Abstract
With over 1.4 billion users of Windows 10, it is the most widely used operating system in the world. In Windows, applications from unknown publishers are popular due to mass availability and ease of access. Installing such applications can lead to malware infection, including viruses and ransomware. Therefore, we explored the design of interventions to prevent the users from installing applications from unknown publishers. To this end, we conducted a lab study with nine participants to understand the perceptions and behavior of users toward the designed interventions. Then, we conducted an online study with 256 participants to evaluate the impact of reflection, contextualization, and persuasion used in the finalized interventions. In summary, our findings provide valuable insights into understanding the needs and expectations of the users for usable and effective interventions against applications from unknown publishers. Based on our findings, we provide guidelines for future research.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Ameen, M.N., Kocabas, H.: “i cannot do anything": user’s behavior and protection strategy upon losing, or identifying unauthorized access to online account. In: Symposium on Usable Privacy and Security (Poster Session) (2020)
Al-Ameen, M.N., Kocabas, H., Nandy, S., Tamanna, T.: We, three brothers have always known everything of each other: a cross-cultural study of sharing digital devices and online accounts. Proc. Priv. Enhancing Technol. 2021(4), 203–224 (2021)
Amran, A., Zaaba, Z.F., Mahinderjit Singh, M.K.: Habituation effects in computer security warning. Inf. Secur. J. Glob. Perspect. 27(4), 192–204 (2018)
Amran, A., Zaaba, Z.F., Singh, M.M., Marashdih, A.W.: Usable security: revealing end-users comprehensions on security warnings. Procedia Comput. Sci. 124, 624–631 (2017)
Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation in the brain: insights from an FMRI study. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2883–2892 (2015)
Baek, E., Choo, H.J., Wei, X., Yoon, S.Y.: Understanding the virtual tours of retail stores: how can store brand experience promote visit intentions? Int. J. Retail Distrib. Manage. (2020)
Bartsch, S., Volkamer, M.: Towards the systematic development of contextualized security interventions1. In: The 26th BCS Conference on Human Computer Interaction, vol. 26, pp. 1–4 (2012)
Bartsch, S., Volkamer, M., Theuerling, H., Karayumak, F.: Contextualized web warnings, and how they cause distrust. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 205–222. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38908-5_16
Baxter, K., Courage, C., Caine, K.: Understanding Your Users: A Practical Guide to User Research Methods, 2nd edn. Morgan Kaufmann Publishers Inc., San Francisco (2015)
Berinsky, A.J., Huber, G.A., Lenz, G.S.: Evaluating online labor markets for experimental research: Amazon. com’s mechanical Turk. Polit. Anal. 20(3), 351–368 (2012)
Boyatzis, R.E.: Transforming Qualitative Information: Thematic Analysis and Code Development. Sage Publications, Thousand Oaks (1998)
Braet, A.C.: Ethos, pathos and logos in Aristotle’s rhetoric: a re-examination. Argumentation 6(3), 307–320 (1992)
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)
Bravo-Lillo, C., Cranor, L.F., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. IEEE Secur. Priv. 9(2), 18–26 (2010)
Brinks, M.: Ethos, pathos, logos, Kairos: the modes of persuasion and how to use them. Prep Scholar (2019). Accessed 20 Aug 2021
Brustoloni, J.C., Villamarín-Salomón, R.: Improving security decisions with polymorphic and audited dialogs. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 76–85 (2007)
Buhrmester, M., Kwang, T., Gosling, S.D.: Amazon’s mechanical Turk: a new source of inexpensive, yet high-quality data? (2016)
Cho, H., Lee, J.S., Chung, S.: Optimistic bias about online privacy risks: testing the moderating effects of perceived controllability and prior experience. Comput. Hum. Behav. 26(5), 987–995 (2010)
Demirdöğen, Ü.D.: The roots of research in (political) persuasion: ethos, pathos, logos and the Yale studies of persuasive communications. Int. J. Soc. Inquiry 3(1), 189–201 (2010)
DeSimone, J.A., Harms, P.D., DeSimone, A.J.: Best practice recommendations for data screening. J. Organ. Behav. 36(2), 171–181 (2015)
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074 (2008)
Egelman, S., Schechter, S.: The importance of being earnest [in security warnings]. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 52–59. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_5
Fang, Y.M., Chen, K.M., Huang, Y.J.: Emotional reactions of different interface formats: comparing digital and traditional board games. Adv. Mech. Eng. 8(3), 1687814016641902 (2016)
Fernandes, P., Leite, C., Mouraz, A., Figueiredo, C.: Curricular contextualization: tracking the meanings of a concept. Asia Pac. Educ. Res. 22, 417–425 (2013)
Good, N., et al.: Stopping spyware at the gate: a user study of privacy, notice and spyware. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 43–52 (2005)
Good, N., Grossklags, J., Thaw, D., Perzanowski, A., Mulligan, D.K., Konstan, J.: User choices and regret: understanding users’ decision process about consensually acquired spyware. I/S J. Law Policy Inf. Soc. 2(2), 283–344 (2006)
Good, N.S., Grossklags, J., Mulligan, D.K., Konstan, J.A.: Noticing notice: a large-scale experiment on the timing of software license agreements. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 607–616 (2007)
Haleblian, K.: The problem of contextualization. Missiology 11(1), 95–111 (1983)
Heidig, S., Müller, J., Reichelt, M.: Emotional design in multimedia learning: differentiation on relevant design features and their effects on emotions and learning. Comput. Hum. Behav. 44, 81–95 (2015)
Higgins, C., Walker, R.: Ethos, logos, pathos: strategies of persuasion in social/environmental reports. In: Accounting Forum, vol. 36, pp. 194–208. Elsevier (2012)
Hora, A., Anquetil, N., Ducasse, S., Allier, S.: Domain specific warnings: are they any better? In: 2012 28th IEEE International Conference on Software Maintenance (ICSM), pp. 441–450. IEEE (2012)
Ipeirotis, P.G., Provost, F., Wang, J.: Quality management on amazon mechanical Turk. In: Proceedings of the ACM SIGKDD Workshop on Human Computation, pp. 64–67 (2010)
Jones, C.P., Robinson, S.J., Sabadosh, N., Bishop, D., Koyani, S.: How can rhetoric and argumentation help us make the case for UCD? In: CHI 2006 Extended Abstracts on Human Factors in Computing Systems, pp. 415–418 (2006)
Kaiser, B., Wei, J., Lucherini, E., Lee, K., Matias, J.N., Mayer, J.: Adapting security warnings to counter online disinformation. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 1163–1180 (2021)
Kung, F.Y., Kwok, N., Brown, D.J.: Are attention check questions a threat to scale validity? Appl. Psychol. 67(2), 264–283 (2018)
Lenzner, T., Kaczmirek, L., Lenzner, A.: Cognitive burden of survey questions and response times: a psycholinguistic experiment. Appl. Cogn. Psychol. 24(7), 1003–1020 (2010)
Lesch, M.F., Powell, W.R., Horrey, W.J., Wogalter, M.S.: The use of contextual cues to improve warning symbol comprehension: making the connection for older adults. Ergonomics 56(8), 1264–1279 (2013)
Lindgaard, G., Dudek, C., Sen, D., Sumegi, L., Noonan, P.: An exploration of relations between visual appeal, trustworthiness and perceived usability of homepages. ACM Trans. Comput. Hum. Interact. (TOCHI) 18(1), 1–30 (2011)
Mshvenieradze, T.: Logos ethos and pathos in political discourse. Theor. Pract. Lang. Stud. 3(11) (2013)
Norman, D.: The Design of Everyday Things: Revised and expanded edition. Basic books (2013)
Norman, D.A.: Introduction to this special section on beauty, goodness, and usability. Hum. Comput. Interact. 19(4), 311–318 (2004)
Norman, D.A., Ortony, A.: Designers and users: two perspectives on emotion and design. In: Symposium on Foundations of Interaction Design, pp. 1–13 (2003)
Paivio, A.: Mind and Its Evolution: A Dual Coding Theoretical Approach. Psychology Press, London (2014)
Parkinson, M.: The power of visual communication. Billion Dollar Graphics (2012)
Perin, D.: Facilitating student learning through contextualization: a review of evidence. Commun. Coll. Rev. 39(3), 268–295 (2011)
Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2019)
Peters, D., Calvo, R.A., Ryan, R.M.: Designing for motivation, engagement and wellbeing in digital experience. Front. Psychol. 9, 797 (2018)
Reeder, R.W., Felt, A.P., Consolvo, S., Malkin, N., Thompson, C., Egelman, S.: An experience sampling study of user reactions to browser warnings in the field. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2018)
Rozin, P., Royzman, E.B.: Negativity bias, negativity dominance, and contagion. Pers. Soc. Psychol. Rev. 5(4), 296–320 (2001)
Sasse, M.A., Krol, K., Moroz, M.: Don’t work. can’t work? why it’s time to rethink security warnings. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 1–8. IEEE Computer Society (2012)
Schrepp, M., Hinderks, A., Thomaschewski, J.: Applying the user experience questionnaire (UEQ) in different evaluation scenarios. In: Marcus, A. (ed.) DUXU 2014. LNCS, vol. 8517, pp. 383–392. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07668-3_37
Seo, H., Xiong, A., Lee, D.: Trust it or not: effects of machine-learning warnings in helping individuals mitigate misinformation. In: Proceedings of the 10th ACM Conference on Web Science, pp. 265–274 (2019)
Shahid, F., Kamath, S., Sidotam, A., Jiang, V., Batino, A., Vashistha, A.: It matches my worldview: examining perceptions and attitudes around fake videos. In: CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2022)
Share, N.M.: Operating system market share (2009). https://marketshare.hitslink.com/operating-system-market-share.aspx
Sharek, D., Swofford, C., Wogalter, M.: Failure to recognize fake internet popup warning messages. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 52, pp. 557–560. SAGE Publications Sage CA: Los Angeles, CA (2008)
Shrestha, A., Graham, D.M., Dumaru, P., Paudel, R., Searle, K.A., Al-Ameen, M.N.: Understanding the behavior, challenges, and privacy risks in digital technology use by nursing professionals. Proc. ACM Hum. Comput. Interact. 6(CSCW2), 1–22 (2022)
Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: an empirical study of SSL warning effectiveness. In: USENIX Security Symposium, pp. 399–416. Montreal (2009)
Sweller, J.: Cognitive load theory: recent theoretical advances (2010)
Sweller, J.: Cognitive load theory. In: Psychology of Learning and Motivation, vol. 55, pp. 37–76. Elsevier (2011)
Vaish, A., Grossmann, T., Woodward, A.: Not all emotions are created equal: the negativity bias in social-emotional development. Psychol. Bull. 134(3), 383 (2008)
Vance, A.: The fog of warnings: how non-essential notifications blur with security warnings. In: Symposium on Usable Privacy and Security (SOUPS) (2019)
Vance, A., Kirwan, B., Bjornn, D., Jenkins, J., Anderson, B.B.: What do we really know about how habituation to warnings occurs over time? a longitudinal FMRI study of habituation and polymorphic warnings. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 2215–2227 (2017)
Warkentin, M., Xu, Z., Mutchler, L.A.: I’m safer than you: the role of optimism bias in personal it risk assessments. In: Proceedings of, pp. 1–32 (2013)
Weijters, B., Baumgartner, H.: Misresponse to reversed and negated items in surveys: a review. J. Mark. Res. 49(5), 737–747 (2012)
Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610 (2006)
Wyatt, T.: Understanding the process of contextualization. Multicultural Learn. Teach. 10(1), 111–132 (2015)
Xu, H., Rosson, M.B., Carroll, J.M.: Increasing the persuasiveness of it security communication: effects of fear appeals and self-view. In: Workshop on Usable IT Security Management, Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA (2007)
Zaaba, Z.F., Boon, T.K.: Examination on usability issues of security warning dialogs. Age 18(25), 26–35 (2015)
Zaaba, Z.F., Lim Xin Yi, C., Amran, A., Omar, M.A.: Harnessing the challenges and solutions to improve security warnings: a review. Sensors 21(21), 7313 (2021)
Zaaba, Z., Furnell, S., Dowland, P., Stengel, I.: Assessing the usability of application-level security warnings. In: Proceedings of the 11th Security Conference (Security Assurance & Privacy) (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shrestha, A., Paudel, R., Dumaru, P., Al-Ameen, M.N. (2023). Towards Improving the Efficacy of Windows Security Notifier for Apps from Unknown Publishers: The Role of Rhetoric. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)