Welcome to WebmasterWorld Guest from 54.205.75.60

Forum Moderators: open

Message Too Old, No Replies

Research Finds Unsafe User SSL Click-Throughs In Google Chrome Higher Than Firefox

   
8:33 pm on Aug 12, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Admins of Chrome shops unite your users are dabbling with dodgy SSL, and you must teach them how to be safer online until Google updates its browser.Research Finds Unsafe User SSL Click-Throughs In Google Chrome Higher Than Firefox [theregister.co.uk]
That's the gist of a new report from Google researcher Adrienne Porter Felt and University of California, Berkeley graduate student Devdatta Akhawe, who trawled some 25 million data points in a quest to figure out how effective phishing, malware, and SSL warnings are for users of Chrome and Firefox.
It finds that Chrome could borrow a number of useful traits from Firefox to reduce the rate at which users click through SSL warnings, potentially opening their computers to being compromised.

"Google Chrome users are 2.1 times more likely to click through an SSL warning than Mozilla Firefox users," the researchers write. They believe this high click-through rate comes from a combination of aesthetics, the storage of user-set SSL exemptions, and different demographics from users of different operating systems.
6:03 am on Aug 13, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



1) Why warn that sites with self-signed certs are untrusted, but not sites without any certs (i.e. plain http connections). The former is definitely more secure?

2) "potentially opening their computers to being compromised" How?

3) People may well know what they are doing when clicking through - for example to a site with a self-signed cert. There is no evidence, for example, about which browser's user are more likely to click past a warning on a phishing site, for example.

4) The bit in bold half way down the article essentially invalidates everything else. Firefox stores exemptions, so so the numbers are not comparable.
6:27 am on Aug 13, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



If you look at the actual study:

[cs.berkeley.edu ]

It is quite different from the journalists' scare story.

It also covers malware and phishing warnings. One interesting statistic is that Firefox on Linux users are much more likely to click past malware warnings that Firefox on Windows users, but Chrome on Linux users are much less likely to click past malware warnings.