Skip to main content

Scientists use psychology to improve malware warnings

Browser malware warnings should be more clear and concise and should avoid language that scares users away, according to a recent study.

Scientists at the University of Cambridge looked into the psychology behind malware warnings and came up with ways to make them more effective, recording their findings in a paper titled Reading This May Harm Your Computer: The Psychology of Malware Warnings (opens in new tab).

Ross Anderson, one of the scientists behind the research, wrote in a recent blogpost (opens in new tab): "We're constantly bombarded with warnings designed to cover someone else's back, but what sort of text should we put in a warning if we actually want the user to pay attention to it?"

The solution that Anderson and research associate David Modric came up with was to avoid vague language and refer to positions of authority warning against opening certain pages.

For example, a warning that states a page has been "reported and confirmed by our security team to contain malware", would be more effective than a more general warning.

"To our surprise, social cues didn't seem to work. What works best is to make the warning concrete," Anderson said.

"People ignore general warnings such as that a web page 'might harm your computer' but do pay attention to a specific one such as that the page would 'try to infect your computer with malware designed to steal your bank account and credit card details in order to defraud you'."

Their findings also revealed that those most likely to turn off browser warnings were typically those who ignored warnings any; mostly men who distrusted authority.