Hacker News new | comments | show | ask | jobs | submit login
The Psychology of Security (2008) [pdf] (schneier.com)
37 points by comboy 12 days ago | hide | past | web | favorite | 4 comments





> People exaggerate spectacular but rare risks and downplay common risks.

I've met multiple people who claim to know someone who only survived a car crash because that person didn't wear a seatbelt and was able to "jump out". Based on that, they think it's actually safer to not wear one.

This is so ridiculous it almost makes me angry.


> People exaggerate spectacular but rare risks and downplay common risks.

I've heard it said that when you hear about some event in the news (burglary, kidnapping, etc...) you almost should not worry about it -- the very reason that it's being reported in the news is almost always because it's a rare and unlikely event.


This happened to my grandfather... twice. He never would wear a seatbelt.

I know it happened to him. But I still wear one, all the time.


Related, Folk Models of Home Computer Security, http://www.rickwash.com/papers/rwash-homesec-soups10-final.p...

> Home computer systems are insecure because they are administered by untrained users. The rise of botnets has amplified this problem; attackers compromise these computers, aggregate them, and use the resulting network to attack third parties. Despite a large security industry that provides software and advice, home computer users remain vulnerable. I identify eight ‘folk models’ of security threats that are used by home computer users to decide what security software to use, and which expert security advice to follow: four conceptualizations of ‘viruses’ and other malware, and four conceptualizations of ‘hackers’ that break into computers. I illustrate how these models are used to justify ignoring expert security advice.




Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: