[LINK] Study shows pop-up warnings are ineffective
Roger Clarke
Roger.Clarke at xamax.com.au
Tue Sep 30 05:33:35 AEST 2008
At 22:27 +1000 29/9/08, Malcolm Miles wrote:
>And if you are not an administrator on the PC, then you can't just
>click through a UAC prompt. You either have to cancel out of it, in
>which case the nasty doesn't get to do its stuff ...
The other day I was confronted with one of those for the very first
time. (I'm remarkably successful in staying away from Wintels).
My mouse hovered over the Cancel button, but I saw that there was a
Close-Window click-box in the top corner and clicked that instead.
If a pop-up window says something like 'Download wonderful new
anti-virus solution now?' and offers buttons saying 'Download' and
'Cancel', can a user be sure that the 'Cancel' button doesn't have
the download functionality hidden behind it?
I guess I should try looking at the Javascript (or whatever it's
called in that context). But it would seem to be difficult for a
language designer to enforce consistency between the semantics of a
button-name on the one hand and the function performed by a routine
on the other.
Looking at an ancient HTML 4 handbook, the code would look something like:
<input
type="button"
NAME="Cancel"
VALUE="CANCEL"
ONCLICK="<download>">
But this is link; and there are people out there who aren't amateurs
like me. Can someone confirm or deny the reliability of 'Cancel'
buttons?
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list