The don’t click on anything security policy


Last year about this time several friends and family members all started having problems with malware, trojans, and the like. Since then, I’ve run across only one neighbor’s college-age child that’s run into a problem.

Why the difference?

SP2 is a part of it. But actually, almost all of them went out and purchased their own malware monitoring apps and firewalls. SP2 didn’t quite come out in time.

The other big change is in user habits. I’m hearing from more and more people that they are simply not clicking on anything. They don’t trust just about any unexpected window that pops up–including any SP2 warnings and application update requests.

The good part is that they aren’t clicking on anything that they aren’t sure of. The other end of this is that you can see how unsure people are as they navigate through windows.

This has several implications for software publishers. For instance, if you have a process that occassionally checks for updates, popping up a window that asks if it’s OK to do this or that–which they probably don’t understand anyway and can’t be sure is a faked window or not–may not be a good idea. I don’t know.

Maybe the anti-spyware apps will mitigate the problem and people will go back to trusting pop-up windows. Could be. But I wonder in the meantime how many support calls are being generated by apps that pop-up windows simply asking if it’s OK to check for updates.