[LINK] Security efforts hindered by untrained users
Matthew Sullivan
matthew at sorbs.net
Thu Jan 31 07:51:17 AEDT 2008
Stilgherrian wrote:
> On 30/1/08 10:57 PM, "Brendan Scott" <brendansweb at optusnet.com.au> wrote:
>
>
>> Bernard Robertson-Dunn wrote:
>>
>>
>>> "Certainly end users are a big hole for most people, because end users
>>> are not going to be your most technically competent people," said Gary
>>> Chen, a senior analyst at Boston-based Yankee Group Research Inc. "And a
>>> lot of attacks today rely on the gullibility of users to click on a link."
>>>
>> Surely this could be effectively combated by having a pop up ask "Are you
>> sure?" each time someone clicks a link?
>>
>
> No. Having worked a lot with relative naïve users over the years, I can
> report that any dialog which gets in the way of them achieving their aim
> simply isn't read. Since so many dialogs are meaningless (to them), and
> their world does not immediately cave in, hitting "OK" is a reflex action.
>
> They click "OK" without reading what the dialog says.
>
> Even if they did read the message, because they'd be being asked for every
> link, the vast majority of which would be legitimate, that click would soon
> become reflex if it wasn't already.
>
What you have to remember is that the user doesn't see 'Ok' or 'Cancel'
they just see one button that says:
"Press this to make it work."
/ Mat
More information about the Link
mailing list