Careful. If a user bypasses a warning dialog from the operating system to run a program they download from the Internet, is it still the OS's fault if it is malware?
Sometimes providing a perfect user experience is equivalent to solving the halting problem and not recognizing this is as big a problem as believing that all problems are the user's fault.
Yes. It's likely a 'Cry wolf' issue where the OS sends warning dialogs about every download, even safe ones. So the user thinks it's similar file so it's no problem.
Users had complaints about Windows UAC doing this for every instance (not just downloads).
It's likely a 'Cry wolf' issue where the OS sends warning dialogs about every download, even safe ones.
Right. This misunderstanding was the entire point of my post. Distinguishing between the "safe" downloads and the "unsafe" downloads is an instance of solving the halting problem.
Also, I was thinking of the Chrome "Run Application" dialog, not the UAC.
An exception can be found for every rule, in just about anything.
Nitpicking specific examples and then saying "oh, well this disproves it" proves nothing. 99 out of a 100 times, blaming the user isn't the right move. For the sake of brevity, I used ever and always.
Ah, but we're discussing a specific domain, security, where I think "the user is always right" is often wrong. Requiring a user to memorize 10+ essentially random characters, for example, is an awful user experience, but it is required for security purposes.
Personally, I prefer keys (long, randomly-generated passwords stored in a file or device) to passwords, but I don't know of any reasonable way to authenticate to a webapp with a key.
Sometimes providing a perfect user experience is equivalent to solving the halting problem and not recognizing this is as big a problem as believing that all problems are the user's fault.