Skip to main content
SpringerLink
Log in

Empirical Investigations on Usability of Security Warning Dialogs: End Users Experience

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1132))

Included in the following conference series:

  • 1101 Accesses

Abstract

The dependencies of the computer and the Internet keep increasing among the users. Thus, it poses to the increasing number of attacks as a result of using various application and tools. Security warning conveys an alert on the potential harm users might expose such as malware and any kind of attacks on their computer. In practice, most of the end users tend to ignore the security warning as it shows the messages repeatedly, although they have been exposed to many risks. A security warning dialogue is supposed to catch the user’s attention and comprehension however, because of users’ past experiences such habituation makes them became less focus. One-to-one interview session with 60 participants was conducted in order to gain further comprehension among the end users experiencing security warning and to investigate the usability issues of current security warning implementation. It is deemed of necessity to discover these usability issues in the current context of security warning presentations. The result revealed that the problems and challenges continue to persist such as difficulties to make a decision, difficulties to comprehend technical jargons, lack of attractiveness of current security warning and issues of habituation or repeated exposures of warnings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mahajan, A.: 3.6 billion active internet users worldwide by 2018 with nearly 50% penetration. https://dazeinfo.com/2014/11/26/india-overtake-us-second-largest-internet-user-base-2015-half-world-internet-access-2018-emarketer/. Accessed 31 Sept 2018

  2. Passeri, P.: Cyber attacks statistics. https://www.hackmageddon.com/2018/02/22/january-2018-cyber-attacks-statistics/. Accessed 31 Sept 2018

  3. Amran, A., Zaaba, Z., Mahinderjit Singh, M.: Usable security: revealing end-users comprehensions on security warnings. In:4th Information Systems International Conference, ISICO 2017, pp. 635–631, Elsevier B.V., Penang (2017)

    Article  Google Scholar 

  4. Wogalter, M.: Purposes and scope of warnings. Hum. Factors Ergonom. 3–9 (2006)

    Google Scholar 

  5. Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: The 2007 IEEE Symposium on Security and Privacy, p. 15. IEEE, Oakland (2007)

    Google Scholar 

  6. Akhawe, D., Felt, A.: Alice in warningland: a large-scale field study of browser security warning effectiveness. In: Proceedings of the 22th USENIX Security Symposium (2013)

    Google Scholar 

  7. Minakawa, R., Takada, T.: Exploring alternative security warning dialog for attracting user attention: evaluation of “Kawaii” effect and its additional stimulus combination. In: IIWAS 2017: The 19th International Conference on Information Integration and Web-based Applications and Services. Association for Computing Machinery, Salzburg (2017)

    Google Scholar 

  8. Bravo-Lillo, C, Cranor, L.F., Downs, J.S., Komanduri, S.: POSTER: what is still wrong with security warnings: a mental models approach. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, Redmond, WA (2010)

    Google Scholar 

  9. Bravo-Lillo, C., Cranor, L.F., Down, J.S., Komanduri, S.: Bridging the gap in computer security warning. A Mental Model Approach, pp. 18–26 (2011)

    Google Scholar 

  10. Krol, K., Moroz, M., Sasse, M. A.: Don’t work. Can’t work? Why it’s time to rethink security warnings. In: 2012 7th International Conference on Risks and Security of Internet and System (CRiSIS) (2012)

    Google Scholar 

  11. Samsudin, N., Zaaba, Z.: Security warning life cycle: challenges and panacea. J. Telecommun. Electron. Comput. Eng. 9(2–5), 53–57 (2017)

    Google Scholar 

  12. Amran, A., Zaaba, Z., Mahinderjit Singh, M.: Habituation effects in computer security warning. Inform. Secur. J.: Glob. Perspect. 27(2), 119–131 (2018)

    Google Scholar 

  13. Microsoft. https://docs.microsoft.com/en-us/windows/desktop/uxguide/mess-warn. Accessed 31 Sept 2018

  14. Zaaba, Z., Furnell, S., Dowland, P.: A study on improving security warning (2014)

    Google Scholar 

  15. Zaaba, Z., Teo, K.: Examination on usability issues of security warning dialogs. J. Multidisc. Eng. Sci. Technol. (JMEST) 2(6), 1337–1345 (2015)

    Google Scholar 

  16. Raja, F., Hawkey, K., Hsu, S., Wang, K.LC., Beznosov, K.: A brick wall, a lock door and a bandit: a physical metaphor for firewall warnings. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, USA, pp. 1–20 (2011)

    Google Scholar 

  17. Samsudin, N.F., Zaaba, Z.F., Sing, M.M., Samsudin, A.: Symbolism in computer security warnings: signal icons and signal word. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 7(10), 148–153 (2016)

    Google Scholar 

  18. Wu, M., Miller, R., Garfinkel, S.: Do security toolbars actually prevent phishing attacks? In: CHI 2006, pp. 601–610. ACM, Québec (2010)

    Google Scholar 

  19. Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege?: investigating user account control practices. In: Symposium on Usable Privacy and Security (SOUPS), p. 13. ACM, Washington (2010)

    Google Scholar 

  20. Anderson, B.B., Kirwan, C.B., Jenkins, J.L., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation I the brain: insights from fMRI study. In: Proceeding of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2883–2892 (2015)

    Google Scholar 

  21. Ion, I., Reeder, R., Consolvo S.: “…no one can hack my mind”: comparing expert and non-expert security practices. In: Symposium on Usable Privacy and Security (SOUPS). USENIX (2015)

    Google Scholar 

  22. Furnell, S.M., Jusoh, A., Katsabas, A.: The challenge of understanding and using security: a survey of end-users. In: Computer and Security, The International Source of Innovation for the Innovation Security and IT Audit Professional (2006)

    Google Scholar 

  23. Althobaiti M.M., Mayhew, P.: User’s awareness of visible security design flaws. Int. J. Innov. Manag. Technol. 3(7) (2016)

    Google Scholar 

  24. Harbach, M., Fahl, S., Yakovleva, P., Smith, M.: Sorry, I don’t get it: an analysis of warning message texts. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 94–111. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_7

    Chapter  Google Scholar 

  25. Mesbah, S.: Internet science-creating better browser warnings. Seminar Future Internet WS1415 (2015)

    Google Scholar 

  26. Jenkins, J.L., Anderson, B.B., Vance, A.: More harm than good? How messages that interrupt can make us vulnerable. Inform. Syst. Res. 27, 1–17 (2016)

    Article  Google Scholar 

  27. Wash, R.: Folks models of home computer security. In: Symposium on Usable Privacy and Security (SOUPS) (2010)

    Google Scholar 

  28. Vance, A., Kirwan, B., Bjorm, D., Jenkins, J., Anderson, B.B.: What do we really know about how habituation to warnings occurs over time? A longitudinal fMRI study of habituation and polymorphic warning. In: Computer Human Interaction (CHI 2017), Denver, CO, USA (2017)

    Google Scholar 

  29. Kang, R., Dabbish, L., Fruchter, N., Kiesler, S.: My data just goes everywhere: user mental models of the internet and implications for privacy and security. In: Symposium on Usable Privacy and Security (SOUPS), pp. 39–50 (2015)

    Google Scholar 

  30. Shepherd, L.A., Archibald, J., Ferguson R.: Reducing risky security behaviours: utilising affective feedback to educate users. In: Proceedings of Cyberforensics (2014)

    Google Scholar 

  31. Redmiles, E., Malone, A., Mazurek, M.: I think they’re trying to tell me something: advice sources and selection for digital security. In: IEEE Symposium on Security and Privacy, pp. 272–288. IEEE (2016)

    Google Scholar 

  32. Das, A., Khan, H.: Security behaviors of smartphone users. Inform. Comput. Secur. 1(24), 116–134 (2016)

    Article  Google Scholar 

  33. Anderson, B.B., Vance, A., Kirwan, B., Eargle, D.: User aren’t (necesserily) lazy: using NeuroIS to explain habituation to security warnings. In: Thirty Fifth International Conference on Information System, Auckland (2014)

    Google Scholar 

  34. Bravo-Lillo, C.A.: Improving computer security dialogs: an exploration of attention and habituation. PhD thesis, Carnegie Mellon University (2014)

    Google Scholar 

  35. Zaaba, Z., Furnell, S., Dowland, P.: Literature studies on security warnings development. Int. J. Percept. Cogn. Comput. (IJPCC. 2, 8–13 (2016)

    Google Scholar 

  36. Anderson, B., Vance, A., Kirwan, C., Jenkins, J., Eargle, D.: From warning to wallpaper: why the brain habituates to security warnings and what can be done about it. J. Manag. Inform. Syst. 33, 713–743 (2016)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Sciences, Universiti Sains Malaysia, 11800, Gelugor, Penang, Malaysia

    Farah Nor Aliah Ahmad, Zarul Fitri Zaaba, Mohamad Amar Irsyad Mohd Aminuddin & Nasuha Lee Abdullah

Authors
  1. Farah Nor Aliah Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zarul Fitri Zaaba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamad Amar Irsyad Mohd Aminuddin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nasuha Lee Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zarul Fitri Zaaba .

Editor information

Editors and Affiliations

  1. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Universiti Sains Malaysia, Penang, Malaysia

    Nibras Abdullah

  3. Universiti Sains Malaysia, George Town, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmad, F.N.A., Zaaba, Z.F., Aminuddin, M.A.I.M., Abdullah, N.L. (2020). Empirical Investigations on Usability of Security Warning Dialogs: End Users Experience. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-2693-0_24

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-2692-3

  • Online ISBN: 978-981-15-2693-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation