Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Don't work. Can't work? Why it's time to rethink security warnings
  • Publication Type:
  • Authors:
    Krol K, Moroz M, Sasse MA
  • Publication date:
  • Pagination:
    1, 8
  • Published proceedings:
    Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on
  • ISBN-13:
  • Status:
  • Name of conference:
    Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on
  • Conference place:
    Cork, Ireland
  • Conference start date:
  • Conference finish date:
  • Keywords:
    Browsers, Google, Internet, Interviews, Portable computers, Security, Internet, alarm systems, computer viruses, laptop computers, Internet users, PDF file download warning, academic article summary tool, antivirus software, computing skills, false alarms, false positives, generic warning, laptops, online security threat protection, security risks, security warnings, usability test
As the number of Internet users has grown, so have the security threats that they face online. Security warnings are one key strategy for trying to warn users about those threats; but recently, it has been questioned whether they are effective. We conducted a study in which 120 participants brought their own laptops to a usability test of a new academic article summary tool. They encountered a PDF download warning for one of the papers. All participants noticed the warning, but 98 (81.7%) downloaded the PDF file that triggered it. There was no significant difference between responses to a brief generic warning, and a longer specific one. The participants who heeded the warning were overwhelmingly female, and either had previous experience with viruses or lower levels of computing skills. Our analysis of the reasons for ignoring warnings shows that participants have become desensitised by frequent exposure and false alarms, and think they can recognise security risks. At the same time, their answers revealed some misunderstandings about security threats: for instance, they rely on anti-virus software to protect them from a wide range of threats, and do not believe that PDF files can infect their machine with viruses. We conclude that security warnings in their current forms are largely ineffective, and will remain so, unless the number of false positives can be reduced.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by