Your Reputation Precedes You: History, Reputation, and the Chrome Malware Warning
Venue
Proceedings of the Symposium On Usable Privacy and Security: SOUPS '14, USENIX (2014)
Publication Year
2014
Authors
Hazim Almuhimedi, Adrienne Porter Felt, Robert W. Reeder, Sunny Consolvo
BibTeX
Abstract
Several web browsers, including Google Chrome and Mozilla Firefox, use malware
warnings to stop people from visiting infectious websites. However, users can
choose to click through (i.e., ignore) these malware warnings. In Google Chrome,
users click through a fifth of malware warnings on average. We investigate factors
that may contribute to why people ignore such warnings. First, we examine field
data to see how browsing history affects click-through rates. We find that users
consistently heed warnings about websites that they have not visited before.
However, users respond unpredictably to warnings about websites that they have
previously visited. On some days, users ignore more than half of warnings about
websites they've visited in the past. Next, we present results of an online,
survey-based experiment that we ran to gain more insight into the effects of
reputation on warning adherence. Participants said that they trusted
high-reputation websites more than the warnings; however, their responses suggest
that a notable minority of people could be swayed by providing more information. We
provide recommendations for warning designers and pose open questions about the
design of malware warnings.
