That's the gist of a new report from Google researcher Adrienne Porter Felt and University of California, Berkeley graduate student Devdatta Akhawe, who trawled some 25 million data points in a quest to figure out how effective phishing, malware, and SSL warnings are for users of Chrome and Firefox.
It finds that Chrome could borrow a number of useful traits from Firefox to reduce the rate at which users click through SSL warnings, potentially opening their computers to being compromised.
"Google Chrome users are 2.1 times more likely to click through an SSL warning than Mozilla Firefox users," the researchers write. They believe this high click-through rate comes from a combination of aesthetics, the storage of user-set SSL exemptions, and different demographics from users of different operating systems.
Msg#: 4601374 posted 6:03 am on Aug 13, 2013 (gmt 0)
1) Why warn that sites with self-signed certs are untrusted, but not sites without any certs (i.e. plain http connections). The former is definitely more secure?
2) "potentially opening their computers to being compromised" How?
3) People may well know what they are doing when clicking through - for example to a site with a self-signed cert. There is no evidence, for example, about which browser's user are more likely to click past a warning on a phishing site, for example.
4) The bit in bold half way down the article essentially invalidates everything else. Firefox stores exemptions, so so the numbers are not comparable.
It is quite different from the journalists' scare story.
It also covers malware and phishing warnings. One interesting statistic is that Firefox on Linux users are much more likely to click past malware warnings that Firefox on Windows users, but Chrome on Linux users are much less likely to click past malware warnings.