[LINK] Study shows pop-up warnings are ineffective

andrew clarke mail at ozzmosis.com
Tue Sep 30 10:44:09 AEST 2008 

On Tue 2008-09-30 09:04:28 UTC+1000, Stilgherrian (stil at stilgherrian.com) wrote:

> And the user, who is bombarded with a thousand different styles of  
> interface widget because everything must be designed to deliver the  
> marketing message that it's "new and improved",

Certainly user interface change just for the sake of marketing is a
bit disheartening.

> who has no training in computers whatsoever but has simply absorbed
> an inaccurate and myth- filled oral tradition in their workplace, who
> doesn't understand a single word used by whoever wrote the dialog
> box, who simply wants to get their job done and go home before
> midnight, knows this is "the UAC prompt [...] generated by the
> operating system, not by the application that is requesting
> adnminstrator rights" how, exactly?

A person with absolutely no training in computers shouldn't be
employed to use one.

More broadly though, I think computer users have a certain level of
responsibility in educating themselves about the interface they
interact with.  Particularly if their income depends on it.

> I'm with Ivan Krstic on this, we've already lost.
> http://stilgherrian.com/internet/who_do_you_trust_everyone/

"When it comes to security, every desktop computer operating system is
fundamentally flawed. Why? Because any software you run has the same
permissions that you do. Anything you can do, they can do too -
whether you want that or not."

It is not a flaw but a fundamental compromise.  The operating system
engineers have to make design decisions about what permissions to
allow and deny at the user level.  To the user, security is just an
inconvenience.  The less they have to think about it the better.
Operating system engineers have to keep that in mind and try to find a
balance - keeping the user (and the OS itself) secure without
inconveniencing the user so much that they don't want to use it.

"When you run any software, you're trusting the author to do only what
they claim they will do."

And you're trusting your hardware to do what it's supposed to.  And
the compiler that the author used to build the software.  Inevitably
someone has to judge what the acceptable risks are of using a computer
for a particular task.  Common sense, I would've thought.

Regards
Andrew

More information about the Link mailing list