Disaster is just a click away

Sep 11, 2012

A Kansas State University computer scientist and psychologist are developing improved security warning messages that prompt users to go with their gut when it comes to making a decision online.

Eugene Vasserman, assistant professor of computing and information sciences, and Gary Brase, associate professor of psychology, are researching how to help computer users who have little to no computer experience improve their Web browsing safety without security-specific education. The goal is to keep users from making mistakes that could compromise their online security and to inform them when a security failure has happened.

"Security systems are very difficult to use, and staying safe online is a growing challenge for everyone," Vasserman said. "It is especially devastating to inexperienced computer users, who may not spot risk indicators and may misinterpret currently implemented textual explanations and visual feedback of risk."

Vasserman, whose expertise is in building secure , and Brase, who studies decision-making and the rationality behind people's choices, are developing a simple visual that would show novice an easily understandable, relatable warning regarding their security decisions. These could be a choice to visit a website with an expired security certificate, or a website that is know to contain malware, among other online dangers. The idea is to have users make a gut reaction decision based on the message.

"The challenge is to get people to make the right decision," Vasserman said. "For example, sometimes a browser will show a dialog box saying this website has an expired SSL certificate, and sometimes the safer behavior is for people to still proceed and accept the expired certificate. But sometimes a website can pose a serious threat. We want people to make good choices without having to understand the technical detail, but we don't want to make the choice for them; we want to show them the importance and danger level of that choice."

Their project, "Education-optional Security Usability on the Internet," was recently awarded nearly $150,000 by the National Science Foundation. Researchers are using the funding to develop, test and evaluate the effectiveness of new and existing educational tools to find which ones case users to make better online security choices.

This system should minimize the use of traditional text warnings and icons, according to Vasserman.

The messaging system created will also likely be used in a medical project that Vasserman and colleagues are developing. The researchers are designing a secure network for hospitals and doctors' offices so medical devices can communicate with each other to monitor and relay information about a patient's health. Having a system that shows instantaneously recognizable consequences could be helpful to physicians and hospital engineers, who are not familiar with cybersecurity, make a correct decision quickly about what to do with a medical device that has a security problem.

"Presenting bad things with some sort of visual image is tricky because you want to convey to the user that this is not good, but you also don't want to traumatize them," Vasserman said. "For example, some people are terrified of snakes so that may be too intense of an image to use. When this is applied to a medical environment you have to especially conscious, so there are more considerations."

Prior to collaborating with Brase, Vasserman and Sumeet Gujrati, a doctoral candidate in computing and , tested the effectiveness of textual and visual communication for messages and workflows.

Researchers spent more than 90 hours collecting data by observing volunteers use a piece of popular software that encrypts files on a computer.

The on-screen instructions asked users to select a location to store the encrypted files, but users often selected an existing file due to the phrasing of the instructions. This prompted an on-screen warning message stating that the selected file would be erased and all of the information inside of it would be lost. Users then had to decide to continue and erase the file or cancel the process and start over.

"I sat in the room many times and watched as people read the warning message carefully, sometimes even re-reading it, and then watched as they clicked on 'yes' and destroyed the file," Vasserman said. "Because the information being conveyed to them in the message was not immediately clear, many users specifically deleted the file they wanted to protect. I see that as an indicator that a text warning is not effective at getting to make the correct choice."

Explore further: LinkedIn membership hits 300 million

add to favorites email to friend print save as pdf

Related Stories

Hackers aim ruse at Apple computer users

May 26, 2011

Hackers are out to trick Apple computer users into infecting Macintosh machines with malicious code pretending to be legitimate security software.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...