[LINK] Study shows pop-up warnings are ineffective

[Ivan Trundle]

On 01/10/2008, at 5:11 PM, Marghanita da Cruz wrote:

> and here is mozilla's view
>> A number of press articles surrounding Symantec’s Internet Security  
>> Threat Report, and other recent similar reports from Cenzic and  
>> Secunia, are offering the confusing and incorrect conclusion that  
>> the effective security and safety of web browsers can be measured  
>> by simply counting the number of vendor disclosed software flaws.
>
I did mention this in the earlier conversation I had with my brother- 
in-law. He countered this assertion with the information that the  
vendor (Microsoft) and organisations such as Auscert etc routinely  
inform him of security flaws which have not yet been made public, in  
the interests of finding a patch before it becomes more widely known.

Either way, counting the number of security flaws without measuring  
the likely impact is a flawed measure indeed.

iT