Why are malware warnings ineffective?

Super User

An interesting article from Helpnet Security about a study on why people ignore malware warnings, and how to improve the warnings.

The article is here - http://www.net-security.org/secworld.php?id=16164

The paper is here - http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2374379

In general, the more educated the user is on malware, the more they are likely to heed warnings. And the text of the warning issued was important. The paper notes that: 

"Multiple regression has yielded moderate results. The strongest predictors of clickthrough resistance were warnings that clearly outlined in concrete terms the risk an individual would take if they clicked through or the use of authoritarian techniques based on soft power (Raven, Schwarzwald, & Koslowsky, 1998). In connection with these predictors, our respondents also self-reported the most effective warnings to be those that would clearly define the extent of risk. In brief, when individuals have a clear idea of what is happening and how much they are exposing themselves, they prefer to avoid potentially risky situations."

One possible criticism I would make of the paper is that the researchers recruited test subjects using Amazon's Mechanical Turk. I suspect that the "Turkers" may not be a good match for the general population profile we would be interested in. I admit I may be wrong here, and the steps they took to analyse the data may answer this doubt, but my statistics are not up to evaluating that...

So if you want to make the most of your anti-malware defences, you should at the very least educate your users on the threats. And if you can, make the messages issued much more concrete than they have tended to be.


And if you are really serious about protecting yourself from malware, consider deploying a malware detection and prevention solution as provided by our partners Snoopwall.  Even if the user clicks on a phishing link, the malware is stopped before it is downloaded, or is isolated immediately from the rest of the network, so attacks on your data's confidentiality and integrity will fail.

In this case, the user is prevented from accessing the network, so the attempted breach can become a "teachable moment".


contact us