Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Users inundated with pop-ups
Scott Granneman, 2005-12-12

Story continued from Page 1

The worst offender when it comes to creating a flurry of popup warnings, though, is undoubtedly Internet Explorer. Enter your password on a site? IE offers to remember it for you, with a popup. Hit a site whose certificate isn't up to date? IE warns you, with a popup. Go from an HTTP site to an HTTPS one? IE warns you, with a popup. Leave that HTTPS site for an HTTP one instead? IE warns you, with a popup. Popups everywhere!

Yes, I know that you could change your settings to disable most of these warnings. But will Joe Average User do that? Of course not. And I know that you can check boxes on those popups informing IE that you don't wish to be informed all the time. But you know what? I've taught classes in computer labs for years, and I'll walk around and gape in astonishment as I see my students press OK on those boxes - over and over and over and over again - and never once check the box that would banish those popups forever. They simply don't read the warning text; instead, they click on the OK button as fast as possible to close the box, ignoring the fact that the box may open back up in just a minute or two again.

IE's not the only browser that displays popups to the user. Firefox does this as well, but (unsurprisingly) it's a lot smarter about it. IE's default is to show the warning every single time, unless the user explicity tells it not to; Firefox shows the user the warning the first time, but the checkbox is to turn on the constant warnings, the exact opposite of IE's, which is to turn off the warnings. Since users don't read the box anyway, they press OK, and they never see another warning about entering HTTPS sites again.

The question comes down to, "What is the best way to inform your users without overwhelming them?" If you overwhelm them, they stop paying attention, and that doesn't help anyone. Constant popups of windows, warnings, and widgets don't help the user at all, and may in fact make them far more vulnerable. In fact, at one school I know, the Technology Coordinator's advice to his teachers was "If you see a box popup on your computer, just press OK." I'm sure that will definitely reduce the number of times he gets asked about popups, at least until a computer - or his network - gets engulfed in an virus infestation. Or worse.

Debian, the venerable Linux distro, has an interesting answer to this problem, at least when it comes to installing software. When a Debian user installs a new package, a program named "debconf" steps in to help configure the software by asking questions ... sometimes a lot of complicated, pretty technical questions. But debconf is also configurable so that users with different knowledge and skill levels get asked different questions. The debconf program desribes those four levels as follows:
  • 'critical' only prompts you if the system might break. Pick it if you are a newbie, or in a hurry.
  • 'high' is for rather important questions
  • 'medium' is for normal questions
  • 'low' is for control freaks who want to see everything
It's possible for users to change which level they want, but most Debian-based distros come pre-configured out of the box with a particular level already chosen. K/Ubuntu, for instance, is set to "critical", so that users hardly ever get asked difficult questions that many couldn't answer anyway. The beauty, however, is that the system adjusts itself based on the needs of users. Are you a newbie? Then "critical" is right for you. Control freak? Go with "low." Busy, but still want to know what's going on with your box? Try "high." And so on.

So why don't we see more of this? Why doesn't Windows work this way? Or Mac OS X? Or even more aspects of Linux? When a user first logs in, why isn't she asked to assess her skill level so that the system can respond accordingly? If Debian - traditionally thought of as one of the more hard-core Linux distros, although user-friendly versions like K/Ubuntu are changing that perception - can do it, why can't Microsoft? Or Apple? Or Red Hat? Or GNOME or KDE?

When most users are constantly faced with an overwhelming series of popups, notifications, and warnings, they stop paying attention. They have to. It's just too much information for them, and too often it's so incomprehensible that it might as well be written in Arabic. Better to try and target warnings and messages to a user's needs, so that when one appears, it will be taken seriously by a user and correctly acted upon. To me, that makes a lot more sense.

And now, if you'll excuse me, I'm off to clean pickles out of my kitchen sink. Don't ask ... you wouldn't understand.

Scott Granneman teaches at Washington University in St. Louis, consults for WebSanity, and writes for SecurityFocus and Linux Magazine. His latest book, Linux Phrasebook, is in stores now.
    Digg this story   Add to del.icio.us   (page 2 of 2 ) previous 
Comments Mode:
Users inundated with pop-ups 2005-12-13
Erik Norgaard (1 replies)
Re: Users inundated with pop-ups 2006-01-10
Users inundated with pop-ups 2005-12-20
Users inundated with pop-ups 2005-12-23
Alexey Vesnin
OSX? Huh? 2005-12-23
Pop-up Fatigue 2006-06-27


Privacy Statement
Copyright 2010, SecurityFocus