From an article at ars technica
Fake popup study sadly confirms most users are idiots
By John Timmer | Published: September 23, 2008 - 05:15AM CT
Going to a webpage, you are presented with dialog boxes emulating Windows dialog boxes. The dialog boxes say
“The instruction at '0x77f41d24 referenced memory at ‘0x595c2a4c.’ The memory could not be ‘read.’ Click OK to terminate program.”
There are 4 different dialog boxes, all with the same text, but some look more real (look more like a standard Windows dialog box), some look more fake.
The results:
“Of the 42 students, 26 clicked the OK button for the “real” dialog. But 25 clicked the same button for two of the fakes, and 23 hit OK on the third (the one with the status bar showing). Only nine of them closed the window—two fewer than had closed the real dialog. In all cases, a few of the users simply minimized the window or dragged it out of the way, presumably leaving the machine’s next user at risk.”
My question is: if an application has the capability of displaying this fake dialog box on my screen, how much more dangerous is it to click OK than any other course of action? It’s not like a malware program would treat the fact that I closed the window instead of clicking OK any differently. And anyway, the dialog box only had one button! What would a “smart” user do? Immediately unplug the computer?
A better test would have been a realistic dialog box saying something like
“The publisher could not be verified. Are you sure you want to run this software?” Run / Cancel
Then someone clicking “Run” without thinking would be an idiot.