Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
It's funny.  Laugh.

Popup Study Confirms Most Users Are Idiots 568

danieltdp writes "Testing students at a University, psychologists made many of them click on a dialog box that in effect said: 'You are about to install some malware. Malware is bad. By clicking yes you are failing the Windows Darwin Test.' Nearly half of them said all they cared about was getting rid of these dialogs."
This discussion has been archived. No new comments can be posted.

Popup Study Confirms Most Users Are Idiots

Comments Filter:
  • Summary is WRONG (Score:5, Informative)

    by AKAImBatman ( 238306 ) * <akaimbatman@gmaiBLUEl.com minus berry> on Tuesday September 23, 2008 @04:41PM (#25127837) Homepage Journal

    "You are about to submit a bad summary. The summary is bad. By clicking yes you are failing at Slashdot Darwin Test."

    "Testing students at a University, psychologists made many of them click on a dialog box that in effect said: 'You are about to install some malware. Malware is bad. By clicking yes you are failing the Windows Darwin Test.'

    Doh!

    For those of you just joining us, the article says nothing of the sort. The article actually says that they created fake "Application Error" dialogs with various numbers of "fake" aspects. e.g. The cursor turning to a hand over the "Ok" button, reverse colored text, browser borders, etc. Basically, stuff that should have made it obvious that these were malware windows. Nearly half of those tested "accepted" the dialogs to get them out of the way. Some of them simply minimized them for later.

    The text referred to in the summary is an image created by Ars Technica with the caption, "Even this warning might not have helped".

    • The actual text (Score:5, Informative)

      by KingSkippus ( 799657 ) * on Tuesday September 23, 2008 @04:44PM (#25127885) Homepage Journal

      The actual text was "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c.' The memory could not be 'read.' Click OK to terminate program." You're right, this is not "basically" (or even remotely close to) the text in Ars's little joke screenshot or what was posted in the summary.

      • by treeves ( 963993 ) on Tuesday September 23, 2008 @04:54PM (#25128047) Homepage Journal
        Did "read" really have those single quotes around it? That would have been pretty 'suspicious' to me. Wink, wink, nudge, nudge.
        • by GuldKalle ( 1065310 ) on Tuesday September 23, 2008 @05:00PM (#25128147)

          To be 'fair', the dialog box they were going for does have those quotes.

        • Re:The actual text (Score:5, Informative)

          by ari_j ( 90255 ) on Tuesday September 23, 2008 @05:03PM (#25128195)
          The legitimate error messages of that form often do, indeed, surround "read" with quotation marks.
        • Re:The actual text (Score:5, Informative)

          by Anonymous Coward on Tuesday September 23, 2008 @05:06PM (#25128241)

          That's typical for these error messages in Windows. The error message is legit, this is something that a regular Windows user might see (I don't want to use the word "commonly", but it's relatively common as far as Windows error messages go). From look at the error message it looks to me like it's a basic Windows error message where the OS fills in the quoted strings (source address, target address, IO operation). All of them are double-quoted. The actual error in Windows would be printed exactly like this:

          The instruction at "0x77f41d24" referenced memory at "0x595c2a4c". The memory could not be "read". Click OK to terminate program.

          Even though I assume that's a template for several error scenarios, I've never seen one during my own usage that didn't specify "read". The actual text is a regular Windows error though, the display of the text was what was supposed to alert users (browser status bar, borders, close/minimize buttons, colors, etc). So it's not the error message that was supposed to be suspicious, just the context that it's shown in.

          • Re: (Score:3, Informative)

            I've never seen one during my own usage that didn't specify "read"

            If you're dealing with faulty memory (the usual reason you'll see those errors come up a lot), you'll also definitely see similar errors about "the memory could not be 'written'." The "read" version is definitely more common, though, for some reason.

          • Re:The actual text (Score:4, Insightful)

            by lennier ( 44736 ) on Tuesday September 23, 2008 @08:29PM (#25130109) Homepage

            If this is the dialog in question [arstechnica.com], then I think even I would have clicked 'Ok', and I'm paranoid as all get out. (Which is why I use Firefox so perhaps I'm not so familiar with IE look and feel).

            I mean it's not like you have a lot of options is it? Crash out of IE? And just looking at the still image, other than the minimise/maximise controls, there's nothing that screams 'malware' to me. Even the presence of the maximise controls doesn't immediately grab me, because Microsoft changes GUI schemes and widget sets so often (Office 2007, ahem) that it's really hard to tell what a 'typical' dialog should or shouldn't look like.

            Isn't the real question: if you're always only ever ONE 'OK' BUTTON CLICK from hosing your computer and giving up all control to an attacker - isn't something very wrong already?

            • Re: (Score:3, Insightful)

              by Tawnos ( 1030370 )

              That dialog has a few things wrong with it. The most damning is the status bar on the bottom (which, admittedly, wasn't on all the fake dialogs), but more obvious would be that your mouse turns into a hand on the dialog/okay button, or that there are minimize/maximize buttons.

              The other option is to click the "x" in the top right, and it's something you should do when unexpected windows pop up while web browsing. Even if it's possibly a legit error, there's no harm in hitting "x" instead of "OK".

              I don't thin

              • Re:The actual text (Score:4, Interesting)

                by Toonol ( 1057698 ) on Wednesday September 24, 2008 @01:25AM (#25132221)
                Most obvious clue for me?

                It's using the default XP skin. I've never left that on a computer for more than a few minutes, and none of my family does either. Switching to the classic explorer GUI really makes a lot of fake popups and malware stand out like a sore thumb.
            • by LaskoVortex ( 1153471 ) on Wednesday September 24, 2008 @01:40AM (#25132307)

              If this is the dialog in question, then I think even I would have clicked 'Ok',

              I would wonder what right IE has to proxy as my OS and terminate another program and I would get suspicious. Then I would think "oh yeah, this is Microsoft, they do stuff like that all the time." And then I would say to myself, "hey, this is some other person's computer, who gives a fuck?" And then I would click ok and finish taking the stupid test and get my $20.00 for being a test subject and get the hell out of there and then never think of it again, until I saw it on /. Then I would say to myself "Hahaha. Those dumbasses at PCU didn't know how to do science. Of course the subjects are going to click through whatever--they just want to get out of there. Looks like they got in a good journal. Man, that journal got duped. I wonder who the tards were who reviewed that paper...Hey look, a twitter post and I just blew my chance to mod this thread. Damnit."

        • by rishistar ( 662278 ) on Tuesday September 23, 2008 @06:34PM (#25129213) Homepage

          Did "read" really have those single quotes around it? That would have been pretty 'suspicious' to me. Wink, wink, nudge, nudge.

          No, but the word 'Cancel' in the dialog box was replaced with the phrase 'Say No More'....

      • Comment removed (Score:5, Interesting)

        by account_deleted ( 4530225 ) on Wednesday September 24, 2008 @03:29AM (#25132903)
        Comment removed based on user account deletion
    • Summary is under ENTERTAINMENT. Tag says HUMOR. If it had been accurately reporting on the study, it would have been under SCIENCE. Read all the words.

      • by wealthychef ( 584778 ) * on Tuesday September 23, 2008 @04:53PM (#25128031)
        Be that as it may, to call a user an "idiot" because he does not know the appropriate style for an error dialog box, or having seen an odd style, does not associate that with malware, but prefers to continue on task if possible, shows how arrogant the author of the summary is.
        • by 1u3hr ( 530656 ) on Tuesday September 23, 2008 @09:36PM (#25130545)
          Also one must consider the situation. The students were placed in front of a screen and given a task. If it were me I wouldn't be to concerned about error messages if I could just click them away, finish the job and collect my $5 or whatever. If it was my own PC, or one I used every day for work, I would indeed take much more care. But a machine used by many people is probably going to get fucked up in very short order regardless of what I personally do, so why bother.
        • by clockwise_music ( 594832 ) on Tuesday September 23, 2008 @11:34PM (#25131361) Homepage Journal
          Mod parent up - I couldn't agree more. Users are not idiots. Users just don't care about reading dialog boxes because a lot of the time the message isn't useful or helpful.

          Here's a suggestion for everyone. Whenever you display an error message, don't just display the error message. The user (normally) doesn't particularly care what went wrong. They just want to know how to fix it.

          Eg, I was trying to buy an AudioBook on iTunes the other day, when it said to me "Users in Australia cannot purchase tracks on the UK site". Now it didn't tell me "well, go to the Australian site, and here's a link to go to it" or say "would you like to go to the Australian site?". It just gave me a dumb error message. It took me ten minutes to find the link to the Australian site (scroll down to the bottom of the front page, dur. Seems so obvious now).

          Dammit, be helpful to your users. Don't just display the error message. Display what to do about it. Even "please try again later" is better than nothing.
      • by dark-nl ( 568618 ) <dark@xs4all.nl> on Tuesday September 23, 2008 @07:57PM (#25129891)
        I'm used to the commenters not reading the articles. That's life on the net, and with all those comments to read and reply to, who has time for the articles?

        I've even gotten used to the slashdot editors not reading the articles. After all, there are a lot of submissions and it's not like it's their job. The queue is long, the day is short, etc etc. I understand all that.

        But when I realized that even the submitters don't read the articles they summarize... that is when I cried. Something broke inside me.

        Even that was a couple of years ago, though. I'm all better now, and life is wonderful now that things don't have to make sense anymore. I feel so free!

    • by hellfire ( 86129 ) <deviladv AT gmail DOT com> on Tuesday September 23, 2008 @04:53PM (#25128027) Homepage

      The bottom of the article has the actual conclusion that the article was trying to make:

      Follow-up questions revealed that the students seemed to find any dialog box a distraction from their assigned task; nearly half said that all they cared about was getting rid of these dialogs. The results suggest that a familiarity with Windows dialogs have bred a degree of contempt and that users simply don't care what the boxes say anymore.

      The authors suggest that user training might help more people recognize the risks involved with fake popups and the diagnostic signs of genuine Windows dialogs, but the fact that the students didn't appear to spend any more time evaluating the fake dialogs raises questions as to whether education is enough.

      • by EmbeddedJanitor ( 597831 ) on Tuesday September 23, 2008 @05:08PM (#25128275)
        Clearly popups don't work in an effective way, yet programmers continue to use them for the wrong purposes.

        It isn't just Windows either. Apps in Gnome, KDE and OpenOffice also open up stupid dialogs.

        It is unreasonable to consider training users to be driven by popups. What would make more sense is for programmers to design their pop up use better so that it is more meaningful for the user.

        • by Free the Cowards ( 1280296 ) on Tuesday September 23, 2008 @05:19PM (#25128401)

          Programmers continue to use them because they effectively move responsibility. Yes, they fail, but when they fail it's suddenly the user's fault, so the programmer is happy with the result.

          Of course this is bad UI and the failure is ultimately that of the programmer, but this is not how it's perceived now, so programmers will continue to use them even if they know full well that they don't do the job.

          • by RCanine ( 847446 ) on Tuesday September 23, 2008 @06:20PM (#25129101) Homepage

            Of course this is bad UI and the failure is ultimately that of the programmer."

            I wonder what percentage of programmers double as UI designers. I be it's less than 25%. The reality is that by the time most programmers get their requirements, error scenarios often don't meet up with UI designers' assumptions. So then you're stuck with either popping a dialog, designing a different ham-fisted solution or going back to the designer and adding a lot of time to the development.

            I'm not defending bad modal dialogues, but in complex software with heavy deadline pressure, programmers often have to make decisions they'd rather not. It's not a bad programmer, it's a bad process.

        • by Jesus_666 ( 702802 ) on Tuesday September 23, 2008 @05:31PM (#25128533)
          Popups should reveal the cryptic stuff only when a debug flag is set, which defaults to off in end-user builds of the software. In all other cases there should be something like "$APPNAME has crashed due to a bug. Please report the contents of $APP_DATADIR/crashlogs/$DATE.txt to us as http://domain/crashes [domain]. [OK]". The user should always know what the thing that just happened means for him, not what exactly happened. If someone really wants to know the details he can take the config file and add a line saying "Errors = verbose" or something like that.

          In any way I think that the desktop environment can help, too. There should be defined popup styles for various events (crash, error, generic etc.), which should be impossible to recreate using simple images. GNOME/KDE kind of do this by allowing a multitude of styles, although users using something popular like the default Ubuntu look would still be possible targets. Vista-style blur effects might help, but are either too subtle or people simply don't notice. Maybe there could be some kind of authenticity indicator - a special mouse cursor used only for these popups (and inaccessible everywhere else) or an animation that plays when you mouse into the window. Of course those can be recreates using Flash...

          Maybe the dialog should simply display something only the OS can know. The user could be asked to enter a certain phrase upon first boot (of a given profile) and that phrase is incorporated into the dialog - and of course completely inaccessible from everywhere else.


          Of course I'm actually overthinking this; most people would still click malicious popups even if they only remotely looked like real windows at all.
          • Re: (Score:3, Informative)

            by Blakey Rat ( 99501 )

            Windows already has most of your suggestions implemented, the problem is that third-party developers generally ignore it.

            There's:
            * The Application Error Reporter tool thing for reporting crashes (without making the user click through to a website, as in your example.)
            * The Error Console, a place for applications to record the technical nitty-gritty of the error without bothering the user with it.
            * Some amount of different "levels" of reporting, for example, the notification tray can be used to report non-fa

            • by Kelson ( 129150 ) * on Tuesday September 23, 2008 @06:13PM (#25129035) Homepage Journal

              Displaying something only the OS should know is an interesting idea... like let the users customize a window border by splattering paint and then it might be blatantly obvious which windows were their personal design, and which were fakes (different splatter pattern and different colors.) Has anybody seen anything like that implemented?

              Not with window dialogs, but I've seen several browser & email plugins that use user-defined images to guard against phishing. The idea is that you assign your image to www.yourbanksite.example, then the browser will show that image whenever you visit that page... but if you end up visiting www.yourbankslte.com instead, it won't show the image, and you'll be able to notice that more clearly than the fact that the spelling is off.

              It's also kind of similar to the icon that Yahoo lets you set on your login form.

          • er popups (Score:3, Informative)

            by falconwolf ( 725481 )

            Popups should reveal the cryptic stuff only when a debug flag is set, which defaults to off in end-user builds of the software. In all other cases there should be something like "$APPNAME has crashed due to a bug. Please report the contents of $APP_DATADIR/crashlogs/$DATE.txt to us as http://domain/crashes [domain] [domain]. [OK]". The user should always know what the thing that just happened means for him, not what exactly happened. If someone really wants to know the details he can take the config file and add a l

      • by truthsearch ( 249536 ) on Tuesday September 23, 2008 @05:20PM (#25128417) Homepage Journal

        Education is definitely not enough because people just don't care. They want to do what they want to do and the computer should magically understand that and play along. There's little respect for the complexity of general purpose computers and any possible learning curve needed to use them properly.

        My wife has occasionally complained that her computer was acting "strange". After hearing the symptoms I've often asked, "Did any messages appear?". "Yes." "Well what did it say?" "I don't know. I just clicked OK." She simply doesn't care enough to deal with an issue when she's trying to browse a web site or send an email.

        My favorite was the time she complained my laptop must be broken because it turned itself off. I got nervous thinking it was broken. I asked if a message had popped up before it turned off. She said no, then thought about it and remembered something popped up a few minutes earlier. She couldn't remember what it said. I told her it said to plug it in or it would turn itself off. Her response: "Oops".

        • Re: (Score:3, Insightful)

          by Nutria ( 679911 )

          She couldn't remember what it said. I told her it said to plug it in or it would turn itself off. Her response: "Oops".

          And you decided to spend the rest of your life with this woman, and mingle your genes with hers, and have her raise your children????

          My wife is far from a technophile, but she's smart enough to know that pop-up windows transmit important information, and need to be answered correctly. (So, she calls me, and asks what to do.)

          • by StevenMaurer ( 115071 ) on Tuesday September 23, 2008 @06:02PM (#25128905) Homepage

            That kind of personality quirk is not necessarily a sign of genetic stupidity. It's just a sign of extreme disinterest.

            There are people who treat their cars more or less the same way: they are not the least bit interested in what is going on, literally, "under the hood". Warning lights? Pffff. Unless it stops the car, interrupting their life, they don't give a crap.

            Car dealers love them.

            And frankly, while such people can be annoying, I find them infinitely preferable to type that treats people like inanimate objects.

            • Re: (Score:3, Insightful)

              by Nutria ( 679911 )

              And frankly, while such people can be annoying, I find them infinitely preferable to type that treats people like inanimate objects.

              I don't prefer either. And the two personality types are not mutually exclusive.

            • by starfishsystems ( 834319 ) on Tuesday September 23, 2008 @07:38PM (#25129779) Homepage
              Case in point:

              My sister-in-law took her car into the shop, asking to have all the warning lights and buzzers deactivated, as they were bothering her.

              The service manager was somewhat reluctant to do this, thinking, no doubt, that if he went ahead with the work, it would come back to haunt him. She insisted, reasoning that these things had never happened to her before in all the years she's been driving. Five years later, she's still happy at the thought that she "took charge" of the situation. She likes to tell this story because, to her, it proves that she was right all along.

              Sure, I have to agree, at the core it's a matter of priorities. But I think it's one in which simple not-caring has eroded further into not-caring-to-understand. We can laugh a bit inasmuch as it applies to ordinary people, but I find myself alarmed as this almost Orwellian regression from critical thinking into reactivity becomes more fashionable.

              That's because it's not just ordinary people but also many trusted individuals who are afflicted. I've lost count of the number of IT managers and network staff who reason anecdotally, who can't seem to distinguish between different subsystems or levels of abstraction, or who don't even consistently apply commonplace notions of causality. These people may be smart and successful, but I find them hard to have as colleagues.

              Physicians and car mechanics, on the other hand, seem to have somehow avoided the worst of this erosion. At least, that's what I've observed. I can't explain what, if anything, might set them apart from other technical professionals.

          • by dotancohen ( 1015143 ) on Tuesday September 23, 2008 @06:34PM (#25129217) Homepage

            She couldn't remember what it said. I told her it said to plug it in or it would turn itself off. Her response: "Oops".

            And you decided to spend the rest of your life with this woman, and mingle your genes with hers, and have her raise your children????

            People who wish to mingle genes and raise children with _female_humans_ generally learn to accept this. Not that I expect all /.ers to understand.

          • by MobileTatsu-NJG ( 946591 ) on Tuesday September 23, 2008 @07:00PM (#25129437)

            And you decided to spend the rest of your life with this woman, and mingle your genes with hers, and have her raise your children????

            $5 says your wife asks the same question when you leave the toilet seat up.

        • by roca ( 43122 ) on Tuesday September 23, 2008 @07:35PM (#25129763) Homepage

          "Education is definitely not enough because people just don't care. They want to do what they want to do and the computer should magically understand that and play along. There's little respect for the complexity of general purpose computers and any possible learning curve needed to use them properly."

          There is absolutely nothing wrong with this expectation.

          Until you have internalized this, you won't be able to design great software.

      • by nine-times ( 778537 ) <nine.times@gmail.com> on Tuesday September 23, 2008 @06:08PM (#25128975) Homepage

        Story time:

        Early in my career, I worked with a helpdesk tech who was hired more or less because he had certifications out the ying yang. So one day, he comes to me and he says, "I'm having a problem with this computer. It just won't work and I can't figure out why."

        So I went with him back to the workbench and said, "Ok, show me what the problem is."

        He booted up the machine and logged in. Everything looked fine. He navigated through the start menu, found the shortcut for Microsoft Word, and clicks on it. It takes a second before anything happens, and then a little window pops up with what looks like an error message. The tech immediately hits ok, and then sits there for another minute before turning to me and saying, "See. Word won't start."

        I said, "Ok, well what did that error message say?"

        He responds, "wha?"

        I ask him to try running it again, he does, and when the error message comes up again, he again immediately hits the OK button. I say, "That! That error message. What did it say?" and he comes back again, "Huh?"

        I get him to run it a third time, and ask him to take his hands off the mouse and put them in his lap until I tell him he can touch the mouse again. The third time, the error message pops up again and says, "Error: missing msvcrt.dll." (just making that up, but it was missing some DLL) I copy the DLL over from another machine and it works again.

        True story. I'm not sure if there's a lesson in there somewhere, but it seemed like a relevant story.

    • Re: (Score:3, Insightful)

      by pugugly ( 152978 )

      And more interestingly, the study says that most users are in fact *not* idiots, but that a distressingly high percentage (almost half) are.

      Not that I have any objections towards a happy pattern of contempt toward everyone, but I prefer my contempt be fact based - {G}.

      Pug

      • by mollymoo ( 202721 ) on Tuesday September 23, 2008 @05:03PM (#25128183) Journal

        And more interestingly, the study says that most users are in fact *not* idiots, but that a distressingly high percentage (almost half) are.

        The attitude that users who do something wrong are idiots is a large part of why computers, operating systems and applications are generally pretty shit. They're made by and for geeks, not normal people. If 1% of your users do the wrong thing they may well be idiots. If 50% of your users are doing the wrong thing, you are the idiot for designing your software so badly half the population can't use it.

        (I mean "you" in the general sense, not the parent specifically)

        • Re: (Score:3, Insightful)

          by Da_Biz ( 267075 )

          The attitude that users who do something wrong are idiots is a large part of why computers, operating systems and applications are generally pretty shit.

          I enthusiastically agree. Over the last few years, I've had the "pleasure" of working with applications specific to healthcare and insurance industries. Overall, they're definitely shit.

          I have to give Apple some credit here: activities requiring kernel access (or, for that matter, most anything that has a substantial potential for causing a security breac

        • Re: (Score:3, Insightful)

          by geekoid ( 135745 )

          I've been fighting that for decades.
          If you users can't use it, it fails.
          If your user doesn't understand it, it fail's.
          If you complain that your users are idiots, you fail.

        • Re: (Score:3, Interesting)

          Users, though, should be expected to have a minimum degree of intelligence before getting involved with something that requires some basic thinking, such as a computer.

          There's a certain failure of the education system here, and of the society as a whole.
      • by Colin Smith ( 2679 ) on Tuesday September 23, 2008 @05:06PM (#25128249)

        And frankly they shouldn't have to be. I have no idea why developers seem to think they should/are. Fail safe and log it so someone who does understand what's happening can make an alternative choice.

         

      • by Chuck Chunder ( 21021 ) on Tuesday September 23, 2008 @05:45PM (#25128715) Journal

        If the tools aren't working well for people then the design of the tool is wrong.

        If you build a ATM (cash dispenser) that spits out the money before it returns the card then you'll find that a not insignificant number of people leave the machine without retrieving their card. In their brains the task they are doing (getting money) is complete so they walk away.

        Thus cash machines return the card first and then give you your money.

        You have to design things to work the way real people work. Calling people idiots is just a cop out.

        • Re: (Score:3, Informative)

          by Tawnos ( 1030370 )

          Almost every machine I've ever used gives money followed by cash.

          • Re: (Score:3, Informative)

            by Tawnos ( 1030370 )

            Er...money followed by *card*.
            Epic fail on my part, please be gentle oh mods of destiny.

        • Re: (Score:3, Informative)

          Calling people idiots is just a cop out.

          Not with computers it isn't. I work in end-user support, and, while I see people genuinely confused by shitty software sometimes (it does happen), many, many people who can't use a computer effectively are in that boat because they won't try. They've convinced themselves that the computer is a magic black box, and they can't learn to use it no matter what they do. These people are truly idiots, and it's a waste of time to try to hold their hand. Save your effort for the people who try to work with you.

        • by BitZtream ( 692029 ) on Wednesday September 24, 2008 @03:01AM (#25132719)

          Pretty much every ATM machine that takes your card internally (versus the cheap gas station ones that you have to swipe manually) gives you the cash, then asks you if you want another transaction/your card back before doing anything else.

          'Fast Cash' options generally spit everything out at once.

          People 'forget' there cards generally once, because those machine swallow the cards to prevent them from being stolen when you walk off after being in such a hurry.

          This solution is actually very effective, it makes it just enough of a pain in the butt that people do it once and then start remembering to be more careful. Since you typically have to order a new card rather than simply get your old one back, it puts you out for a few days and your brain makes the connection in most cases.

          But, the point to this post is that what you claim about ATM machines is incorrect. Also, people are idiots, and the only way to prevent them from losing their cards all the time is to apply enough of an inconvience/punishment that they only do it once.

          Personally, I love this idea and I'm all for applying it to software. If a popup clicks up with 10 lines of text and you click on it with say 1 second of it appearing, meaning that you've no possible chance of having read it in that period of time (well most people wouldn't be able to), then your PC shuts down and refuses to work for a day. Each time you continue to do it, it doubles the amount of time it stops working.

          Like wise, occasionally throw in a random popup with a message the says something like 'We're just checking to make sure you are reading these messages, click Yes to shutdown your computer for a week because you're an idiot, or No to continue you.' Randomize the button order and which button is the safe one a little, and in a short period of time, users would be reading dialogs I think.

    • by gardyloo ( 512791 ) on Tuesday September 23, 2008 @04:56PM (#25128083)

      I've learned to just click through to the article without reading the slashdot summary. It doesn't seem to have hurt my computer at all, but I -- Oh, wait. I just heard a bell. Gosh, I feel hungry right now.

  • Newsflash! (Score:4, Interesting)

    by Fry-kun ( 619632 ) on Tuesday September 23, 2008 @04:46PM (#25127929)

    The average computer user is the same as average TV user, a.k.a. Joe Sixpack
    <sarcasm>
    *gasp*
    </sarcasm>

    We computer professionals stick around other computer professionals - and nonprofessionals around us absorb enough knowledge from us by osmosis. So of course it FEELS like everyone is computer literate -- but they're not. We develop software for the braindead zombies and the braindead zombies use it.

    • by egregious ( 16118 ) * on Tuesday September 23, 2008 @04:52PM (#25128005)

      Osmosis? They gain knowledge from us through the diffusion of water?

  • by itamblyn ( 867415 ) on Tuesday September 23, 2008 @04:49PM (#25127955) Homepage
    They didn't care if malware got installed on the researchers computers. Most university owned machines that are publicly accessible (e.g. in the library) get ghosted frequently. It doesn't matter what you do to them - tomorrow they will have a fresh install anyway.
    • by Hatta ( 162192 ) on Tuesday September 23, 2008 @04:59PM (#25128133) Journal

      This was my thought too. Study participants were asked to give their opinion on a web site. If they close the offending window, they'd be unable to give their opinion on that website. If they just clicked through, they stand a chance of getting to the web site, and whatever happens to that terminal is none of their business. So these 'idiot' users were just following instructions.

  • by QZTR ( 1351145 ) on Tuesday September 23, 2008 @04:49PM (#25127961)

    From the article

    The authors, who work in the Psychology Department of North Carolina State University, crafted a set of four fake dialog boxes. All of them contained the following warning: "The instruction at '0x77f41d24 referenced memory at '0x595c2a4c.' The memory could not be 'read.' Click OK to terminate program." One of the warnings was indistinguishable from the standard Windows XP system dialog, but the remaining three were had a number of warning signs that should tip off users to potential malware.

    In all cases, mousing over the "OK" button would cause the cursor to turn into a hand button, behavior more typical of a browser control; all dialogs also had minimize and maximize buttons, while a second added a browser status bar to the bottom of the window. Finally, the most blatant one alternated between black text and a white background and a white-on-black theme. All of these should metaphorically scream, "This is not safe!"

    Ah yes, well, not understanding the obvious "metaphor" of course makes one an idiot...

    So what does that lying ass bullshit headline make one? And no, you don't get a pass because you ripped it off the article's author, WTF do you think editors do (at other places I mean, here it seems all you do is shove food down your gullet and crank out tripe like this).

  • More power to them (Score:5, Insightful)

    by Anonymous Coward on Tuesday September 23, 2008 @04:50PM (#25127985)

    Quit bugging me. Much more work needs to be done to eliminate "Are you sure?" requests. Working undo is always better than asking the user and making him regret the answer seconds later.

    • Re: (Score:3, Insightful)

      by hedwards ( 940851 )

      That was my thought, I largely stopped reading those dialogs back sometime in the mid 90s because they were basically all identical and they conveyed basically no information either.

      If MS or really anybody else were serious about this sort of problem they'd stop popping up so many of those windows. Really just having a small status screen at like the lower left which listed those things would be a good start. That way only serious problems would need a window. Better yet if MS could ditch the hearing impair

  • The fuunt thing is (Score:5, Informative)

    by geekoid ( 135745 ) <{moc.oohay} {ta} {dnaltropnidad}> on Tuesday September 23, 2008 @04:56PM (#25128095) Homepage Journal

    the people writing the dialog boxes assume clicking no just shuts down the dialog box.
    You could easily have events fire on the No as you do on the yes.
    It takes a little work, but it is doable.

  • by digitalhermit ( 113459 ) on Tuesday September 23, 2008 @04:56PM (#25128097) Homepage

    This was not surprising and I don't place all the blame on the users.

    There's a similar situation with semi experienced administrators. They may configure logging and monitoring on a system. Being security paranoid, they set the log level fairly low so they end up getting lots of alerts.

    Somewhere along the line, however, the administrator stops paying as much attention. Maybe a CPU alert hits 100% every night. Then one day someone in Finance runs a half-assed join across a gateway and brings down a DB. The admin gets the alert but has gotten so used to them that it was ignored. This is worse than if he'd never gotten the alert at all.

    The alerts that OSes put up (Vista, for example) and the host of browser and AV and IDE warnings get useless after a while. The system should do this transparently and not rely on the user to be the MAC layer.

  • Children (Score:5, Interesting)

    by Phroggy ( 441 ) <slashdot3@NOsPaM.phroggy.com> on Tuesday September 23, 2008 @04:57PM (#25128103) Homepage

    My roommates' daughter, who isn't old enough to read yet, can navigate menus on the Nintendo Wii by using trial and error to determine which button "works" and which button "doesn't work" to get where she wants, then (with repetition) memorizing the position or appearance of the correct button. She has absolutely no idea what any of the text says if it isn't accompanied by pictures, but she only occasionally needs help navigating.

    Shouldn't we expect better from adults using a computer?

  • Wrong conclusion (Score:5, Insightful)

    by Xzzy ( 111297 ) <`gro.h7urt' `ta' `rehtes'> on Tuesday September 23, 2008 @04:58PM (#25128123) Homepage

    I don't think this says as much about the users as it does the usability of our computers.

    Computers are commodity items now, the days where nerds interested in technical details were the primary demographic are long gone. People just want to do their job and move on with life, they don't care about memory registers or malware they just want to not be interrupted.

    It really illustrates how dialog boxes as a warning system are a flawed mechanic, we got this fancy computer with a fancy operating system, why can't it figure out the right thing to do when an application tries to access memory it's not supposed to?

    Guess my point is if we put as much effort into error handling and/or malware detection as we do our whiz-bang graphics, it might not even be a problem anymore.

  • by hankwang ( 413283 ) * on Tuesday September 23, 2008 @05:15PM (#25128369) Homepage

    I don't really get why clicking OK on something that vaguely looks like a system error is a problem. If it is a script running inside a web browser, the script cannot do anything that it wouldn't be able to do without the script. If it is already a process running inside the OS, it means that you are already in trouble because it could also erase files or install programs without you clicking OK.

    It would be more beneficial to malware if they could make a REAL Windows dialog ("Install new software, Allow?") look like a harmless message ("Print job finished."), but that would be pretty tough to do.

    • Re: (Score:3, Informative)

      It's a lot easier to have a popup browser window which links to a site with arbitrary nasty scripts, than to embed said nasty script on the original site.

  • Testing criteria (Score:5, Insightful)

    by merc ( 115854 ) <slashdot@upt.org> on Tuesday September 23, 2008 @05:31PM (#25128535) Homepage

    One thing worth noting is whether the students were using their own computers or computers on loan from the department. It's worth noting because most people care what happens to their own personal systems (because they're the ones who will be stuck fixing them) but care less if a school computer is infected for instance.

    I'm not sure if this makes them idiots or just uncaring, either way it could be relevant.

  • by modemboy ( 233342 ) on Tuesday September 23, 2008 @05:32PM (#25128551)

    Working in support, I have seen so many times where if an unfamiliar dialog box pops up, people either click on the option they are used to clicking on, or call support without even reading the message on the dialog box. It is like they are unable to physically see the contents of the dialog anymore, it has been beaten out of them. Often all I have to do is make them read me the dialog over the phone, which makes them process the info mentally, and they know which button they need to press then, having actually read and comprehended what was asked.
    It is a very interesting problem, I think the solution is to make the buttons themselves say what they do, rather than clicking Ok or Cancel, have the button say "Exit crashed program", or "Install new program" or what have you. Always being OK or Cancel conditions people to just blindly click.

    • Re: (Score:3, Interesting)

      by ps_inkling ( 525251 )

      I think the solution is to make the buttons themselves say what they do, rather than clicking Ok or Cancel, have the button say "Exit crashed program", or "Install new program" or what have you. Always being OK or Cancel conditions people to just blindly click.

      The Apple user interface guidelines have always stated that verbs should be used on command buttons. Inserting a blank disk under Mac OS pops up the "Format" or "Eject" dialog box. On Windows [bleepingcomputer.com], the text says "To format the disk, click OK. To quit,

  • by PJ1216 ( 1063738 ) * on Tuesday September 23, 2008 @05:34PM (#25128581)
    I see a lot of people jumping to conclusions about how this is the fault of programmers for using the dialog box too much, etc, etc, etc. I call BS. If you write software for people who are computer illiterate (which happens a lot in my field. i write software for veterinarians), they'll click on anything and do everything, no matter the consequences. A simple "undo" isn't enough. They need to understand what they just did. If a popup don't pop up and say "you're about to delete something" they won't even know they deleted it until its too late (closing program, etc). You can't keep an infinite list of "undos" either. So, you're left to assume one of two things. 1) The person has read instructions, understands what they're doing, and understands they're responsible for breaking it OR 2) They haven't read any instructions, will click on what they think makes sense and when they break it, they call support, bitch and moan, taking up valuable time. Maybe in a bigger company, thats acceptable, however, *I* do both the programming AND support as we're a company of about 5 people. I can't be dealing with people who are idiots. I challenge anyone to make something thats completely foolproof without popups AND thats still aesthetically pleasing to look at AND easy to use.

    Maybe people should just realize they're using delicate instruments and should treat them as such. These aren't toys, but systems that cost hundreds, sometimes thousands of dollars to build. Its not the programmers' fault. Its the user's. If the user refuses to educate himself to not be a fool, there's really no way to try and make something foolproof.
    • by BitZtream ( 692029 ) on Wednesday September 24, 2008 @03:25AM (#25132875)

      As my girlfriend is a forth year vet student at one of the top 5 schools in the nation, I've got some experience with your customer (future) base and I'm the head developer for a small development firm. I feel I can help you out a little.

      Most vets are idiots. Most of them have good memories and that gets them through vet school and past the boards. Very few of them actually have critical thinking skills and are people I would actually let touch my animal. Put them in front of a case that isn't in the text book and they have no clue what to do, even on simple stuff.

      Example: They use IV Pumps to push certain fluids or drugs into the animals at times because you don't want to push the whole large dosage in at one time. Simply enough. So when they don't have a pump available, many of them never consider the fact that a gravity feed will accomplish the same thing, so they 'cant give the animal its medicine'. I'm not a doctor, but I've seen this happen and literally had to ask 'why don't you just let it drip in like before you had pumps'. After they get over themselves and have told me how utterly wrong I was, I've returned to see the animal on a IV drip. No ability to think on their own, just an ability to repeat something they've memorized. True story.

      Not all of them are that way, I'd say about 10-15 out of her class of 75 can actually deal with a situation they haven't specifically been in before, the rest would be worthless in an emergancy situation with a problem they've never seen before.

      This turned into more of a rant about vet students than intended, but for fucks sake for what is supposed to be the hardest branch of medicine, 'more difficult to get into the human medicine', at a top 5 school ... a lot of these students (AND professors) are really worthless.

      So I say, your challenge is impossible to complete for the majority of people. Its not just Vets that are idiots, its all people. A small group of intelligent people carry the rest of the normal people forward.

  • by roc97007 ( 608802 ) on Tuesday September 23, 2008 @05:49PM (#25128759) Journal

    Well, obviously, after clicking ok on a popup, another popup should open that contains a picture of the previous popup and a message "This is what you just clicked. Are you sure it's not malware?" That should take care of it. If enough of us send suggestions to Microsoft, there may be enough time to get it into Windows 7.

  • by sillypixie ( 696077 ) on Tuesday September 23, 2008 @06:19PM (#25129087) Journal

    Our geekland propensity for dismissing users as stupid because they can't navigate cryptic interfaces just makes me laugh.

    I would be interested to see what would happen in the experiment if users were given an application that used pop-ups to request that users make understandable choices, with understandable consequences.

    Shouldn't that be what we are aiming for?

  • by Carbon016 ( 1129067 ) on Tuesday September 23, 2008 @06:36PM (#25129231)
    An excuse to continually ignore usability, something which many in the software industry already do a pretty good job of doing. Maybe 2009 will be the year of the Linux desktop..or maybe not.
  • Microsoft has trained people to click "OK", "Open", "Run", "Install", "Continue", or whatever button (wherever it is) that gets you past the idiot box.

    Apple had until recently avoided this mistake. NOT (as some people have said) by making the buttons more meaningful, but by simply NOT trying to use warning dialogs in place of good design.

    For example, Mac OS doesn't ask you if you want to move a file to the trash, and it doesn't ask you if you want to empty the trash, because these are common actions, and the dialog box becomes something you reflexively accept.

    Recently, as I say, Apple has started to deviate from the path of virtue. I've caught my Mac in bed with promiscuous dialogs on many occasions.

    But by comparison with Windows (particularly Vista)... my Mac's still pretty much a dialog virgin. Really.

  • by splorp! ( 527131 ) <splorp,evil,bastard&gmail,com> on Tuesday September 23, 2008 @06:59PM (#25129433)
    This is an unmodified screen capture of an actual Windows dialogue box. I have no idea what program triggered it.

    http://i246.photobucket.com/albums/gg109/splorpdotorg/whatwouldyoudo.jpg [photobucket.com]

    (I left it onscreen until I rebooted -to be fair, this was Windows 98SE).

Genius is ten percent inspiration and fifty percent capital gains.

Working...