The cost structure of sensemaking
INTERCHI '93 Proceedings of the INTERCHI '93 conference on Human factors in computing systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Communications of the ACM
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Looking for trouble: understanding end-user security management
Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
The work to make a home network work
ECSCW'05 Proceedings of the ninth conference on European Conference on Computer Supported Cooperative Work
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Infringo ergo sum: when will software engineering support infringements?
Proceedings of the FSE/SDP workshop on Future of software engineering research
Promoting a physical security mental model for personal firewall warnings
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Influencing mental models of security: a research agenda
Proceedings of the 2011 workshop on New security paradigms workshop
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Guiding decisions on authorization policies: a participatory approach to decision support
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Measuring user confidence in smartphone security and privacy
Proceedings of the Eighth Symposium on Usable Privacy and Security
Stories as informal lessons about security
Proceedings of the Eighth Symposium on Usable Privacy and Security
Why trust seals don't work: a study of user perceptions and behavior
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
OTO: online trust oracle for user-centric trust establishment
Proceedings of the 2012 ACM conference on Computer and communications security
CodeShield: towards personalized application whitelisting
Proceedings of the 28th Annual Computer Security Applications Conference
Methodology for a field study of anti-malware software
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Accepting the inevitable: factoring the user into home computer security
Proceedings of the third ACM conference on Data and application security and privacy
A clinical study of risk factors related to malware infections
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Mental models of verifiability in voting
Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity
International Journal of Human-Computer Studies
| Hi-index | 0.00 |
Home computer systems are insecure because they are administered by untrained users. The rise of botnets has amplified this problem; attackers compromise these computers, aggregate them, and use the resulting network to attack third parties. Despite a large security industry that provides software and advice, home computer users remain vulnerable. I identify eight 'folk models' of security threats that are used by home computer users to decide what security software to use, and which expert security advice to follow: four conceptualizations of 'viruses' and other malware, and four conceptualizations of 'hackers' that break into computers. I illustrate how these models are used to justify ignoring expert security advice. Finally, I describe one reason why botnets are so difficult to eliminate: they cleverly take advantage of gaps in these models so that many home computer users do not take steps to protect against them.