Jump to content

"Exclude website" button grievously misnamed, multiplies risk


avickery
 Share

Recommended Posts

The "Exclude website" button that appears on the "Malicious website blocked" pop-up when MBAM detects a malicious website is grievously misnamed in a way that can only serve to multiply risks to a user's computer. 

 

If the "Exclude website" button is clicked the website is added to the list of sites to which MBAM will permit access unimpeded (I'll call this the "safe list"). The trouble is that having just been given a warning about access to a bad website and simultaneously invited to "exclude" it, the user will almost certainly click the "exclude" button thinking that's the right, proper, and safe thing to do. In fact it's just the opposite: the user has just added a website that MBAM thinks is dangerous to the safe list! The average user will have no idea that by "exclude" MBAM means "include" (i.e., add the site to the safe list).

 

The problem is that to native English speakers the word "exclude" conveys meanings like "prohibit," "banish," "omit," "do away with," "eliminate," "bar," etc., all things that seem like sensible actions to take against a malicious website. The trouble is that in this context the "exclude" button means exactly the opposite; instead of meaning "prohibit," "banish," etc., it means "allow," "permit," "go right ahead," and so on. Invited to deal with a bad website by "excluding" it, the user is highly likely to click that button and thus turn off MBAM security against a website that it's already found to be dangerous.

 

Indeed, because the warning popup only appears only when a bad site is encountered, it's as though MBAM's designers went out of their way to allow as many bad sites as possible into the user's safe list: (1) Here's bad site! Wanna exclude it? (2) You bet! I'd better click "exclude," then. (3) Another bad website escapes any further security checking, permanently!

 

There's no doubt that the "Exclude website" button needs to be renamed. Perhaps there's not enough space for "Exclude this site from further checking by MBAM by including it on the safe list," but perhaps "Ignore warning," or "Ignore warning and proceed," or "Ignore warning: flag site as safe" would work.

Link to post
Share on other sites

  • 3 months later...

quote: The average user will have no idea that by "exclude" MBAM means "include"

 

I respectfully disagree. I think you should focus on the fact that the question 'exclude?' goes directly to the word 'blocked.'

"Malicious Website Blocked." Blocked...action, past tense, done. Most english speakers should agree. Should it then say "keep blocking"?(although it could.) That would be confirmation, unnecessary. No, the blocking is done, if we disagree, only then act.

 

Isee your point that "exclude?" may not be the perfect word here. But the question should only require denial "Sop Blocking?" seems unambiguous. 

  

My experience:

"Malcious Website Blocked"...hmmm, I don't recognize the IP, but the process is my vpn.

"Exclude?" --yes, please.

Vpn connects or stays connected, everybody happy.

Link to post
Share on other sites

Hello avickery and :welcome:
 
The meaning of the "Exclude Website" button is well explained in the user's guide: https://www.malwarebytes.org/support/guides/mbam/notifications.html#web_block
 
Very similarly the subject of "Website Exclusions" is well explained for the manual process: https://www.malwarebytes.org/support/guides/mbam/WebExclusions.html
 
Reference: Malwarebytes Anti-Malware Users Guide
 
HTH :)

Link to post
Share on other sites

  • Staff

The wording is changing in the next version, for specifically the reasons mentioned.  There are a lot of ways to say something, and some of those ways are just not easy to understand.  This is one.  We want users to stay safe, and making it for them to make the wrong choice goes against what we are trying to do.

Link to post
Share on other sites

  • 3 weeks later...

Well, I'm delighted to have made a small contribution to computer security and human happiness. Thanks for following up on my (and possibly others') suggestion regarding this wording. I love a product which just works, and MB does, so well that I signed up for a Platinum, Premium, Extra Double Plus subscription. Keep up the good work.

Link to post
Share on other sites

Well, I'm delighted to have made a small contribution to computer security and human happiness. Thanks for following up on my (and possibly others') suggestion regarding this wording. I love a product which just works, and MB does, so well that I signed up for a Platinum, Premium, Extra Double Plus subscription. Keep up the good work.

 

Hi avickery. :) Check your private messages. You have mail.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.