Graphical widgets often prompt a user to install software. For example, when a user surfs the web, a pop-up window with a format that is similar to the pop-up window format 10 depicted in FIG. 1 may prompt the user to initiate software download and installation. If the user clicks the OK button 12, software may be downloaded and installed. Download prompts could also be incorporated into an advertisement with a format that is similar to the advertisement format 20 depicted in FIG. 2. If the user clicks the OK button 22, software may be downloaded and installed.
Some pop-up windows are based on the ActiveXControl technology and installation setup is associated with a certificate. A certificate verification window with a format that is similar to the certification window format 30 depicted in FIG. 3 may be used to prompt a user to download software. If the user clicks on the cancel button 32, the software is not downloaded. If the user instead clicks on the OK (Trust) button 34, the software is downloaded. In addition, if the user clicks on the Always Trust checkbox 36, the certificate is automatically trusted next time. Certificates can prevent some malicious software from being downloaded, but only if the user doesn't ignore the verification. However, all too often, the user clicks “Okay” even if the verification fails.
A similar security risk may arise when an employee fails to read a disclaimer or license when installing software. A disclaimer with a format that is similar to the disclaimer window format 40 depicted in FIG. 4 may be used to prompt a user to agree to a disclaimer or license. The disclaimer window includes disclaimer text 42, which the user is supposed to read. If the user clicks on the Do Not Agree button 44, the software is not installed. If the user clicks on the Agree button 46, the software is installed. Malicious software, such as spyware, may be an add-on to a software bundle. The malicious software may even be mentioned in the disclaimer text 42. Users who fail to read the disclaimer carefully may unwittingly install the malicious software.