A Social Mechanism for Supporting Home Computer Security∗

Hackers have learned to leverage the enormous number of poorly protected home computers by turning them into a large distributed system (known as a botnet), making home computers an important frontier for security research. They present special problems: owners are unsophisticated, and usage profiles are varied making onesize-fits-all firewall policies ineffective. We propose a social firewall that collects security decisions and both user and usage characteristics, and provides users with personalized information to assist with allow/deny recommendations. To succeed, a social firewall must deal with at least three user behavior issues: why contribute private information? why make effort to provide quality information? and, how to prevent manipulation by adversaries? We sketch an incentive-centered design approach to each problem. We provide an economic model and some analytic results for a solution to the fundamental problem: why contribute? We show that an excludable public goods mechanism can achieve a better outcome than a system without social motivators. 1 Home Computer Security For many years, hackers targeted computers approximately in proportion to the information accessible on or from them. Consequently, security research focused on attacks against large enterprise systems, protected by sophisticated human and technical resources. More recently, hackers developed the botnet, hosted by large numbers of insecure computers. These machines are targeted because they rarely are protected by either sophisticated human or technical resources. To build a botnet, an attacker hacks (say, through a virus or worm) into many computers and installs “control” software. The controlled client (zombie) listens for ∗This material is based upon work supported by the National Science Foundation under Grant No. CNS 0716196. commands from a “master control” computer. A single command from the hacker to the master can then be carried out by all active zombies. Botnets enable crimes such as spam, click fraud, and distributed denial of service [17]. Observed botnets range in size from a couple hundred zombies to 50,000 or more zombies [1]. Since any computer with an Internet connection can be an effective zombie, hackers logically turned to attacking the most vulnerable population: home computers. Home computer users are usually untrained and have few technical security skills. While some software has improved the average level of security of this class of computers, home computers still represent the largest population of vulnerable computers with decent Internet connections. Existing security research has not made substantial progress on solving the problems of attacks against machines maintained by unsophisticated users. Botnets are a serious problem. Nine of out ten email messages are spam [16], and 80% of those messages are being sent through botnets [15]. Botnets also are used to steal personal information, and to conduct multiple outbound crimes such as such as click fraud and trust fraud [15], and extortion of “protection” payments under threat of denial of service attacks [10]. As of 28 March 2007, the Shadow Server website1 was tracking over 1.5 million active zombies attached to over 1300 distinct botnets.