Alerting users about possible threats or blocking users' ability to perform potentially dangerous actions are two common ways to protect systems from the adverse effects of threats, such as malicious email attachments, fraudulent requests, or system malfunctions. We present a normative model of the effects of alerting and blocking on the value of the outcomes, on measures of risk-taking, and on the number of successful attacks. We compared warning and blocking systems and binaryand likelihood-alarm systems as a function of properties of the threats and the security system. We also compared model predictions to actual user behavior, as measured in a controlled experiment. The experimental results were generally in line with the normative model. However, the model predicted that the outcomes from blocking would always be worse or equal to those from warnings. The experiment, however, showed that blocking may have an advantage over warnings, because it leads to fewer undetected events (as predicted by the model), without significantly lowering the mean value of outcomes (the model predicts a lower value). We discuss practical implications regarding the use of blocking and alerting and the more general value of combining optimal decision models and empirical experiments for determining system designs. (c) 2020 Elsevier Ltd. All rights reserved.
