Folk Models of Home Computer Security
by: Rick Wash
Home computer systems are insecure because they are administered by untrained users. The rise of botnets has amplified this problem; attackers compromise these computers, aggregate them, and use the resulting network to attack third parties. Despite a large security industry that provides software and advice, home computer users remain vulnerable. I identify eight ‘folk models’ of security threats that are used by home computer users to decide what security software to use, and which expert security advice to follow: four conceptualizations of ‘viruses’ and other malware, and four conceptualizations of `hackers’ that break into computers. I illustrate how these models are used to justify ignoring expert security advice. Finally, I describe one reason why botnets are so difficult to eliminate: they cleverly take advantage of gaps in these models so that many home computer users do not take steps to protect against them.
Update (Jul 13, 2017): The SOUPS community has chosen this paper as a finalist for the Impact award, given every three years to the paper with a strong long-term impact on the community.
Rick Wash. “Folk Models of Home Computer Security” Proceedings of the Symposium on Usable Security and Privacy (SOUPS).2010. [SOUPS Impact Award in 2020]