Security warnings that fail to be helpful: Who are you trying to confuse?

28 July, 2008 at 3:53 pm Leave a comment

Warning: This file may contain malicious code, by executing it your system may be compromised.

If your average user is a computer security professional, this warning, found in a web application for corporate intranets, may be appropriate.  But does the average person want to understand the concepts of ‘malicious code’ or a ‘compromised’ system?

Wouldn’t they rather just be gently reminded that you can’t trust every file that you download on the web?

Let’s consider for a second that a user sees the original warning and doesn’t ignore it.  They may ask, ‘what is malicious code?’  Well, it is code, erm …  Well, computer programs are written in what’s called code … and sometimes that code might be erm … written to do bad things to your computer.  If they are not confused enough already they might try and ask what a compromised system is.  And no, it doesn’t really have much to do with a ‘compromise’ on anyone’s part.

If you really want to scare people, you could at least use terms that are more likely to be widely understood, like ‘files may contain viruses!’  ‘Be careful!’

Writing language that people are likely to understand is not dumbing down.  It would be dumbing down if you removed some of the most relevant and important details from your message, leaving your users feeling cheated because details were withheld.  But in this case, the fact that software is made up of code, and some code may be a bit nefarious, or the concept of a compromised system, detracts from the most important detail of the message, which is that it might not be safe to trust the file you are downloading.  There are also some more clear, more concise alternatives, such as the word ‘virus’.  This word has come to collectively signify everything nasty that you could let loose on your computer without meaning to.

Advertisements

Entry filed under: Practical web security. Tags: , , , .

Telling people not to get phished The password problem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Tweets


%d bloggers like this: