Folk Models of Home Computer Security
by: Rick Wash
Abstract
Home computer systems are insecure because they are administered by untrained users. The rise of botnets has amplified this problem; attackers compromise these computers, aggregate them, and use the resulting network to attack third parties. Despite a large security industry that provides software and advice, home computer users remain vulnerable. I identify eight `folk models' of security threats that are used by home computer users to decide what security software to use, and which expert security advice to follow: four conceptualizations of `viruses' and other malware, and four conceptualizations of `hackers' that break into computers. I illustrate how these models are used to justify ignoring expert security advice. Finally, I describe one reason why botnets are so difficult to eliminate: they cleverly take advantage of gaps in these models so that many home computer users do not take steps to protect against them.
Reference
Rick Wash. “Folk Models of Home Computer Security” Proceedings of the Symposium on Usable Security and Privacy.2010.