Harry R. Schwartz

Software engineer, nominal scientist, gentleman of the internet. Member, ←Hotline Webring→.

bearded cartoon drawing of the author · 1B41 8F2C 23DE DD9C 807E A74F 841B 3DAE 25AE 721B

Folk Models of Home Computer Security

Published 21 May 2016. Tags: computer-science, security, paper-review.

I recently read Rick Wash’s Folk Models of Home Computer Security, in which he conducts a survey of regular computer users to determine how they believe certain aspects of computer security work. There’s a lot of interesting stuff in there if you’re interested in security research.1

He analyzes a few security concerns and notices that users’ beliefs about security fall into distinct categories or “folk models” that they use to explain the world.

These models should interest us when we design security software, since they’re what motivate our users and guide their actions. He notes that, despite being advised for decades to change their passwords regularly and not to open suspicious emails,

…many home computer users still do not follow this advice… There is a disagreement among security experts as to why this advice isn’t followed. Some experts seem to believe that home users do not understand the security advice, and therefore more education is needed. Others seem to believe that home users are simply incapable of consistently making good security decisions. However, none of these explanations explain which advice does get followed and which advice does not. The folk models… begin to provide an explanation of which expert advice home computer users choose to follow, and which advice to ignore. By better understanding why people choose to ignore certain pieces of advice, we can better craft that advice and technologies to have a greater effect.

Here are some quick summaries of a few folk models:

What are viruses, and why do they exist?

What motivates attackers/”hackers”?

  1. Some entertaining stuff, too, for anyone that’s done technical support for their extended family.