Effectiveness of security by admonition: a case study of security warnings in a web browser setting

Security warnings seem to be a predominant way to bridge the gap of providing rich, but potentially insecure, functionality and providing security. In this study, we investigate the effectiveness of so-called security by admonition. We present users with a web-based survey that requests the installation of a potentially insecure ActiveX component. We show that the security warning deters users from fulfilling the insecure installation request, but is ineffective in preventing it.