Alice in Warningland A Large-Scale Field Study of Browser Security Warning Effectiveness Devdatta Akhawe UC Berkeley Adrienne Porter Felt Google, Inc.

Slides:

Advertisements

Similar presentations

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU

Advertisements

Clearing your Cookies Google Chrome A short guide to help you navigate our website faster Brought to you by:

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Browser Tabs Presented by Keystone Computer Concepts.

The Importance of Being Earnest [in Security Warnings] Serge Egelman (UC Berkeley) Stuart Schechter (Microsoft Research)

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.

What Is Malwarebytes? Malwarebytes is a free anti- malware program. Anti-malware programs are specifically designed to find and remove malware on your.

Enabling Screen Sharing in the WizIQ Virtual Classroom accessed through Browser.

CLICK FRAUD Alexander Tuzhilin By Vinny Rey. Why was the study done? Google was getting sued by advertisers because of click fraud. Google agreed to have.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.

Picture 1 model: ICT lifecycle in a company 1. business needs & business strategy 2. ICT strategy - ICT assessment - ICT strategic plan - ICT implementation/tactical.

For technical assistance, call 1-(800) Welcome to Cornerstone’s Updated VISION Software System Your MSDS & Chemical Inventory.

An Empirical Study of Vulnerability Rewards Programs Matthew Finifter, Devdatta Akhawe, David Wagner UC Berkeley.

When running the CTAS MS Access database modules you may see this security warning This indicates that all scripting within the database has been disabled.

Phish your victims in 5 quick steps. Phish yourself today In less than 5 minutes What is Phish5? Phish5 is a Security Awareness service With Phish5, a.

Givingabit & ‘forgetmenot’ for businesses who support charity.

Web Security Tips Li-Chiou Chen & Mary Long Pace University September 1 st, 2010.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.

Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness Ranran (Monica) Bian UPI: rbia002 Faculty of Science – Computer.

Fix your Computer Hold control (ctrl) while you left-click to follow the links Be wary of using other links that you find on Google as some are guaranteed.

Preventing SSLStripping Attack Using Visual Security Cues – An empirical study Dongwan Shin and Rodrigo Lopes Proceedings of the 27th Annual Computer Security.

An Empirical Study of Visual Security Cues to Prevent the SSLstripping Attack Dongwan Shin and Rodrigo Lopes In Proc. 27 th Annual Computer Security Applications.

There are two methods to get to the practice tests: 1.Through the secure browser 2.Through a Web browser January 2014 Smarter Balanced Practice Test Workshop.

ARTICLE WRITTEN BY: DEVDATTA AKHAW, ADRIENNE PORTER FELT PUBLISHED IN: PROCEEDINGS OF 22 ND USENIX SECURITY SYPOSIUM AUGUST WASHINGTON, D.C, USA.

Selenium Web Test Tool Training Discover The Automating Power Of Selenium Author : Girija Prasad Panda Alcatel-Lucent.

Mozilla Firefox By: Hassan Aslam Angela Brown Allen Lewis Brain Molczyk Megan Propts.

Agenda Last class: Software Lab Today: More Computer Software –Web Browsers –Searching the Internet.

Shaping the future. ‘ People Say It’s Good to Talk…’

Browser Wars (Click on the logo to see the performance)

By Michael P. Kassner Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef-

Presented by: Rong Wang. Provided statistics of Google Chrome and Firefox user's behaviour when encounting numerous type of security warnings including.

Access Code Registration Portals for

May 6, 2009 Browser Compatibility Testing Definition It is a non functional type of testing where web based applications are tested on various browsers(IE.

Chapter Three: The Scientific Process  3.1 Inquiry and the Scientific Method  3.2 Experiments and Variables  3.3 The Nature of Science and Technology.

The Practice of Statistics Third Edition Chapter 11: Testing a Claim Copyright © 2008 by W. H. Freeman & Company Daniel S. Yates.

Candidate’s System Specification & Configuration.

Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:

COMPUTER SCIENCE Why choose OCR GCSE (9-1) Computer Science?

Scientific Method Identify a Problem Formulate a Hypothesis Determine a Plan of Action Collect Information/Data Analyze Information/Data Interpret Findings.

How can I Fix Google Chrome Error? Toll Free Number:

How to download the latest version of AVAST Antivirus for free?

Call Us Mozilla Firefox Online Technical Support Phone Number For more details visit at:- -techsupportnumber.com/mozilla-

Introduction to Web Safety

Norton Antivirus How to install Norton antivirus on windows 8 | Norton.com/setup download.

Presented by [Harshit Agrawal] 03/02/2017

Tips to Download or Install Norton Security to Computer Device.

How To Run Google Chrome On 64-bit Windows 7 ? CALL FOR GOOGLE TECHNICAL

Google search not working on pc Google.

Mozilla Firefox is famous for its fastest speed. It is free of cost and affable to Windows, Linux computers. It was one of the first browsers to have.

CS 142 Lecture Notes: Network Security

Using Various Internet Browsers

بهترین راهکار را انتخاب کنید...

How To Fix AOL Desktop Update Error AOL Helpline Number

How to Fix Norton Antivirus Sonar Protection Error.

HOW TO DOWNLOAD THE LATEST VERSION OF AVAST ANTIVIRUS FOR FREE?

Java Web Start The New Way to Open Oracle Financials Form Applications

Installing OpenRefine

CS 142 Lecture Notes: Network Security

Chapter 9 Requirements Modeling: Scenario-Based Methods

نظام الفارابي لإدارة جودة التعليم والتعلم

Tom Chothia Computer Security

PeopleLink Development 1 Page Guide

Free Download Manager Free Download Manager is one of the substantial, easy to use and more over an absolutely free download accelerator as well as the.

Yoel Kortick Senior Librarian

CS 142 Lecture Notes: Network Security

Unit 2: Fundamentals of Computer Systems

Regional/Community Volunteer Portal Training

10 SUCCESSFUL ONLINE BUSINESSES

Chapter Three: The Scientific Process

Business Zone - Clearing your Cache

Presentation transcript:

Alice in Warningland A Large-Scale Field Study of Browser Security Warning Effectiveness Devdatta Akhawe UC Berkeley Adrienne Porter Felt Google, Inc.

Given a choice between dancing pigs and security, the user will pick dancing pigs every time Felten and McGraw Securing Java 1999

Evidence from experimental studies indicates that most people don’t read computer warnings, don’t understand them, or simply don’t heed them, even when the situation is clearly hazardous. Bravo-Lillo Bridging the Gap in Computer Security Warnings 2011

Didn’t that change anything?

today A large scale measurement of user responses to modern warnings in situ

What did we measure?

Clickthrough Rate # warnings ignored # warnings shown (across all users)

What is the ideal click through rate of effective warnings? 0%

How did we measure it?

Browser Telemetry A mechanism for browsers to collect pseudonymous performance and quality data from end users Users opt-in to sharing data with the browser vendors Data collected: May 2013

What did we find?

Results 1. Malware/Phishing 2. SSL Warnings

7.2% (Firefox Malware) 23.2% (Chrome Malware) 9.1% (Firefox Phishing) 18.0% (Chrome Phishing) Less than 25%!

7.2% (Firefox Malware) 23.2% (Chrome Malware) 9.1% (Firefox Phishing) 18.0% (Chrome Phishing) Rational?

Impact of Demographics Operating System Malware Firefox Malware Chrome Phishing Firefox Phishing Chrome Windows7.1%23.5%8.9%17.9% Linux18.2%13.9%34.8%31.0% Linux clickthrough rates much higher (except Chrome malware)

Hypothesis: A greater degree of technical skill corresponds to reduced risk aversion. (if Linux => more technical skill)

Results 1. Malware/Phishing 2. SSL Warnings

33.0% (Firefox beta) 70.2% (Chrome stable)

Possible Reasons 1. Warning Appearance 2. Number of Clicks (1 click vs 3) Chrome Team investigated by running trials

Possible Reasons 1. Warning Appearance 2. Number of Clicks Chrome Team investigated by running trials ~33% of difference ~25% of difference

Implications

Browser security warnings are effective, although they can be improved. Warning mechanism design can have a tremendous impact on user behavior. Security Practitioners should not ignore role of the user

Thanks for Listening!