The Quick Click
Due to the redundant and monotonous nature of present day security alerts, our brains get used to them (habituated) far too quickly. Thus, most users don’t even bother to read anything when they are greeted with a pop-up window asking “allow” or “cancel”. They just click the “allow” button, as they always do without any consideration. This is why most of the security measures used in Windows are bound to fail. Since those measures are a part of the operating system and appear frequently, they do not get any attention. Users just get used to clicking the “allow” button, regardless of what is going on. This is why the MRI images show a drop in brain activity when a usual security alert is encountered. SSL security warnings and browser messages usually get the same treatment. In most cases it is the quick click that makes it really easy for malware/threats to get in. Details on the study conducted can be found in the paper titled How Polymorphic Warnings Reduce Habituation in the Brain- Insights from an fMRI Study.
Installation of PUP’s may also be a result of this quick click behavior. While installing software, users are accustomed to clicking the next and “I agree” buttons, and the wily PUP vendors are well aware of that. Most adware and unwanted software include a small agreement to install their program (in order to avoid getting blacklisted) but they manage to conceal the deal in such a way as to slip through, unnoticed by the user.
A Better Warning System
A much better response can be received by using dynamic warnings that differ in appearance every time. According to the MRI data such polymorphic warnings showed higher brain activity while they were being addressed. In this way, even medical studies can lead to the development of a better and more effective user interface or warning system. There is an astonishing relation between the nature/general appearance of alerts and the way they are treated. Thus, changing alerts to look different visually, by adding an extra border or using a new font can trigger a much more active response from the user which would result in more informed decisions. Also, security warnings should not be too frequent in order to maintain importance and false positives must be avoided as much as possible, so that alerts evoke a surprise reaction warranting attention. It is not always the big things that matter, a small change like making alerts more varied and dynamic could end up being the biggest contributor to preventing attacks in the future.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a nice (well-informed) day!