Zero effort security for the home PC users? By Terje Risa.

Slides:



Advertisements
Similar presentations
Chapter 15: Analytical evaluation
Advertisements

Acknowledgements: Most of this course is based on the excellent course offered by Prof. Kellogg Booth at the British Columbia University, Vancouver, Canada.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Part 2c: Requirements Chapter 2: How to Gather Requirements: Some Techniques to Use Chapter 3: Finding Out about the Users and the Domain Chapter 4: Finding.
Usability presented by the OSU Libraries’ u-team.
Part 4: Evaluation Days 25, 27, 29, 31 Chapter 20: Why evaluate? Chapter 21: Deciding on what to evaluate: the strategy Chapter 22: Planning who, what,
Heuristic Evaluation. Sources for today’s lecture: Professor James Landay: stic-evaluation/heuristic-evaluation.ppt.
Heuristic Evaluation IS 485, Professor Matt Thatcher.
Heuristic Evaluation Evaluating with experts. Discount Evaluation Techniques  Basis: Observing users can be time- consuming and expensive Try to predict.
Evaluation Through Expert Analysis U U U
Evaluating with experts
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Heuristic Evaluation.
Usability 2004 J T Burns1 Usability & Usability Engineering.
Evaluation: Inspections, Analytics & Models
10th Workshop "Software Engineering Education and Reverse Engineering" Ivanjica, Serbia, 5-12 September 2010 First experience in teaching HCI course Dusanka.
Review an existing website Usability in Design. to begin with.. Meeting Organization’s objectives and your Usability goals Meeting User’s Needs Complying.
UX testing for mobile app Marine embe
1 SKODA-AUTO.CZ prototype evaluation Poznań, 23th of March 2015.
Usability 2009 J T Burns1 Usability & Usability Engineering.
Usability Methods: Cognitive Walkthrough & Heuristic Evaluation Dr. Dania Bilal IS 588 Spring 2008 Dr. D. Bilal.
Heuristic evaluation IS 403: User Interface Design Shaun Kane.
©2011 1www.id-book.com Analytical evaluation Chapter 15.
Heuristic Evaluation “Discount” Usability Testing Adapted from material by Marti Hearst, Loren Terveen.
1 Usability evaluation and testing User interfaces Jaana Holvikivi Metropolia.
… and after unit testing …
Discount Evaluation Evaluating with experts. Discount Evaluation Techniques Basis: – Observing users can be time-consuming and expensive – Try to predict.
Armando Roy HOME-NETWORK REMOTE CONTROL. INTRODUCTION Objectives Home-Network Why Remote Control? Proposed Home Automation System – X-10 – GSM – Internet.
Part 1-Intro; Part 2- Req; Part 3- Design  Chapter 20 Why evaluate the usability of user interface designs?  Chapter 21 Deciding on what you need to.
Chapter 26 Inspections of the UI. Heuristic inspection Recommended before but in lieu of user observations Sort of like an expert evaluation Heuristics.
Nielsen’s Ten Usability Heuristics
Heuristic evaluation of user interface Dušanka Bošković Computing and Informatics, Master Programme Faculty of Electrical Engineering Sarajevo, 2011/12.
Usability Expert Review Anna Diubina. What is usability? The effectiveness, efficiency and satisfaction with which specified users achieve specified goals.
Multimedia Specification Design and Production 2012 / Semester 1 / week 5 Lecturer: Dr. Nikos Gazepidis
Usability Evaluation June 8, Why do we need to do usability evaluation?
Heuristic Evaluation and Discount Usability Engineering Taken from the writings of Jakob Nielsen – inventor of both.
©2011 Elsevier, Inc. Heuristic Evaluation of MealpayPlus website Ruidi Tan Rachel Vilceus Anant Patil Junior Anthony Xi Li Kinberley Seals Niko Maresco.
Y ASER G HANAM Heuristic Evaluation. Roadmap Introduction How it works Advantages Shortcomings Conclusion Exercise.
Chapter 15: Analytical evaluation. Inspections Heuristic evaluation Walkthroughs.
Chapter 15: Analytical evaluation Q1, 2. Inspections Heuristic evaluation Walkthroughs Start Q3 Reviewers tend to use guidelines, heuristics and checklists.
Human-computer interaction: users, tasks & designs User modelling in user-centred system design (UCSD) Use with Human Computer Interaction by Serengul.
Developed by Tim Bell Department of Computer Science and Software Engineering University of Canterbury Human Computer Interaction.
Heuristic Evaluation Short tutorial to heuristic evaluation
Chapter 15: Analytical evaluation. Aims: Describe inspection methods. Show how heuristic evaluation can be adapted to evaluate different products. Explain.
RUGGAAMUFFIN Requirements analysis and design Shane Murphy.
Administrivia  Feedback from the mid-term evaluation  Insights from project proposal.
ParaQ Usability ParaQ Summit II March 14, 2006 Matthew Wong, SNL/CA.
1 Usability evaluation and testing User interfaces Jaana Holvikivi Metropolia.
Oct 211 The next two weeks Oct 21 & 23: Lectures on user interface evaluation Oct 28: Lecture by Dr. Maurice Masliah No office hours (out of town) Oct.
Introduction to Evaluation “Informal” approaches.
Fall 2002CS/PSY Predictive Evaluation (Evaluation Without Users) Gathering data about usability of a design by a specified group of users for a particular.
Usability The user’s ability to access and operate the functionality provided by complex systems (Johnson, 2006) The extent to which a product can be used.
Ten Usability Heuristics with Example.. Page 2 Heuristic Evaluation Heuristic evaluation is the most popular of the usability inspection methods. Heuristic.
COGNITIVE WALKTHROUGH Vigneshwar Poojar. The cognitive walkthrough is a formalized way of imagining people’s thoughts and actions when they use an interface.
Usability Engineering Dr. Dania Bilal IS 587 Fall 2007.
APPLE MAPS FOR APP Heuristic Evaluation By Rayed Alakhtar.
© 2016 Cognizant. © 2016 Cognizant Introduction PREREQUISITES SCOPE Heuristic evaluation is a discount usability engineering method for quick, cheap,
Easy3s Smart Cop antivirus Total Security for Internet ERA.
Ten Usability Heuristics These are ten general principles for user interface design. They are called "heuristics" because they are more in the nature of.
Asking Users and Experts Li Zhang (Jacey) Yuewei Zhou (Joanna)
Heuristic Evaluation May 4, 2016
SIE 515 Design Evaluation Lecture 7.
Human Computer Interaction Lecture 15 Usability Evaluation
Heuristic Evaluation August 5, 2016
Evaluation Techniques 1
Antivirus Support Phone Number + 1-(844) One Step IT Solutions December 6, 2017
Evaluation ECE 695 Alexander J. Quinn March 30, 2018.
Chapter 26 Inspections of the user interface
Evaluation.
Evaluation: Inspections, Analytics & Models
Presentation transcript:

Zero effort security for the home PC users? By Terje Risa

Outline Introduction Project description Choice of method Experimental work Preliminary analysis Conclusion

Introduction Most users are not willing to invest much effort in securing their home PC. Increasing use of Internet, to access sensitive information, online banking etc. Internet related crime is growing.

Introduction Home PC users needs usable and practically secure solutions. Service providers might help home users protecting their computers with user-friendly security software. The usability of the products are important in order for them to be used.

Introduction “Systems must be not only secure, but usably and practically secure.” -Dourish et. al. [1]

Introduction What is usability? Jakob Nielsen describes it as: Easy to learn Efficient to use Easy to remember Few errors Subjectively pleasing

Project description Evaluating the usability and security to some selected security products. Investigate if the notion of zero effort security for home PC users is possible.

Project description These products must address the Norwegian home PC user population. Internet Security Suites available in Norwegian were therefore chosen. These security suites provided a all-in-one solution.

Choice of method Usability evaluation method Needed a resource economical method: Heuristic evaluation. Cognitive walkthrough Heuristic evaluation were chosen.

Choice of method Security testing Testing anti-malware solutions. Gathering data from independent security evaluations. Security certificates achieved.

Experimental work The usability experiment: 11 participants performing a heuristic evaluation on each of the four products. The participants scored Nielsen’s heuristics (usability principles) on a scale from 1-5. After each product were evaluated, did they answer a System Usability Scale.

Experimental work Nielsen’s heuristics included in the experiment: Visibility of system status Match between system and real world User control and freedom Consistency and standards Recognition rather than recall memory Flexibility and efficiency of use Aesthetic and minimalist design

Experimental work Security testing A small sample of malware were collected and tested against the products. Firewall leak testing

Preliminary Analysis

System Usability Scale, a ‘quick and dirty’ usability scale from 0-100: Product 1 – Average score of 63.4 Product 2 – Average score of 63.4 Product 3 – Average score of 38.2 Product 4 – Average score of 72.7

Preliminary Analysis Security testing: Small malware sample: Product 1 – Detected 184/184 Product 2 – Detected 24/184 Product 3 – Detected 24/184 Product 4 – Detected 84/184 Note: Product 2 and 3 couldn’t scan the “large” file containing virus. This file should maybe not be included, since product 4 also had some troubles with it.

Preliminary Analysis Firewall Leak test: Substitution: Product 2 passed, the rest failed. Launcher: All product failed. DLL injection: Product 1 and 4 passed, 2 and 3 failed. Process injection: All product failed. Registry injection: All product failed. Windows messaging: All product failed. Note: All the products were installed with default settings.

Preliminary Analysis Independent anti-malware testing: From AV-comparatives.org:

Conclusion Definition, from Whitten and Tygar[2]: Security software is usable if the people who are expected to use it: 1. are reliably made aware of the security tasks they need to perform; 2. are able to figure out how to successfully perform those tasks; 3. don’t make dangerous errors; and 4. are sufficiently comfortable with the interface to continue using it.

Conclusion There appears to be some differences between the products usability. There appears to be some differences between the products security. Some of the product are made to minimize the user-intervention as much as possible, which might explain the bad results in the firewall leak tests.

Conclusion Zero effort security for home PC users? Security suites can possibly move towards this notion; especially together with up-to- date programs and educating the users to act careful.

Thank you for your attention! Questions?

Bibliography [1] Dourish, P., Grinter, E., de la Flor, J. D., & Joseph, M Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Comput., 8(6), 391– 401. [2] Whitten, A. & Tygar, J. D Why johnny can’t encrypt: a usability evaluation of pgp 5.0. In SSYM’99: Proceedings of the 8th conference on USENIX Security Symposium, 14–14, Berkeley, CA, USA. USENIX Association.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.