Interesting People mailing list archives
] more on Sony's Escalating "Spyware" Fiasco
From: David Farber <dave () farber net>
Date: Sat, 3 Dec 2005 15:26:45 -0500
Begin forwarded message: From: Marc <marcaniballi () hotmail com> Date: December 3, 2005 12:01:35 PM EST To: dave () farber net Subject: RE: [IP] more on Sony's Escalating "Spyware" FiascoMr. Crocker brings up interesting usability issue with security models - and not just Microsoft's, but all the anti virus vendors, firewall vendors and
other security oriented software systems. The problem (as I see it) is two fold;First; we are not always presented with the information required to make a
good decision. This is endemic in ALL software platforms and operating systems. I have yet to find a system that consistently provides adequate information to make the "click OK" decision.Second; The "average user" wants the system to take care of most of these decisions for them - automatically. This is a project of mammoth proportions
for any software vendor, and especially daunting for an operating system vendor. Creating such an infrastructure would require several componentsthat would bloat both the creation and maintenance costs for the system, as
well as affect its performance (likely, significantly).For a system to make an effective automated decision it will need to make so many assumptions that it will become ineffective within weeks of deployment - unless you have a highly configurable decision engine, in which case, you
have just reintroduced the complexity that the users don't want to deal with. Marc -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Friday, December 02, 2005 8:52 PM To: ip () v2 listbox com Subject: [IP] more on Sony's Escalating "Spyware" Fiasco Begin forwarded message: From: Dave Crocker <dhc2 () dcrocker net> Date: December 2, 2005 6:01:29 PM EST To: dave () farber net Cc: ip () v2 listbox com, "Synthesis: Law and Technology" <synthesis.law.and.technology () gmail com>, Bob Hinden <bob.hinden () nokia com> Subject: Re: [IP] more on Sony's Escalating "Spyware" Fiasco Reply-To: dcrocker () bbiw net
Blaming Microsoft for software that requires you to click OK seems as silly as blaming GM if someone pumps bad gasoline into your car, no?
No. The human factors (usability, interaction design, cognitive modeling, decision context, etc.) issues are entirely different. Presenting users with a simple pop-up to click presumes a number things inappropriately and ignores a number of essential concerns. Some examples: 1. Users are expected to fully understand the security model of their system. Since computer experts often don't, placing such a burden on non-technical consumers is quite simply silly. 2. The messages that are displayed are cryptic, incomplete and tend to be full of jargon. Even with a good technical model, a user often has difficulty knowing what is going on. 3. The more dangerous a user interaction, the more important it is to protect against the user's performing the action automatically, rather than having to deliberate on the choices. User must click "ok" so frequently, it is far too easy to click ok as a habit. 4. Related to this is the meta-point that users are burdened with so much "system administration" work that they MUST develop a habitual response, so that they can return to doing their primary activity. The habitual response works fine... except when it doesn't.
People bought the CD and ckicked OK because they trusted Sony, not because they trusted Microsoft to protect them against Sony, surely?
Clicking OK is taken to mean informed consent. The reality is that it means nothing of the sort.
Since when did anyone trust Microsoft? Did anyone not wearing a tinfoil hat at the time remotely suspect that we needed protection against Sony? Why should Microsoft be more prescient?
When a product purports to have safety features, there should be a good basis for believing that the features will be effective. In this case, there is quite a bit of basis for knowing that it will be INeffective. The design of critical user interactions needs to pay far more attention to the nature, capabilities and preferences of the average user. Unfortunately any serious effort along these lines means finding ways to reduce the overall user burden for system administration, so that critical user interactions are much more distinctive and rare. d/ -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net> ------------------------------------- You are subscribed as marcaniballi () hotmail com To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- ] more on Sony's Escalating "Spyware" Fiasco David Farber (Dec 03)