I spent a bit of time recently away from Longhorn evangelism, in order to help with some XP SP2 evangelism. It sounds kind of funny to talk about evangelizing a service pack, I suppose, but SP2 has some pretty significant new security features in it.
I was asked to help evangelize the Attachment Execute Service. I like how diplomatically they try to explain user reaction, noting that “users will fail to properly discriminate between viruses and safe attachments.” The research I’ve seen is quite interesting – it suggests that, in general, most users actually can’t discriminate between the effects of the OK and Cancel buttons in a dialog box. I saw a presentation on this once that was just like that old Far Side cartoon about what dogs hear – the author showed a real dialog that asked some question, and then showed how users perceived the text. It was something like “Pick a random number between 1 and 10, if you pick correctly I’ll take one set of actions you won’t understand, otherwise I’ll do something else you won’t understand. What did you pick?” and then the buttons were [OK] and [Cancel].
The inability of users to decipher the average message box is a failure on the part of software designers, of course, not users, but it has significant implications for security. The first implication is that you should just avoid dialog boxen altogether if possible, because odds are users won’t read or process your message anyhow. The second implication is that if you do show an alert, particularly for something serious like security and malicious attachments, you need to be clear on what’s going on. That’s what Attachment Execute Service is about — a centralized API that any app can call to determine whether a warning dialog is needed, and if so, show a common dialog that users will hopefully learn to read and trust.