Chrome, Linux users more likely to ignore browser security warnings


Chrome users are far more likely to ignore security warnings than users of the Firefox browser. The findings were outlined in a new study titled "Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness" that can be downloaded here (pdf).

"Users continued through 25 percent of Google Chrome's malware and phishing warnings, but only 10 percent of equivalent warnings from Mozilla Firefox," reports InformationWeek. "Similarly, users clicked through Chrome's SSL warning a whopping 70 percent of the time, versus only 33 percent for Firefox."

The study took into consideration some 25 million warning impressions in Google (NASDAQ: GOOG) Chrome and Mozilla Firefox from the months of May and June. Data was collected using the browsers' telemetry frameworks, which the authors explained is a mechanism for browser vendors to collect pseudonymous data from end users.

Not surprisingly, it appears that being more technical may predispose some users to click through certain types of warnings too--such as those on the Linux operating system. On the other hand, putting barriers, such as forcing users to click an extra button, does not appear to work that well. 

The Fierce Take: While automated warning messages can be useful, the takeaway from the study is how they may not actually deter risk behavior in users. This seems to suggest that some basic understanding of a security warning may be necessary to influence users towards adopting safer computing. Enterprises may want to bear this in mind when making the settings of configuration or browser software.

For more:
- check out this article at The Register
- check out this article at InformationWeek

Related Articles:
Upcoming rich notification in Chrome offers leg up to web apps
Firefox to default all plug-ins to Click to Play--with exception of Flash

Filed Under