SoylentNews is people
SoylentNews
Companies spend nearly $100 billion on securing computers each year, yet incidents such as ransomware crippling hospitals and personal data leaking online remain common. Anthony Vance thinks that defensive measures could be more effective if we paid more attention to the hardware between our ears.
"Security professionals need to worry not only about attackers but the neurobiology of their users," said Vance, an associate professor at Brigham Young University, this week at the Enigma security conference in Oakland, California. His lab uses functional MRI scans of people's brains to reveal the unconscious mechanisms behind the way they perceive—or ignore—security warnings.
One of Vance's studies led him to collaborate with Google on tests of a new approach to displaying security warnings in the Chrome Web browser that people were less likely to dismiss offhand. Vance says Google's engineers told him they plan to add the feature to an upcoming version of Chrome. Google did not respond to a request for confirmation of when it would be added.
Multitasking is partly to blame. Vance's collaboration with Google grew out of experiments that showed when people reacted to security warnings while also performing another task, brain activity in areas associated with fully engaging with a warning was significantly reduced. People were three times less likely to correctly interpret a message when they reacted to security warnings while also performing another task.
Vance's lab teamed up with Google to test a version of Chrome modified to deliver warnings about a person's computer possibly being infected by malware or adware only when they weren't deeply engaged in something. For example, it would wait until someone finished watching a video, or was waiting for a file to download or upload, to pop up the message.
-- submitted from IRC
(Score: 4, Interesting) by Dr Spin on Saturday February 04 2017, @06:41PM
People might take more notice of "security alarms" - and pretty much any other pop-up, if they did not get them by the ton when trying to do routine tasks.
Branding http as "insecure" is a good example of "going over the top". Especially if I am trying to view websites I created myself on the intranet, with no public access.
A system in which 99% of alerts are false positives, while 50% of genuine risks go undetected, falls into the category generally described as "a steaming great pile of shite".
I last had a virus in 1988. However, I have found Windows showering me with alerts is NOT a factor in this happy scenario - and nor is any Norton product.
Warning: Opening your mouth may invalidate your brain!
(Score: 2) by bzipitidoo on Saturday February 04 2017, @10:33PM
Yes! And let's not forget warped security, in which the product is programmed to treat the user as a threat not a customer. There are cracks for MS Office that MS's Malicious Software Removal Tool identifies as threatening viruses. Is that to be believed?
Another example is car alarms. Who pays any attention to a car alarm any more, other than the owners of the cars? I've heard car alarms go off hundreds of times. Every time it was a false alarm. Even the owners get tired of all the false alerts.