MELBOURNE, FLA.—How likely are computer users to ignore security warnings and open the pop-up messages they encounter when browsing a Web site? How much
cognitive energy and deliberation do they go through before they open one or decide not to?
On the Web, pop-ups are often safe sales and marketing tools. They can, however, pose a threat when they are created to exploit a security vulnerability or
infect systems with malware, in the same way that opening an attachment from an unknown sender sometimes can.
“We believe that most people treat computer security not as a primary issue but as something incidental,” said Gisela Susanne Bahr, Florida Tech associate
professor of experimental cognition in the industrial organizational psychology program. “The goal of this work is to quantify how much perceptual and
cognitive resources people spend on pop-ups and, ultimately, to help users make smart security decisions.”
The research will support development of metrics that measure human behavior at the computer when faced with security decisions. For example,
how much time users take before they start looking at the pop-up, exactly what they are looking at and how much time they take to decide how to respond to
a pop-up. Users’ eye movement, facial expression, and posture are captured on camera as they make their decision.
Harris Corporation has funded this research at Florida Institute of Technology. The funding, augmented by the university, allows faculty members, and
students to investigate the issue using eye-tracking technology. Faculty researchers are Bahr and Richard Ford, professor of computer sciences and director
of the Harris Institute for Assured Information at Florida Tech.