Nova10009 Aprile 2008
Do users keep their software updated to prevent security attacks? What could the interface do to make users’ more aware of the need to install security updates? A research group from the Georgia Institute of Technology has proposed a new interface to this purpose today at CHI 2008. When a security update is available, graffiti appear on your desktop (see picture below). The more security updates you have not installed, the more the desktop becomes graphically degraded (and graffiti also mask open windows, to make work more annoying). In the following, one of the authors (Kandha Sankarapandian) explains the research:
What is TALC?
“TALC is a novel visualization of vulnerabilities present in a system using real world analogies (like graffiti) as threat indicators. TALC addresses today’s security woes like viruses and worms by dealing with the crux of the problem namely software vulnerabilities and users’ inaction to update their software to fix those vulnerabilities.”
How this system could improve the way common users manage the security of their machines?
“TALC notifies users of threats in their system in a non-obtrusive but persuasive manner so that users take action and learn how to fix such threats.
Many end-user security systems dumb down their interfaces to achieve better usability. However TALC, presents short and informative blurbs (eg: Software X has a denial of service vulnerability that can slow down your system) about each threat, so that users learn and adopt safe practices in using their system.”
How did you tested TALC on users? Any surprising behaviors?
“We conducted an ecological study of TALC in a small group of people over a period of 1 month.
The results of this user study have been positive with users indicating how they were unaware of vulnerabilities in their system even with the presence of commercial anti virus products. The users’ behavior of fixing threats over the entire duration of the test indicates that they were able to "live-with" the visualization but still necessitate action eventually.”
© 2008, Il Sole 24 Ore. Web report from CHI 2008.