Both Internet Explorer and Firefox frequently show a message saying “This page contains both secure and nonsecure items. Do you want to display the nonsecure items?”
I have a master’s degree in computer science and I have no clue based on the limited information in that message what the appropriate answer is. So figure the average person who doesn’t have an advanced degree probably has zero context for making a decision. Microsoft and the Firefox developers must know that. So why do they both still have that error message in their latest versions when it’s useless to virtually everyone?
I understand the idea of the message is to prevent some sort of phishing scam, but the message comes up so often that most users are just trained to his “Yes”, thereby defeating the whole purpose. I could understand why this message existed in the early days of the web; but why does Microsoft still think it’s important even in IE 7?
You would not believe how pissed off a client was when her website instructed her customer to close the page because the content was not secure. It was like I shot her child.
The security of an SSL certificate is still important during internet shopping or anything involving a monetary transaction. It really depends on what site you’re visiting.
It might also be that microsoft and verisign are in cahoots to keep those deadbeat website owners from renewing their certificates, but you didn’t hear that from me.
Well, as a not terrifically computer literate person, I usually choose “no” initially and then see whether I actually need to see the rest of the content for some reason, or “yes” when it’s a site that I use frequently that may have an out-of-date certificate or is somebody like Borders that I’ve navigated to on my own.
That message is very important. At least to me – say I bump into an SSL website and check the URL and it has https:// in it and all is well. Without that message how would I know the AJAX thing is submitting my form via plain HTTP or whatever? For regular HTML forms there’s a separate message, but for other forms it’s important. Basically the right answer is No, and I have never seen a legit site that had this message come up. Expired or unverified certificate, sure, but not “Secure and non-secure items”. The only times I’ve seen it was when I goofed doing my own SSL pages and left in some http:// images.
My web based email client (squirell mail (sp?)) offers a similar option. First I have to click “Show as HTML”, then I have to click “Show Unsafe Images”. Pain in the ass!
It’s not so much about phishing but more about security. Non secure items aren’t encrypted in the way that secure items are. You get these messages when the page is designed in a particular way i.e. portions of the page come from other “URLs”, typically it happens with images but it can be other content at well that is addressed without a “HTTPS”.
