We are implementing a feature that blocks downloads that are malicious executables (bug 662819). In the initial implementation of that interface (bug 837199), this feature uses the same preference as "Block reported attack sites", screenshot http://1.bp.blogspot.com/-tCOM9XCH43s/USZTHybmfXI/AAAAAAAACrk/ZB7b3GGTDi4/s1600/security-prefs-annot-cropped.png. This is a bug to get UX review for what to about this feature. Pros for adding a new checkbox: - We can be ultra-specific about what exactly is blocked Cons: - No one touches these checkboxes anyway (http://monica-at-mozilla.blogspot.com/2013/02/writing-for-98.html)
I chatted with Paolo a couple of weeks ago. There are already too many preferences for safebrowsing (one for phishing and one for malware). It doesn't make sense to block one and not the other for privacy reasons, and there's no point in adding a third. So, there are two kind of reasonable solutions: 1) Don't do anything 2) Change the text in http://1.bp.blogspot.com/-tCOM9XCH43s/USZTHybmfXI/AAAAAAAACrk/ZB7b3GGTDi4/s1600/security-prefs-annot-cropped.png to read "Block reported attack sites and malicious downloads" I think 1) is completely reasonable since only about 1% of users ever touch either of these safebrowsing checkboxes. Larissa, what do you think? (lemme know if there's a better channel for requesting UX review)
(In reply to Monica Chew [:mmc] (please use needinfo) from comment #1) > I chatted with Paolo a couple of weeks ago. There are already too many > preferences for safebrowsing (one for phishing and one for malware). It > doesn't make sense to block one and not the other for privacy reasons, and > there's no point in adding a third. Yeah, I agree. There's too much nuance in there already to add a third option. I'd love to actually condense it into one checkbox ;-) > > So, there are two kind of reasonable solutions: > 1) Don't do anything > 2) Change the text in > http://1.bp.blogspot.com/-tCOM9XCH43s/USZTHybmfXI/AAAAAAAACrk/ZB7b3GGTDi4/ > s1600/security-prefs-annot-cropped.png to read "Block reported attack sites > and malicious downloads" > > I think 1) is completely reasonable since only about 1% of users ever touch > either of these safebrowsing checkboxes. I agree but for a different reason. I think we're arguing semantics about the difference between an attack site and a malicious download. Why would a site with a malicious download not be considered an attack site? Maybe this is just me. Will there be any people confused that we're not advertising the "malicious download" part of the pref if we don't include it in the string? If it doesn't cause too much confusion, then I'm ok with keeping it as it is.
Flags: needinfo?(lco) → needinfo?(mmc)
Thanks, Larissa. I don't think that most people would find a useful distinction between blocking malicious downloads and blocking malware sites. Paolo, if it's ok with you, I'd like to close this bug as WONTFIX.
This is FIXED for me in that the review is complete :-)
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.