Skip to main content
SpringerLink
Log in

Towards Improving the Efficacy of Windows Security Notifier for Apps from Unknown Publishers: The Role of Rhetoric

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

Abstract

With over 1.4 billion users of Windows 10, it is the most widely used operating system in the world. In Windows, applications from unknown publishers are popular due to mass availability and ease of access. Installing such applications can lead to malware infection, including viruses and ransomware. Therefore, we explored the design of interventions to prevent the users from installing applications from unknown publishers. To this end, we conducted a lab study with nine participants to understand the perceptions and behavior of users toward the designed interventions. Then, we conducted an online study with 256 participants to evaluate the impact of reflection, contextualization, and persuasion used in the finalized interventions. In summary, our findings provide valuable insights into understanding the needs and expectations of the users for usable and effective interventions against applications from unknown publishers. Based on our findings, we provide guidelines for future research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.statista.com/statistics/218089/global-market-share-of-windows-7.

  2. 2.

    https://news.microsoft.com/bythenumbers/en/windowsdevices.

  3. 3.

    https://www.ueq-online.org/.

  4. 4.

    https://www.ueq-online.org/Material/Handbook.pdf.

References

  1. Al-Ameen, M.N., Kocabas, H.: “i cannot do anything": user’s behavior and protection strategy upon losing, or identifying unauthorized access to online account. In: Symposium on Usable Privacy and Security (Poster Session) (2020)

    Google Scholar 

  2. Al-Ameen, M.N., Kocabas, H., Nandy, S., Tamanna, T.: We, three brothers have always known everything of each other: a cross-cultural study of sharing digital devices and online accounts. Proc. Priv. Enhancing Technol. 2021(4), 203–224 (2021)

    Article  Google Scholar 

  3. Amran, A., Zaaba, Z.F., Mahinderjit Singh, M.K.: Habituation effects in computer security warning. Inf. Secur. J. Glob. Perspect. 27(4), 192–204 (2018)

    Article  Google Scholar 

  4. Amran, A., Zaaba, Z.F., Singh, M.M., Marashdih, A.W.: Usable security: revealing end-users comprehensions on security warnings. Procedia Comput. Sci. 124, 624–631 (2017)

    Article  Google Scholar 

  5. Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation in the brain: insights from an FMRI study. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2883–2892 (2015)

    Google Scholar 

  6. Baek, E., Choo, H.J., Wei, X., Yoon, S.Y.: Understanding the virtual tours of retail stores: how can store brand experience promote visit intentions? Int. J. Retail Distrib. Manage. (2020)

    Google Scholar 

  7. Bartsch, S., Volkamer, M.: Towards the systematic development of contextualized security interventions1. In: The 26th BCS Conference on Human Computer Interaction, vol. 26, pp. 1–4 (2012)

    Google Scholar 

  8. Bartsch, S., Volkamer, M., Theuerling, H., Karayumak, F.: Contextualized web warnings, and how they cause distrust. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 205–222. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38908-5_16

    Chapter  Google Scholar 

  9. Baxter, K., Courage, C., Caine, K.: Understanding Your Users: A Practical Guide to User Research Methods, 2nd edn. Morgan Kaufmann Publishers Inc., San Francisco (2015)

    Google Scholar 

  10. Berinsky, A.J., Huber, G.A., Lenz, G.S.: Evaluating online labor markets for experimental research: Amazon. com’s mechanical Turk. Polit. Anal. 20(3), 351–368 (2012)

    Article  Google Scholar 

  11. Boyatzis, R.E.: Transforming Qualitative Information: Thematic Analysis and Code Development. Sage Publications, Thousand Oaks (1998)

    Google Scholar 

  12. Braet, A.C.: Ethos, pathos and logos in Aristotle’s rhetoric: a re-examination. Argumentation 6(3), 307–320 (1992)

    Article  Google Scholar 

  13. Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)

    Article  Google Scholar 

  14. Bravo-Lillo, C., Cranor, L.F., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. IEEE Secur. Priv. 9(2), 18–26 (2010)

    Article  Google Scholar 

  15. Brinks, M.: Ethos, pathos, logos, Kairos: the modes of persuasion and how to use them. Prep Scholar (2019). Accessed 20 Aug 2021

    Google Scholar 

  16. Brustoloni, J.C., Villamarín-Salomón, R.: Improving security decisions with polymorphic and audited dialogs. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 76–85 (2007)

    Google Scholar 

  17. Buhrmester, M., Kwang, T., Gosling, S.D.: Amazon’s mechanical Turk: a new source of inexpensive, yet high-quality data? (2016)

    Google Scholar 

  18. Cho, H., Lee, J.S., Chung, S.: Optimistic bias about online privacy risks: testing the moderating effects of perceived controllability and prior experience. Comput. Hum. Behav. 26(5), 987–995 (2010)

    Article  Google Scholar 

  19. Demirdöğen, Ü.D.: The roots of research in (political) persuasion: ethos, pathos, logos and the Yale studies of persuasive communications. Int. J. Soc. Inquiry 3(1), 189–201 (2010)

    Google Scholar 

  20. DeSimone, J.A., Harms, P.D., DeSimone, A.J.: Best practice recommendations for data screening. J. Organ. Behav. 36(2), 171–181 (2015)

    Article  Google Scholar 

  21. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074 (2008)

    Google Scholar 

  22. Egelman, S., Schechter, S.: The importance of being earnest [in security warnings]. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 52–59. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_5

    Chapter  Google Scholar 

  23. Fang, Y.M., Chen, K.M., Huang, Y.J.: Emotional reactions of different interface formats: comparing digital and traditional board games. Adv. Mech. Eng. 8(3), 1687814016641902 (2016)

    Article  Google Scholar 

  24. Fernandes, P., Leite, C., Mouraz, A., Figueiredo, C.: Curricular contextualization: tracking the meanings of a concept. Asia Pac. Educ. Res. 22, 417–425 (2013)

    Article  Google Scholar 

  25. Good, N., et al.: Stopping spyware at the gate: a user study of privacy, notice and spyware. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 43–52 (2005)

    Google Scholar 

  26. Good, N., Grossklags, J., Thaw, D., Perzanowski, A., Mulligan, D.K., Konstan, J.: User choices and regret: understanding users’ decision process about consensually acquired spyware. I/S J. Law Policy Inf. Soc. 2(2), 283–344 (2006)

    Google Scholar 

  27. Good, N.S., Grossklags, J., Mulligan, D.K., Konstan, J.A.: Noticing notice: a large-scale experiment on the timing of software license agreements. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 607–616 (2007)

    Google Scholar 

  28. Haleblian, K.: The problem of contextualization. Missiology 11(1), 95–111 (1983)

    Article  Google Scholar 

  29. Heidig, S., Müller, J., Reichelt, M.: Emotional design in multimedia learning: differentiation on relevant design features and their effects on emotions and learning. Comput. Hum. Behav. 44, 81–95 (2015)

    Article  Google Scholar 

  30. Higgins, C., Walker, R.: Ethos, logos, pathos: strategies of persuasion in social/environmental reports. In: Accounting Forum, vol. 36, pp. 194–208. Elsevier (2012)

    Google Scholar 

  31. Hora, A., Anquetil, N., Ducasse, S., Allier, S.: Domain specific warnings: are they any better? In: 2012 28th IEEE International Conference on Software Maintenance (ICSM), pp. 441–450. IEEE (2012)

    Google Scholar 

  32. Ipeirotis, P.G., Provost, F., Wang, J.: Quality management on amazon mechanical Turk. In: Proceedings of the ACM SIGKDD Workshop on Human Computation, pp. 64–67 (2010)

    Google Scholar 

  33. Jones, C.P., Robinson, S.J., Sabadosh, N., Bishop, D., Koyani, S.: How can rhetoric and argumentation help us make the case for UCD? In: CHI 2006 Extended Abstracts on Human Factors in Computing Systems, pp. 415–418 (2006)

    Google Scholar 

  34. Kaiser, B., Wei, J., Lucherini, E., Lee, K., Matias, J.N., Mayer, J.: Adapting security warnings to counter online disinformation. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 1163–1180 (2021)

    Google Scholar 

  35. Kung, F.Y., Kwok, N., Brown, D.J.: Are attention check questions a threat to scale validity? Appl. Psychol. 67(2), 264–283 (2018)

    Article  Google Scholar 

  36. Lenzner, T., Kaczmirek, L., Lenzner, A.: Cognitive burden of survey questions and response times: a psycholinguistic experiment. Appl. Cogn. Psychol. 24(7), 1003–1020 (2010)

    Article  Google Scholar 

  37. Lesch, M.F., Powell, W.R., Horrey, W.J., Wogalter, M.S.: The use of contextual cues to improve warning symbol comprehension: making the connection for older adults. Ergonomics 56(8), 1264–1279 (2013)

    Article  Google Scholar 

  38. Lindgaard, G., Dudek, C., Sen, D., Sumegi, L., Noonan, P.: An exploration of relations between visual appeal, trustworthiness and perceived usability of homepages. ACM Trans. Comput. Hum. Interact. (TOCHI) 18(1), 1–30 (2011)

    Article  Google Scholar 

  39. Mshvenieradze, T.: Logos ethos and pathos in political discourse. Theor. Pract. Lang. Stud. 3(11) (2013)

    Google Scholar 

  40. Norman, D.: The Design of Everyday Things: Revised and expanded edition. Basic books (2013)

    Google Scholar 

  41. Norman, D.A.: Introduction to this special section on beauty, goodness, and usability. Hum. Comput. Interact. 19(4), 311–318 (2004)

    Article  Google Scholar 

  42. Norman, D.A., Ortony, A.: Designers and users: two perspectives on emotion and design. In: Symposium on Foundations of Interaction Design, pp. 1–13 (2003)

    Google Scholar 

  43. Paivio, A.: Mind and Its Evolution: A Dual Coding Theoretical Approach. Psychology Press, London (2014)

    Book  Google Scholar 

  44. Parkinson, M.: The power of visual communication. Billion Dollar Graphics (2012)

    Google Scholar 

  45. Perin, D.: Facilitating student learning through contextualization: a review of evidence. Commun. Coll. Rev. 39(3), 268–295 (2011)

    Article  Google Scholar 

  46. Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2019)

    Google Scholar 

  47. Peters, D., Calvo, R.A., Ryan, R.M.: Designing for motivation, engagement and wellbeing in digital experience. Front. Psychol. 9, 797 (2018)

    Article  Google Scholar 

  48. Reeder, R.W., Felt, A.P., Consolvo, S., Malkin, N., Thompson, C., Egelman, S.: An experience sampling study of user reactions to browser warnings in the field. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2018)

    Google Scholar 

  49. Rozin, P., Royzman, E.B.: Negativity bias, negativity dominance, and contagion. Pers. Soc. Psychol. Rev. 5(4), 296–320 (2001)

    Article  Google Scholar 

  50. Sasse, M.A., Krol, K., Moroz, M.: Don’t work. can’t work? why it’s time to rethink security warnings. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–8. IEEE Computer Society (2012)

    Google Scholar 

  51. Schrepp, M., Hinderks, A., Thomaschewski, J.: Applying the user experience questionnaire (UEQ) in different evaluation scenarios. In: Marcus, A. (ed.) DUXU 2014. LNCS, vol. 8517, pp. 383–392. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07668-3_37

    Chapter  Google Scholar 

  52. Seo, H., Xiong, A., Lee, D.: Trust it or not: effects of machine-learning warnings in helping individuals mitigate misinformation. In: Proceedings of the 10th ACM Conference on Web Science, pp. 265–274 (2019)

    Google Scholar 

  53. Shahid, F., Kamath, S., Sidotam, A., Jiang, V., Batino, A., Vashistha, A.: It matches my worldview: examining perceptions and attitudes around fake videos. In: CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2022)

    Google Scholar 

  54. Share, N.M.: Operating system market share (2009). https://marketshare.hitslink.com/operating-system-market-share.aspx

  55. Sharek, D., Swofford, C., Wogalter, M.: Failure to recognize fake internet popup warning messages. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 52, pp. 557–560. SAGE Publications Sage CA: Los Angeles, CA (2008)

    Google Scholar 

  56. Shrestha, A., Graham, D.M., Dumaru, P., Paudel, R., Searle, K.A., Al-Ameen, M.N.: Understanding the behavior, challenges, and privacy risks in digital technology use by nursing professionals. Proc. ACM Hum. Comput. Interact. 6(CSCW2), 1–22 (2022)

    Article  Google Scholar 

  57. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: an empirical study of SSL warning effectiveness. In: USENIX Security Symposium, pp. 399–416. Montreal (2009)

    Google Scholar 

  58. Sweller, J.: Cognitive load theory: recent theoretical advances (2010)

    Google Scholar 

  59. Sweller, J.: Cognitive load theory. In: Psychology of Learning and Motivation, vol. 55, pp. 37–76. Elsevier (2011)

    Google Scholar 

  60. Vaish, A., Grossmann, T., Woodward, A.: Not all emotions are created equal: the negativity bias in social-emotional development. Psychol. Bull. 134(3), 383 (2008)

    Article  Google Scholar 

  61. Vance, A.: The fog of warnings: how non-essential notifications blur with security warnings. In: Symposium on Usable Privacy and Security (SOUPS) (2019)

    Google Scholar 

  62. Vance, A., Kirwan, B., Bjornn, D., Jenkins, J., Anderson, B.B.: What do we really know about how habituation to warnings occurs over time? a longitudinal FMRI study of habituation and polymorphic warnings. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 2215–2227 (2017)

    Google Scholar 

  63. Warkentin, M., Xu, Z., Mutchler, L.A.: I’m safer than you: the role of optimism bias in personal it risk assessments. In: Proceedings of, pp. 1–32 (2013)

    Google Scholar 

  64. Weijters, B., Baumgartner, H.: Misresponse to reversed and negated items in surveys: a review. J. Mark. Res. 49(5), 737–747 (2012)

    Article  Google Scholar 

  65. Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610 (2006)

    Google Scholar 

  66. Wyatt, T.: Understanding the process of contextualization. Multicultural Learn. Teach. 10(1), 111–132 (2015)

    Article  Google Scholar 

  67. Xu, H., Rosson, M.B., Carroll, J.M.: Increasing the persuasiveness of it security communication: effects of fear appeals and self-view. In: Workshop on Usable IT Security Management, Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA (2007)

    Google Scholar 

  68. Zaaba, Z.F., Boon, T.K.: Examination on usability issues of security warning dialogs. Age 18(25), 26–35 (2015)

    Google Scholar 

  69. Zaaba, Z.F., Lim Xin Yi, C., Amran, A., Omar, M.A.: Harnessing the challenges and solutions to improve security warnings: a review. Sensors 21(21), 7313 (2021)

    Google Scholar 

  70. Zaaba, Z., Furnell, S., Dowland, P., Stengel, I.: Assessing the usability of application-level security warnings. In: Proceedings of the 11th Security Conference (Security Assurance & Privacy) (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Utah State University, Logan, USA

    Ankit Shrestha, Rizu Paudel, Prakriti Dumaru & Mahdi Nasrullah Al-Ameen

Authors
  1. Ankit Shrestha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rizu Paudel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Prakriti Dumaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mahdi Nasrullah Al-Ameen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ankit Shrestha .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shrestha, A., Paudel, R., Dumaru, P., Al-Ameen, M.N. (2023). Towards Improving the Efficacy of Windows Security Notifier for Apps from Unknown Publishers: The Role of Rhetoric. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation