Abstract
The dependencies of the computer and the Internet keep increasing among the users. Thus, it poses to the increasing number of attacks as a result of using various application and tools. Security warning conveys an alert on the potential harm users might expose such as malware and any kind of attacks on their computer. In practice, most of the end users tend to ignore the security warning as it shows the messages repeatedly, although they have been exposed to many risks. A security warning dialogue is supposed to catch the user’s attention and comprehension however, because of users’ past experiences such habituation makes them became less focus. One-to-one interview session with 60 participants was conducted in order to gain further comprehension among the end users experiencing security warning and to investigate the usability issues of current security warning implementation. It is deemed of necessity to discover these usability issues in the current context of security warning presentations. The result revealed that the problems and challenges continue to persist such as difficulties to make a decision, difficulties to comprehend technical jargons, lack of attractiveness of current security warning and issues of habituation or repeated exposures of warnings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mahajan, A.: 3.6 billion active internet users worldwide by 2018 with nearly 50% penetration. https://dazeinfo.com/2014/11/26/india-overtake-us-second-largest-internet-user-base-2015-half-world-internet-access-2018-emarketer/. Accessed 31 Sept 2018
Passeri, P.: Cyber attacks statistics. https://www.hackmageddon.com/2018/02/22/january-2018-cyber-attacks-statistics/. Accessed 31 Sept 2018
Amran, A., Zaaba, Z., Mahinderjit Singh, M.: Usable security: revealing end-users comprehensions on security warnings. In:4th Information Systems International Conference, ISICO 2017, pp. 635–631, Elsevier B.V., Penang (2017)
Wogalter, M.: Purposes and scope of warnings. Hum. Factors Ergonom. 3–9 (2006)
Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: The 2007 IEEE Symposium on Security and Privacy, p. 15. IEEE, Oakland (2007)
Akhawe, D., Felt, A.: Alice in warningland: a large-scale field study of browser security warning effectiveness. In: Proceedings of the 22th USENIX Security Symposium (2013)
Minakawa, R., Takada, T.: Exploring alternative security warning dialog for attracting user attention: evaluation of “Kawaii” effect and its additional stimulus combination. In: IIWAS 2017: The 19th International Conference on Information Integration and Web-based Applications and Services. Association for Computing Machinery, Salzburg (2017)
Bravo-Lillo, C, Cranor, L.F., Downs, J.S., Komanduri, S.: POSTER: what is still wrong with security warnings: a mental models approach. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, Redmond, WA (2010)
Bravo-Lillo, C., Cranor, L.F., Down, J.S., Komanduri, S.: Bridging the gap in computer security warning. A Mental Model Approach, pp. 18–26 (2011)
Krol, K., Moroz, M., Sasse, M. A.: Don’t work. Can’t work? Why it’s time to rethink security warnings. In: 2012 7th International Conference on Risks and Security of Internet and System (CRiSIS) (2012)
Samsudin, N., Zaaba, Z.: Security warning life cycle: challenges and panacea. J. Telecommun. Electron. Comput. Eng. 9(2–5), 53–57 (2017)
Amran, A., Zaaba, Z., Mahinderjit Singh, M.: Habituation effects in computer security warning. Inform. Secur. J.: Glob. Perspect. 27(2), 119–131 (2018)
Microsoft. https://docs.microsoft.com/en-us/windows/desktop/uxguide/mess-warn. Accessed 31 Sept 2018
Zaaba, Z., Furnell, S., Dowland, P.: A study on improving security warning (2014)
Zaaba, Z., Teo, K.: Examination on usability issues of security warning dialogs. J. Multidisc. Eng. Sci. Technol. (JMEST) 2(6), 1337–1345 (2015)
Raja, F., Hawkey, K., Hsu, S., Wang, K.LC., Beznosov, K.: A brick wall, a lock door and a bandit: a physical metaphor for firewall warnings. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, USA, pp. 1–20 (2011)
Samsudin, N.F., Zaaba, Z.F., Sing, M.M., Samsudin, A.: Symbolism in computer security warnings: signal icons and signal word. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 7(10), 148–153 (2016)
Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: CHI 2006, pp. 601–610. ACM, Québec (2010)
Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege?: investigating user account control practices. In: Symposium on Usable Privacy and Security (SOUPS), p. 13. ACM, Washington (2010)
Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation I the brain: insights from fMRI study. In: Proceeding of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2883–2892 (2015)
Ion, I., Reeder, R., Consolvo S.: “…no one can hack my mind”: comparing expert and non-expert security practices. In: Symposium on Usable Privacy and Security (SOUPS). USENIX (2015)
Furnell, S.M., Jusoh, A., Katsabas, A.: The challenge of understanding and using security: a survey of end-users. In: Computer and Security, The International Source of Innovation for the Innovation Security and IT Audit Professional (2006)
Althobaiti M.M., Mayhew, P.: User’s awareness of visible security design flaws. Int. J. Innov. Manag. Technol. 3(7) (2016)
Harbach, M., Fahl, S., Yakovleva, P., Smith, M.: Sorry, I don’t get it: an analysis of warning message texts. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 94–111. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_7
Mesbah, S.: Internet science-creating better browser warnings. Seminar Future Internet WS1415 (2015)
Jenkins, J.L., Anderson, B.B., Vance, A.: More harm than good? How messages that interrupt can make us vulnerable. Inform. Syst. Res. 27, 1–17 (2016)
Wash, R.: Folks models of home computer security. In: Symposium on Usable Privacy and Security (SOUPS) (2010)
Vance, A., Kirwan, B., Bjorm, D., Jenkins, J., Anderson, B.B.: What do we really know about how habituation to warnings occurs over time? A longitudinal fMRI study of habituation and polymorphic warning. In: Computer Human Interaction (CHI 2017), Denver, CO, USA (2017)
Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: My data just goes everywhere: user mental models of the internet and implications for privacy and security. In: Symposium on Usable Privacy and Security (SOUPS), pp. 39–50 (2015)
Shepherd, L.A., Archibald, J., Ferguson R.: Reducing risky security behaviours: utilising affective feedback to educate users. In: Proceedings of Cyberforensics (2014)
Redmiles, E., Malone, A., Mazurek, M.: I think they’re trying to tell me something: advice sources and selection for digital security. In: IEEE Symposium on Security and Privacy, pp. 272–288. IEEE (2016)
Das, A., Khan, H.: Security behaviors of smartphone users. Inform. Comput. Secur. 1(24), 116–134 (2016)
Anderson, B.B., Vance, A., Kirwan, B., Eargle, D.: User aren’t (necesserily) lazy: using NeuroIS to explain habituation to security warnings. In: Thirty Fifth International Conference on Information System, Auckland (2014)
Bravo-Lillo, C.A.: Improving computer security dialogs: an exploration of attention and habituation. PhD thesis, Carnegie Mellon University (2014)
Zaaba, Z., Furnell, S., Dowland, P.: Literature studies on security warnings development. Int. J. Percept. Cogn. Comput. (IJPCC. 2, 8–13 (2016)
Anderson, B., Vance, A., Kirwan, C., Jenkins, J., Eargle, D.: From warning to wallpaper: why the brain habituates to security warnings and what can be done about it. J. Manag. Inform. Syst. 33, 713–743 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ahmad, F.N.A., Zaaba, Z.F., Aminuddin, M.A.I.M., Abdullah, N.L. (2020). Empirical Investigations on Usability of Security Warning Dialogs: End Users Experience. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_24
Download citation
DOI: https://doi.org/10.1007/978-981-15-2693-0_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2692-3
Online ISBN: 978-981-15-2693-0
eBook Packages: Computer ScienceComputer Science (R0)