Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to maintain a secure system. I take steps toward designing a socio-technical system that will hopefully help home computer users make better security decisions. Designing such a system requires additional knowledge before a successful system can be developed.
First, more information is needed about the knowledge and skills that home computer users currently possess. I conducted an interview study of home computer users and identified eight distinct mental models of security threats; four are models of “viruses,” and four are models of “hackers.” The respondents in this study use the models to decide which security precautions should be used and which can be ignored.
Second, to share information, users need an incentive to exert the time and effort required for sharing. I describe two mechanisms that can be used in social computing systems to encourage contribution. I illustrate the first mechanism, the side effect mechanism, by describing how it is used in a popular social bookmarking website. I also illustrate a design feature that is important when applying this mechanism: incentive alignment. The second mechanism that I describe is technically simple: set a minimum threshold and exclude users who don’t contribute enough. I develop a theory of how users are likely to respond to such a mechanism and use that theory to characterize when such a mechanism should be used.
Finally, I bring all of these findings together to suggest some preliminary design features for a socio-technical security system to help home computer users. While there are many unanswered questions, these design features can serve as a starting point for future work in the area.
Download: PDF
Recently, malicioucomputer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to maintain a secure system. I take steps toward designing a socio-technical system that will hopefully help home computer users make better security decisions. Designing such a system requires additional knowledge before a successful system can be developed.
First, more information is needed about the knowledge and skills that home computer users currently possess. I conducted an interview study of home computer users and identified eight distinct mental models of security threats; four are models of “viruses,” and four are models of “hackers.” The respondents in this study use the models to decide which security precautions should be used and which can be ignored.
Second, to share information, users need an incentive to exert the time and effort required for sharing. I describe two mechanisms that can be used in social computing systems to encourage contribution. I illustrate the first mechanism, the side effect mechanism, by describing how it is used in a popular social bookmarking website. I also illustrate a design feature that is important when applying this mechanism: incentive alignment. The second mechanism that I describe is technically simple: set a minimum threshold and exclude users who don’t contribute enough. I develop a theory of how users are likely to respond to such a mechanism and use that theory to characterize when such a mechanism should be used.
Finally, I bring all of these findings together to suggest some preliminary design features for a socio-technical security system to help home computer users. While there are many unanswered questions, these design features can serve as a starting point for future work in the are
