Malicious interface design: exploiting the user

Authors:
Gregory Conti;Edward Sobiesk
Affiliations:
United States Military Academy, West Point, NY, USA;United States Military Academy, West Point, NY, USA
Venue:
Proceedings of the 19th international conference on World wide web
Year:
2010

Citing 13
Cited 2

Designing Web Usability: The Practice of Simplicity

Designing Web Usability: The Practice of Simplicity
Homepage Usability: 50 Websites Deconstructed

Homepage Usability: 50 Websites Deconstructed
Guarding the next Internet frontier: countering denial of information attacks

Proceedings of the 2002 workshop on New security paradigms
The rise of intrusive online advertising and the response of user experience research at Yahoo!

CHI '04 Extended Abstracts on Human Factors in Computing Systems
Stopping spyware at the gate: a user study of privacy, notice and spyware

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Attacking information visualization system usability overloading and deceiving the human

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
A Framework for Countering Denial-of-Information Attacks

IEEE Security and Privacy
Human-Computer Interaction (3rd Edition)

Human-Computer Interaction (3rd Edition)
Designing Interfaces

Designing Interfaces
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish

Proceedings of the 3rd symposium on Usable privacy and security
Social phishing

Communications of the ACM
Malicious Interfaces and Personalization's Uninviting Future

IEEE Security and Privacy
The Design of Everyday Things

The Design of Everyday Things

Benevolent deception in human computer interaction

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Rational interfaces for effective security software: polite interaction guidelines for secondary tasks

UAHCI'13 Proceedings of the 7th international conference on Universal Access in Human-Computer Interaction: design methods, tools, and interaction techniques for eInclusion - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

In an ideal world, interface design is the art and science of helping users accomplish tasks in a timely, efficient, and pleasurable manner. This paper studies the inverse situation, the vast emergence of deliberately constructed malicious interfaces that violate design best practices in order to accomplish goals counter to those of the user. This has become a commonplace occurrence both on and off the desktop, particularly on the web. A primary objective of this paper is to formally define this problem, including construction of a taxonomy of malicious interface techniques and a preliminary analysis of their impact on users. Findings are presented that gauge the self-reported tolerance and expectation levels of users with regard to malicious interfaces as well as the effectiveness and ease of use of existing countermeasures. A second objective of this paper is to increase awareness, dialogue, and research in a domain that we consider largely unexplored but critical to future usability of the WWW. Our results were accomplished through significant compilation of malicious interface techniques based on review of thousands of web sites and by conducting three surveys. Ultimately, this paper concludes that malicious interfaces are a ubiquitous problem that demands intervention by the security and human computer interaction communities in order to reduce the negative impact on the global user population.