One problem with Internet security: We don't believe the warnings
Posted by kent on July 30th, 2009
It seems like just this morning we were writing that people were clicking on false virus warnings propagated by the conficker worm. Now we learn of a Carnegie Mellon study that says that people ignore warnings all-together, even the genuine warnings put out by their browsers and Internet security software. It would seem that these two stories are at odds: in one case we're told a lot of people are clicking on false warnings (thereby enabling real malware intrusions), and in the second case we're told a lot of people are ignoring real warnings (thereby enabling malware intrusion). What can we learn from digging deep into this cognitive dissonance? Are people clicking or not clicking?
The Carnegie Mellon study points out that computer users are desensitized to warnings; they simply see too many of them (out-of-date security certificates, warnings about software installations that they've requested, viruses that have been detected and quarantined). Sometimes ignoring a warning has no discernible consequences. But perhaps another cause of warning fatigue is that people have become wary of warnings because they've read too many warnings that say that some warnings are not really warnings at all (like those activated by the conficker worm). Just to be safe, they won't click on anything, not even a warning from their own Internet security software.
So, some people click on nothing and some people click on everything. That's why and how viruses spread. As the study points out, browsers and Internet security software could do more to highlight just the important warnings so users know what to pay attention to. But that requires that we give up some control.
In the end it's really incumbent on us to understand the machines that we use, and to keep them patched and protected. It does require reading warnings, and discerning between the good and the bad. Good Internet security software, and common sense about the emails you open and the sites that you go to should keep out the bad. If you've been lax in protecting your computer, check out our reviews of Internet security software .
Click here to read more from Next Advisor