By Rick Wash
Users of home computer systems are becoming increasingly aware of the need for computer and information security systems. The market for security software for home users is growing rapidly, and includes anti-virus software, anti-spyware software, personal rewall software, personal intrusion detection / prevention systems, computer login / password / fi ngerprint systems, and intrusion recovery software. This software often requires security-relevant decisions be made by the home users, though most home users have little of the technical training and knowledge needed to make those decisions.
Though home computer users have little technical training, they do have some idea of the security threats they face and the potential countermeasures; indeed, the market for home security software is quite active. I conducted a series of 23 semi-interviews to better understand how home computer users think about security threats and security software. While home computer users did not have the complex, sophisticated mental models of computer security experts, they did have a couple of simple models that helped them make security-related decisions. These models led to a number of good security choices, but also led to a number of vulnerabilities that have been exploited by modern botnets. By understanding these mental models, home computer security technologies can be designed to address the vulnerabilities left by these models, and to take advantage of the knowledge that home users actually do possess.
Rick Wash. “Mental Models of Home Computer Security,” Extended Abstract at SOUPS (Symposium on Usable Privacy and Security) 2008 Poster Session. May 2008.
Download: PDF