
Fake popup study sadly confirms most users are idiots - raghus
http://arstechnica.com/news.ars/post/20080923-study-confirms-users-are-idiots.html
======
iigs
Apple has pretty much used the original Apple Human Interface Guidelines
documents for toilet paper (there are three or four different title bar types
in OS X), and Microsoft has even moved the IE6 malware warning dialogs around
in a _service pack_ (SP2, security enhancements, moving the warnings into the
yellow bar in the top of the renderable space). It's mind bogglingly stupid
and completely inexcusable.

We, as the leaders, experts, and geeks of the community have failed to demand
verifiable, non-forgeable desktop experiences for critical steps, instead
electing to say "tee hee hee, this idiot didn't notice the HAND POINTER! how
stupid, i'd never do that!" Remember Windows 98? Active Desktop? Underlined
filenames on icons and single click to execute? Yep. Hand pointer on
mouseover.

We're the idiots, not them.

edit: arrgh, i just looked. This single click thing is still in XP. Tools ->
Folder Options, it's right on the first screen. <frustration>
lakjflkwjlewijlewfjljk</frustration>

------
ars
This study has a big hole: It wasn't their machine, plus they were told which
sites to go to, so they assumed they were safe.

Also those who moved away the dialog did the right thing: it's not their
machine, they should leave the dialog there for the admin to take care of.

------
tptacek
Yeah, I'm thinking the problem with malware that's installable from a click on
a dialog box that can paint itself similarly to an OS dialog? _Might not be
the users_.

~~~
Tichy
In general, there is no such malware, so the experiment is complete nonsense
in my opinion.

If there was such a malware, that is, if there was a temporary bug in the
browser allowing such a thing, then the dealing with the dialog boxes would
just be an illusion of security. Any other innocent looking thing could screw
you over just as well.

I think the users were just used to stupid looking popups (what has the
advertising industry not tried yet?) and did the right thing by removing or
ignoring them.

------
zby
Well - just put yourself into the shoes of the students - you get some minimal
money to go through this boring review - would you not assume that preparing
the machine and securing it is the experimenters task? Would you not just go
through the excercise with minimal thinking effort?

------
Tichy
I don't understand: where is the problem with clicking on those popups? What
would the apropriate reaction have been? If the browser is implemented
correctly, it should be impossible to create a problem by clicking on those
popups. The only popup one musn't click is the "install software, OK?" popup,
but that wasn't among the fakes.

