A team of researchers from Cambridge University have conducted a study on the effectiveness of security warnings. They’ve determined that warnings should be fewer than they currently are, but they should be more concrete.
Experts have tried to find out how to formulate a warning in order to ensure that users will pay attention to it. They say that security warnings such as “this web page might harm your computer” are not very effective because they’re too general.
However, if the warning specifically mentions what could happen to a user’s computer, it could be much more efficient. For instance, a message that reads, “this page could infect your computer with malware designed to steal your bank account and credit card details in order to defraud you.”
Researchers say it’s also a matter of authority. If users trust their browser vendor, they’re more likely to avoid websites flagged by the application as being malicious.
Experts have found that many internauts have turned off browser warnings, or they would do it if they knew how. The study reveals that most of these users are men who distrust authority, and they either can’t understand the warnings, or they’re IT experts.
“In order to increase the effectiveness of warnings the experiment we report on shows that: (a) warning text should include a clear and non-technical description of potential negative outcome; or (b) an informed direct warning given from a position of authority,” the paper notes.
“Concrete warnings are much more effective than vague ones; soft powers of persuasion work much better than harsh ones; and social influence appears to be much less effective than it is fashionable to believe. In fact, the use of coercion (as opposed to persuasion) should be minimized as it is rather likely to be counterproductive.”
The complete paper, called “Reading this May Harm Your Computer: The Psychology of Malware Warnings,” is available on the Social Science Research Network’s website.