Back about two years ago I was working on a product line that took a number of potentially objectionable actions with customers’ systems. I pushed back against the product teams, saying that these actions put our products at risk of being perceived as malware.
They in turn pushed back on me, essentially telling me to prove my allegations.
So I went away for a few days, did some research, and returned with my (fanfare) Malware Perception Risk Assessment Tool. Ta-da!
Uh, sorry, I meant “thud”. It went over like a lead ballon. No takers. So I wrote it up in an article at UXmatters, hoping it’d become adopted. More deafening silence. Dejection.
But here’s the thing: systems are becoming more and more interconnected, and more than ever, applications are utilizing aspects of your personal, semi-public, and public data to derive value (presumably for you as well as themselves). Thus the risk of an application being perceived as malware has only increased.
I strongly believe that our field needs to provide the wider world with a tool that can help assess the risk that a particular product or service might be tagged as malware in the minds of users or the market at large.
So I again submit to the UX, dev, and product management communities the Malware Risk Assessment Checklist.
To measure the probability of people perceiving a product as malware, I created a checklist representing a set of attributes that typically characterize malware. I grouped these attributes into these five categories, each containing two or more representative attributes:
- personal information gathering and usage
- modification of data or system configuration
- stealth and resistance to removal or modification
- resource utilization
- transparency and disclosure of third-party relationships
This time, I’m explicitly calling out the fact that the checklist is light on data propagation via social networking applications. And I’m asking for help in rounding out that aspect of the checklist. So help a guy out and suggest some social media items. I am releasing this checklist under a “Creative Commons non-commercial share alike-derivative works permitted” license, so you can remix this, add to it, etc. When I receive some good item suggestions, I’ll re-roll the list and publish again.
Here’s the checklist as it stood in 2008. Peeps, have at it.
Personal Information Gathering and Usage
The product or Web site…
Gathers and transmits users’ personal data or information about users’ behavior to the organization providing the product
____Yes
____No
Gathers and transmits users’ personal data or information about users’ behavior to a third party.
____Yes
____No
Uses personal data and data the product developer obtained from third parties to assemble profiles of users that are more complete and comprehensive than users expect.
____Yes
____No
Exposes more of users’ personal information to their contacts or a community than users expected or wanted.
____Yes
____No
Does any of the above without user notification and consent.
____Yes
____No
Does any of the above and does not allow users to opt out.
____Yes
____No
Modification of Data or System Configuration
The product or Web site…
Overwrites, modifies, or destroys users’ data without their knowledge or consent.
____Yes
____No
Modifies other applications on users’ computers or their operating system settings or computing environment.
____Yes
____No
Fails to restore modifications to other applications, operating system settings, or the computing environment when the user uninstalls the product.
____Yes
____No
Damages or renders inoperative other software or hardware on users’ computing systems.
____Yes
____No
Stealth and Resistance to Removal or Modification
The product or Web site…
Hides or renders its files and resources inaccessible to the user through normal means—that is, using standard file managers and viewers.
____Yes
____No
Resists attempts at removal.
____Yes
____No
Modifies antivirus, antispyware, and other computing hygiene applications or application settings, to make itself appear harmless or less harmful than it actually is.
____Yes
____No
Resource Utilization
The product or Web site…
Overuses computing resources—CPU, GPU, memory, and so on—to a noticeable extent.
____Yes
____No
Utilizes computing resources for purposes not directly related to the tasks users typically perform with the software.
____Yes
____No
Transparency and Disclosure of Third-Party Relationships
The product or Web site…
Installs third-party applications that demonstrate any of the above behaviors.
____Yes
____No
Installs third-party applications without user notification and consent.
____Yes
____No
C’mon people, let’s make this checklist useful, and maybe even a de facto standard.
Yeah, I said it. And by it, I mean that we’re too convinced of our moral superiority, and it’s hampering our ability to effect the very changes we want to make in this world. Read on to discover why.
This post covers a conversation that started at Scott Berkun’s site, where he made the point that comparatively few UX’ers seem to be able or willing to step up and work on persuading their organizations to put greater resources into the user experience of their products and services.
In this article Scott said:
When it comes to the world of UX, designers, usability engineers, and the rest, they tend to complain about how little power they have, but spend little time doing skill development in how to gain influence and power. The average designer or IA would be better served by going to a sales conference and learning sales and pitching skills, than going to yet another design event. They’re already good at design, but they’re probably not very good at pitching design ideas to non-designers.
At the end of the post, he cited some articles from Dan Szuc and I on how to sell UX. Just happy for the props, I commented last week, saying:
Dan Szuc and I have been working this problem for a few years now, and we too hear the same “if only I could get x” refrain. I’ve been both a UX innie and an outtie (sp?), and I have to say that insider UX’ers often put themselves into the “learned helplessness” state almost reflexively. UX’ers can be their own worst enemies when it comes to getting resources to do the job right. And I speak from experience: I’ve been there, done that. Maybe that’s why Dano and I beat this drum so loud; i.e., “Learn from our mistakes! Here’s how!”
I also noted the discussion in my UsabilityBlog post of last week. In another happy surprise for me, Scott dropped by and responded on UsabilityBlog, saying:
The curious thing is why this fairly old idea (specialists need to persuade) has such a hard time gaining traction among the UI/IX/HCI community. And oddly, it’s seems really hard to sell the UI community on the point of view you offer. Do you have any theories as to why this is? I did a study of sorts on designers about why they fail to explore this question among the design community. But I have thought about doing a similiar thing for the usability/HCI side of things: http://www.scottberkun.com/blog/2008/why-design…
I lobbed it back at him when I posted this in response:
Thanks for dropping by and commenting at UsabilityBlog Scott. If I had to venture a guess, I think the reluctance among UX’ers to persuade stems from my contention that most of us are utterly convinced of the rightness of our ways. After all – and this is a mostly a good thing – most of us stumbled onto this field and found it a fantastic lens through which to project our ethical expression onto the world. UX is a place to be a force for good. How awesome is that? Answer: quite awesome indeed. So why *wouldn’t* everyone see our opinions as correct?
But there’s the rub. Our moral certitude gets in our way. In other words: UX’ers belief in our own rightness is quasi-religious. Hey, if that’s the case then there’s no need to persuade others of our rightness; we *know* we’re right. And if they don’t believe us, frak ‘em.
Only there’s that pesky little issue of who’s cutting the checks….hmmm, I better tow the line and *try* to light the way for the blind, convince those who labor in the darkness of not knowing UX, even though they’re little more than inmates running the dark asylum…I think you can see where I’m going with this.
My bottom line advice to our field would be very similar to what my Jewish mother from Queens often says: hey UX’ers, get over yourselves. We don’t poop roses. Not everything we do is an expression of our moral superiority. Most times, we don’t -and aren’t even in a position to – see the big picture. And we don’t know what it’s like to be on the hook for the revenue of a product. In other words, we should have a little more empathy and broaden our horizons a bit.
I’ve made these points before; check this article out for a slightly more polished version of this argument: http://bit.ly/a2Xwux Thanks again, Scott. Good discussion you’ve triggered here.
That list bit.ly link? It leads to the UXmatters article where I first started crystallizing these thoughts: “The User Experience Practitioner As Change Agent.” I just reread the article, and I still agree with its main points. Maybe it’s common for other people to agree with their former selves, but I am not one of those people. When I read my past work, I typically either cringe or have to stifle the urge to get in my time machine and slap my former self for saying something so asinine. But this piece? It’s stood the test of time. And it resonates with people.
Now if only I can craft the call to action more effectively. I honestly wouldn’t mind if this area became my “UX brand.” It’d be in keeping with my training as an organizational / human factors psychologist, and honor the systems approach of my dissertation mentor, Bob Helmreich.
Scott Berkun recently posted a thought-provoking article “How UX Can Get Anything They Want.” It was a good and short read, but what really made it special for me was that he called out my and Dan Szuc’s writings and presentations on selling UX.
Said Scott:
The biggest skill gap the UX world has are advocates, translators, and persuaders, people who are not afraid to sell and convince others on the value of their work.
This lack is something that I’ve noticed in myself and others, which is why I took very conscious steps in my career to become an advocate for UX and not just a UX practitioner.
And as I mentioned above, it was great to see Scott recognize our work in this area in the “See also” section at bottom, where he called out these content pieces from Dan and I:
I would also add that Adam Polansky of Travelocity and RedearthIA contributed a fantastic chapter to “Usability Success Stories” that covered how UX practitioners can be “natural liaisons” between disciplines. (This is the book I conceived of and edited back in 2006.)
