Study shows how subjects respond to security warnings… and being ‘hacked’

Stark security warnings are routinely ignored, according to a new study by Brigham Young University, which also cast interesting insight in what people’s reactions are when they realize their computer has been compromised, according to News Room America.

Researchers Anthony Vance, Bonnie Anderson and Brock Kirwan, carried out the experiment to assess people’s attitude to online risk, and how they behave when presented with dangerous scenarios. Subjects were initially asked to quantify how they felt about online security, but this was followed up by a ‘seemingly unrelated task’ where participants were required to login to a website on their own computers to categorize pictures of Batman as either photographed or animated.

As subjects browsed the website, pop-ups would sporadically appear warning them that the site had malware issues. If they ignored the pop-ups enough times, a fake ‘hacking’ would take place: “a message from an Algerian hacker with a laughing skull and crossbones, a 10-second countdown timer and the words ‘say goodbye to your computer'”.

“A lot of them freaked out—you could hear them audibly make noises from our observation rooms. Several rushed in to say something bad had happened,” explained Vance.

“We see these messages so much that we stop thinking about them,” Vance said. “In a sense, we don’t even see them anymore, and so we often ignore them and proceed anyway,” he continued.

Phys reports that the findings demonstrate a distinct gap between users’ claimed attitudes towards computer security and their actual behavior.

Campus Technology explains that the researchers also learned something interesting about the neuroscience of the subjects involved as part of the experiment. They set up EEG machines to measure the brain’s response to risk. They discovered that the participants’ neuroscience was a far better indicator of their attitudes to security than their written responses: “With neuroscience, we’re trying to understand this weakest link and understand how we can fortify it,” explained Vance.

Author , ESET

  • Jeff Liu

    Many such warnings are malware themselves, a fact not considered in this study.

Follow us

Copyright © 2016 ESET, All Rights Reserved.