vouch for me.'

Re:Hmmm ... (1)

Wintermute__ (22920) | about 9 months ago | (#45892099)

Or like the apoplectic fit browsers go into every time you want to use a self signed cert! Yes, my router/ap/storage appliance is self signed. Shut up already!

 

Why do browsers show warnings when self-signed certs are encountered?

A self-signed cert says 'I am yourbank.com because I say I am.'

A certificate from a CA says 'I am yourbank.com and Verisign can vouch for me.'

Or perhaps 'the Hong Kong Post Office can vouch for me'.

Re:Hmmm ... (2)

BradleyUffner (103496) | about 9 months ago | (#45894139)

A certificate from a CA says 'I am yourbank.com and Verisign can vouch for me.'

It's more like "I am yourbank.com because I gave Verisign $500, behold my green lock icon!".

specific warnings that are not technical (4, Funny)

kruach aum (1934852) | about 9 months ago | (#45889821)

If you click this link you will literally want to kill yourself like that time you thought you'd pulled your underwear all the way down but instead re-enacted the slicing frame scene from Cube but with poop

If you click this link you will be tricked into being tricked into giving Russians money to make a non-existent problem not go away, like that time you bought a can opener because you chipped a tooth opening a beer bottle and then never used it

If you click this link you will experience the mental equivalent of three elephant births through a human sized vagina worth of pain over the course of a week and a half

Re:specific warnings that are not technical (2)

gstoddart (321705) | about 9 months ago | (#45890107)

Of course, the problem with your warnings is they need a warning to precede them.

Because, well, ick.

Re:specific warnings that are not technical (1)

wonkey_monkey (2592601) | about 9 months ago | (#45891165)

Warning: I heard you like warnings, so I put a warning on your warning so you can... uh... be warned of the warning.

Re:specific warnings that are not technical (1)

lgw (121541) | about 9 months ago | (#45891689)

Warning: reading the following warning will make you feel like that time when you didn't notice in time that something had crawled into your beer can and died.

Re:specific warnings that are not technical (-1)

Anonymous Coward | about 9 months ago | (#45890145)

-1 Juvenile, +2 Slashdot audience impressed by same.

Warning: Potholes ahead (0)

Anonymous Coward | about 9 months ago | (#45889847)

I once went to a natural history museum with out-of-date dinosaur exhibits. They put up a sign saying something like, "Note: This exhibit no longer reflects current paleontological understanding."
Why should anyone be running an operating system that is vulnerable to malware?

Re:Warning: Potholes ahead (2)

Joce640k (829181) | about 9 months ago | (#45889907)

Why should anyone be running an operating system that is vulnerable to malware?

Because they want to do some work?

Worms for Workgroups (0)

Anonymous Coward | about 9 months ago | (#45891105)

Why should anyone be running an operating system that is vulnerable to malware?

Because they want to do some work?

Sure, but most people don't work for McAfee or F-Secure. I totally undertand why they need to run malware-support OSes. You can't really work in the AV business, without seeing things through the eyes of virus users, understanding why they choose the malware that they do, and knowing what makes a person decide to give high (or at least user-level) privileges to hostile softare.

But most people never really have reason to be virus users, even in their jobs. Not only do I never really need to run malware, but nobody in my company is required to install malware either. Not desk people, not production, not sales -- nobody ever needs to run phishing forms, spambots, or anything else like that which needs a Microsoft Windows runtime to be available. And if someone ever really did want to get phished, the developers all have VMs that we'd be happy to help walk someone through.

Re:Worms for Workgroups (1)

lgw (121541) | about 9 months ago | (#45891795)

Almost no malware today has anything to do with the OS. It's possible that the radically-different SE Linux security model would help, but then look who wrote that. No, I don't think the OS is relevant here.

Re:Warning: Potholes ahead (0)

Anonymous Coward | about 9 months ago | (#45892221)

Thanks to recent technological advances, Windows is no longer the only OS with a web browser.

Re:Warning: Potholes ahead (1)

TangoMargarine (1617195) | about 9 months ago | (#45890277)

Because it's not possible to design a perfect computer system? Not if you want it to be customizable, anyway; you'd have to store it in ROM.

Re:Warning: Potholes ahead (1)

HiThere (15173) | about 9 months ago | (#45890977)

Storing it in ROM wouldn't suffice, though it would help a lot. I think your first statement was better: "it's not possible to design a perfect computer system".

Re:Warning: Potholes ahead (2)

Tablizer (95088) | about 9 months ago | (#45890605)

I applaud them for their honesty. They could have skipped any such notice, as is typically done in the commercial world.

Re: Warning: Potholes ahead (1)

tepples (727027) | about 9 months ago | (#45893909)

Because the alternative is a walled garden, where you can't even write your own program and run it without doing an internship with an established company for the verifiable industry experience, starting your own company, and paying an annual fee to the operating system publisher.

Too much repetition (3, Insightful)

asmkm22 (1902712) | about 9 months ago | (#45889999)

This is just based on my experience, but it seems like users are very quick to develop habits based on repetition. UAC is a good example, in that it doesn't take more than a few days to get used to clicking OK on the box that pops up when then screen fades out a little. Changing what the message says won't change that behavior.

Re:Too much repetition (1)

houstonbofh (602064) | about 9 months ago | (#45890157)

This is just based on my experience, but it seems like users are very quick to develop habits based on repetition. UAC is a good example, in that it doesn't take more than a few days to get used to clicking OK on the box that pops up when then screen fades out a little. Changing what the message says won't change that behavior.

When the safety feature interrupts you more often than it protects you, it becomes an annoyance, not a safety feature. Like the apoplectic fit browsers go into every time you want to use a self signed cert! Yes, my router/ap/storage appliance is self signed. Or the "You didn't check all the boxes in your jar" java warning that pops up every time you open a Trendnet camera, and can not be permanently OKed.

Re:Too much repetition (1)

Anonymous Coward | about 9 months ago | (#45890407)

Yeah, other fields figured that out decades ago.
Safe operating procedures and safety features that prevent the operator from doing their job *will* get ignored/removed/disabled.

Re:Too much repetition (2)

zakkudo (2638939) | about 9 months ago | (#45890311)

This is a very Windows-ish problem. I always read dialogs on Linux and Mac OS X. I tried doing that for a while on Windows, and found out that most of them are meaningless, overly vague, or just plain overely intrusive. I found myself ignoring them on Windows like everybody else does.

Microsoft is the primary perpitrator of this problem. They are the reason that 90% of the casual computer users ignore any and all dialogs. It's aggrivating as a web dev and you have to double-think yourself because of MS's actions.

Re:Too much repetition (0)

Anonymous Coward | about 9 months ago | (#45890987)

You apparently haven't paid much attention to how casually most users enter their password because they need sudo rights to install most software.

Re:Too much repetition (0)

Anonymous Coward | about 9 months ago | (#45894543)

But how to solve this problem?
Most users need to install software, but it can't be done without care and thought.

Re:Too much repetition (1)

zakkudo (2638939) | about 9 months ago | (#45894831)

I personally only install software through the terminal. That means I initiate all install. I have to contiously add sudo, knowing what it means. It's not the magical meaningless popup that doesn't take a password on Windows. Most dialogs have already lost their meaning on Windows.

Re:Too much repetition (1)

asmkm22 (1902712) | about 9 months ago | (#45891277)

It's not just Windows. I see it on Mac's where it prompts the user to enter their credentials again to make sure (they of course blindly enter them without asking why). It's also really common on the web, from SSL warnings to overlay ads to ToS agreements to initial browser settings dialogue. People have been trained to click past whatever pops up.

Re:Too much repetition (1)

zakkudo (2638939) | about 9 months ago | (#45891665)

I haven't been on a mac since 10.4 I think. So, it might have changed. I always at least felt like I knew why the credential dialogs were popping up on a Mac when I was using it.

In the end, after having not used much MS Windows since around the beginning of the XP era, when I came back, at first I read some of the dialogs, then I realized 90% of them weren't really readable to begin with. And then I realized they hide dirty installs in those dialogs that they trained you to ignore...

Meh. Anyway, those are my humble thoughts.

Re:Too much repetition (0)

Anonymous Coward | about 9 months ago | (#45890929)

I agree, the default behavior should be to block, while not forcing a focus hold, the behavior that is dangerous.

The way that SSL/TLS certificates are handled now is a good place to begin. However for those there should be a few categories:

1) This site uses a self-signed and/or 'private' authority, DO NOT TRUST IT WITH MONEY OR VALUABLES, for all other cases would you like to confirm a permanent exception?

2) This site's certificate is being used incorrectly (enumerate how: it's out of date, for the wrong domain but this is a 'related' sub domain etc); would you like to confirm a temporary exception for the next 48 hours?

3) High risk of criminal activity and/or fraud detected by FraudWatch / AV Provider / Google/Yahoo/Bing URL filter.

4) A re-design with an actual data security model for scripts. Eliminate cross-scripting attacks, isolate information entered to domain specific schemas. Only allow 'external' scripts, content and 'submission' from/to whitelisted domains.

Yep.... prompts don't work. (1)

King_TJ (85913) | about 9 months ago | (#45891095)

I think the only effective preventative measures are the automated ones. Unfortunately, so many of these work relatively poorly, blocking intended software updates or changes. Ultimately though, I think improvement of the automatic process blockers/killers is the best place to put effort -- not redesigning warning dialogs for people to click through or "approve/deny".

Most users, in my experience, don't even know what's safe to approve or deny when they're prompted. With so much software doing automatic updates, they're used to things wanting to install even if they haven't intentionally installed or changed ANY of the software they use in years. So malware prompting to install, to them, is likely just "another one of those darn Adobe or Microsoft or Java apps" doing its thing. So they'll approve it when asked.

Re:Too much repetition (0)

Anonymous Coward | about 9 months ago | (#45893079)

Exactly! This is why there should be a straight forward logic question posed as part of the message... You must read and understand the warning in order to click the correct button.., incorrect answers increase the dialog size and font size... While altering the logic question so it's not just a game of whack-a-mole.

Oxymorons (2)

barakn (641218) | about 9 months ago | (#45890111)

"concrete, specific warnings" and "not technical"

Re:Oxymorons (3, Funny)

Tablizer (95088) | about 9 months ago | (#45890557)

"concrete, specific warnings" and "not technical"

"Don't click the purple button shaped like the bow-tie Justin Beiber wore on 'Dancing with Stars' last week".

See, it can be done.

Re:Oxymorons (0)

Anonymous Coward | about 9 months ago | (#45890647)

If they have warnings about concrete, I think they should have warnings about asphalt, cement, and other hard surfaces. Think of the children!!!

Re:Oxymorons (2)

phantomfive (622387) | about 9 months ago | (#45890729)

I've gone through pieces of my software and made sure that each error message is clear and understandable, and explains exactly what the user needs to do to fix the problem.

It's not easy, requires a lot of debugging, and I estimate that it will at least double the time of development of moderately complicated projects (if all you have is a webpage like facebook, you can say, "please reload the page" or "try again in ten minutes" and hopefully that will fix things).

The time is doubled, and you don't normally get much benefit from it.

Re: Oxymorons (0)

Anonymous Coward | about 9 months ago | (#45891121)

And helloworld.exe was delayed by 2 years...

Re: Oxymorons (0)

Anonymous Coward | about 9 months ago | (#45892125)

Not to mention going over-budget by $5 million. Somehow, the more people he brought in, the slower the progress was.

Re:Oxymorons (0)

Anonymous Coward | about 9 months ago | (#45893845)

This page might be a fake made to look like the page you want.

Advice for the enemy? (2)

Cantankerous Cur (3435207) | about 9 months ago | (#45890189)

So why are we giving malware programmers suggestions?

What malware alerts? (1)

angel'o'sphere (80593) | about 9 months ago | (#45890215)

The only malware alerts I get from web sites popping up an advert claiming "my mac is running slow" offering me to download: malware.
Ofc. I ignore those warnings ...

why not beef up the alert system? (1)

swschrad (312009) | about 9 months ago | (#45890327)

like, say, banning for life websites serving up crapware... in the case of malware ads, banning the ad sites. and submitting the site info automatically to Spamhaus and the like. there are so many "oh, gee, we blocked content from Internet Explorer" boxes every day that it's meaningless. the content is NOT from IE, it's from slopbucket.adserver.ru or wherever.

Re:why not beef up the alert system? (0)

Anonymous Coward | about 9 months ago | (#45891327)

like, say, banning for life websites serving up crapware... in the case of malware ads, banning the ad sites. and submitting the site info automatically to Spamhaus and the like. there are so many "oh, gee, we blocked content from Internet Explorer" boxes every day that it's meaningless. the content is NOT from IE, it's from slopbucket.adserver.ru or wherever.

Corral the internet content instead of adjusting how a single program handles said content? Sure, that sounds much easier. While you're at it, we've been meaning to put borders around the internet too. Please feel free and draw those in while you're under the hood poking around. Easy as pie...

Re:why not beef up the alert system? (0)

Anonymous Coward | about 9 months ago | (#45894537)

Just ban Google an Yahoo. That will make most malware disappear.

Not Realistic (1)

Akratist (1080775) | about 9 months ago | (#45890371)

I'm not usually one to take exception to published research, but I am skeptical of this. The real problem here is that most people view computers as little black boxes that use a lot of elves and magic to keep them working. Malware, viruses, whatever, are as understandable to most people as ergot was to the Puritans in Salem, 1692. Substituting one sort of warning for another is not going to make a significant difference "in the wild," because people's frame of reference doesn't put them in the right mindset to understand what is going on. I've had extended periods of time where my hardware didn't have anti-virus installed and I never had a problem with malware. On the other hand, I have relatives who all run anti-virus and it's a slow but steady trickle of people needing me to remove stuff from their machines. The real solution, if it's even possible, is to educate users enough on their systems to where they at least have a semi-informed idea of what is going on with their hardware, and can make smart decisions on their use from that solid starting point.

Re:Not Realistic (2)

jader3rd (2222716) | about 9 months ago | (#45890673)

The real problem here is that most people view computers as little black boxes that use a lot of elves and magic to keep them working.

There's the problem. We need to inform people that computers are little black boxes that use smoke to keep them working. How do I know? Because every time I've seen the smoke escape from the computer, it stopped working.

Re:Not Realistic (1)

Wintermute__ (22920) | about 9 months ago | (#45892257)

The real problem here is that most people view computers as little black boxes that use a lot of elves and magic to keep them working.

There's the problem. We need to inform people that computers are little black boxes that use smoke to keep them working. How do I know? Because every time I've seen the smoke escape from the computer, it stopped working.

The empirical evidence is, indeed, compelling. My results correspond to your own.

Creating better malware through psychology (1)

slew (2918) | about 9 months ago | (#45890775)

Generic malware that mimic alerts to fool computer users to click to download an exploit might be largely ineffective and often ignored. Researchers, however, have proposed a change to the status quo, believing instead that malware should be re-architected to include the same concrete, specific warnings that will be used in the future to maintain the status quo.

The more things change, the more they remain the same...

Advertising... (0)

Anonymous Coward | about 9 months ago | (#45890815)

The big, scary, alerts are already driven by psychologists, only they work in the marketing department; the only department that matters in anti-virus companies any more.

Psychology... or *reverse* psychology! (1)

wonkey_monkey (2592601) | about 9 months ago | (#45891183)

You should totally click on this link. Your mom thought it was cool.

threatpost captcha broken (0)

Anonymous Coward | about 9 months ago | (#45891705)

Amazing how nobody writing widely-used software thought of this before. It's apparent immediately to me, like when I'm trying to decide which updates to install in windows, or which services running in the background are not needed on this particular machine and let's turn them off.

Just try and read the given explanations and divine some meaning from them. None of what they say is relevant or useful or meaningful to the professional, nevermind the layman.

This is one reason why I ran from windows years ago, then ran away from linux, to try a Real Unix (all three of the FOSS BSDs back then, so not in trademark, but certainly in lineage) instead. Apart from more mature code, the documentation is actually readable and mostly correct too.

Also: Stop saying "the user". You're talking not some vague somebody nobody really cares about. You are talking to *me*, so act like it.

Who is this *me*? Depending on just what you're writing, a fellow developer, or an overworked sysadmin or troubleshooter trying to fix up your mess, or a user you have to explain just what you're on about. But I am a person, and you, dear warning writer, may as well be concrete about that.

And why limit yourself to warnings? Learn to write, and write some readable documentation. Maybe some enterprising soul might deign to read it, too. I know I do, all the time.

So what this research really shows, is a large amount of failing to think of computer-using people as people capable of following any kind of instructions. This has long been deliberate, as part of the marketing shtick ("intuitive! no training needed!") but the long-term result is masses of people, including supposedly "digital natives", that cannot fix their own computer.

And now we see we can't even fault them, because we've given them no incentive and every disincentive to heed any advice, especially any warning, at all. Cry wolf, etc.

We shouldn't need the warnings at all. (1)

Sanians (2738917) | about 9 months ago | (#45896109)

The problem is that we shouldn't need the warnings at all.

Say your kid finds a web site that offers an awesome free game, and so he downloads it. Why shouldn't your computer be able to run that game (or virus) in such a way that it isn't able to take over your entire computer? The idea that programs should be able to do anything on a computer that the user running them is authorized to do is completely outdated.

When users want to access arbitrary files and make massive changes to their filesystem, they use a file browser provided by the OS, or a zip/unzip utility provided by the OS, and so in both cases there's no concern of the security of these applications. Every other program anyone uses only needs to access files specifically selected by the user, and so all that is needed is an API call to the effect of "open_whatever_file_the_user_selects()" which prompts the OS to display a file open dialogue to select which files the program should have access to and return the file handles to the program. The only other need for filesystem access I can think of is software which needs to cache data, but that doesn't require filesystem-wide access either. All it requires is that the OS give it a folder specific to that application where it can store whatever data it wants inside that folder, but not outside it.

The present state of things where programs can do anything the user is allowed to do was created before anyone thought of viruses and so it's completely outdated. Why we haven't improved upon that situation, I have no idea. It seems easy enough to do, but instead we're fucking around with the wording of our "your stupid OS will let this program do anything to your computer that you're allowed to do, which could be disastrous if the program is evil, so do you want to twiddle your thumbs today or do you dare to attempt to use your computer?" dialogue boxes. People choose to run software because the reason they own a computer is that they want to run software. It's no surprise at all that they learn to ignore their OS's warnings about how incompetent it is because if they heeded the warnings they'd never get anything done.

Re:We shouldn't need the warnings at all. (1)

david_thornley (598059) | about 9 months ago | (#45900383)

Because it's a lot harder than you think it is.

Part of what you apparently want is sandboxing, which is a great idea in theory but tends to fail in practice. Java applets are sandboxed, for example, and everybody's telling me not to trust them at all. Turns out it's really hard to make a secure sandbox that allows useful actions. Moreover, there's increased pressure to allow general-purpose applications to run in the browser.

It really isn't easy to separate actions into "would be approved by the user" and "would not be approved by the user", or to provide adequate comprehensible information for the user to decide. Repeatedly asking for permissions not only makes software very cumbersome, it desensitizes the user to warnings. Without understanding why a warning or request comes up, the user will resort to clicking everything necessary to get something done.

EZ-Warning (1)

VortexCortex (1117377) | about 9 months ago | (#45896343)

EZ-Warning.exe has encountered a problem and needs to
close. We are sorry for the inconvenience.

If you weren't in the middle of something, this wouldn't have made you
angry about our buggy code.

Please yell at Microsoft and IT about this problem they can't fix.

We have created an error report that won't matter if you send to us. PRISM will treat
this report as key information on how to better exploit and profile you.

To see what data the NSA deems innocuous, click here.
No, over there on the buttons not these words, you idiot.
[ Gibberish ] [ Send proof of rage ] [ Fuck it ]

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?