|
 ABSTRACT
With the proliferation of computer security threats on the Internet, especially threats such as worms that automatically exploit software flaws, it is becoming more and more important that home users keep their computers secure from known software vulnerabilities. Unfortunately, keeping software up-to-date is notoriously difficult for home users. This paper introduces TALC, a system to encourage and help home users patch vulnerable software. TALC increases home users' awareness of software vulnerabilities and their motivation to patch their software; it does so by detecting unpatched software and then drawing graffiti on their computer's background wallpaper image to denote potential vulnerabilities. Users can "clean up" the graffiti by applying necessary patches, which TALC makes possible by assisting in the software patching process
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Bailey, B.P., Konstan, J.A. and Carlis, J. V. (2001) The effects of interruptions on task performance, annoyance, and anxiety in the user interface. Proceedings of INTERACT '01, pp. 593--601.
|
| |
2
|
Bennett, R. and Flavin, J. "Determinants of Fear of Crime: The Effect of Cultural Setting." Justice Quarterly, 11:3, September 1994, pp. 357--381.
|
| |
3
|
BMC Software. Marimba Patch Management Software, http://www.marimba.com/
|
| |
4
|
Bowling, A., Barber, J., Morris, R., and Ebrahim, S. "Do Perceptions of Neighbourhood Environment Influence Health? Baseline Findings from a British Survey of Aging." Journal of Epidemioogy and Community Health, 60:476--483. 2006.
|
| |
5
|
Computer Emergency Response Team (CERT), 2006. CERT/CC Statistics 1988-2006. http://www.cert.org/stats
|
| |
6
|
Evan Cooke , Farnam Jahanian , Danny McPherson, The Zombie roundup: understanding, detecting, and disrupting botnets, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.6-6, July 07, 2005, Cambridge, MA
|
| |
7
|
Cowan, C., Wagle, P., and Pu, C. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, DARPA Information Survivability Conference and Expo, 1999.
|
| |
8
|
Deraison, R. Nessus -- A Comprehensive Vulnerability scanning program, http://www.nessus.org/, 1998.
|
 |
9
|
|
| |
10
|
Edwards, W.K., Poole, E.S., and Stoll, J. Security Automation Considered Harmful? In Proceedings of the New Security Paradigms Workshop (NSPW), White Mountain, New Hampshire. September 18--21, 2007.
|
| |
11
|
Ferrell, J. Crimes of Style: Urban Graffiti and the Politics of Criminality. New York: Garland. 1993.
|
| |
12
|
Fyodor. Nmap -- Free Security Scanner for Network Exploration and Security Audits, Insecure.org, 1997.
|
| |
13
|
Geason, S. "Preventing Graffiti and Vandalism." Proceedings of Designing Out Crime: Crime Prevention through Environmental Design, Sydney, Australia. June 16, 1989.
|
| |
14
|
Ianelli, N., and Hackworth, A. Botnets as a Vehicle for Online Crime, CERT, Request for Comments (RFC) 1700, December 2005.
|
| |
15
|
Isbell, C. and Pierce, J. An IP Continuum for Adaptive Interface Design. In Proceedings of HCI International, 2005.
|
| |
16
|
LaMacchia, B.A. Security Attacks and Defenses, in 47th Meeting of IFIP WG 10.4. 2005.
|
| |
17
|
McAfee AVERT Labs. SAGE. Security Vision from McAfee AVERT Labs, July 2006.
|
| |
18
|
|
| |
19
|
Merijn. HijackThis. http://www.spywareinfo.com/~merijn/programs.php.
|
| |
20
|
Microsoft. Manage Your Computer's Security Settings in One Place with Security Center, http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx.
|
| |
21
|
Microsoft. Programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer, http://support.microsoft.com/?id=884130.
|
| |
22
|
Morin, K., Hayes, E., Carroll, M., and Chamberlain, B. "Selected Factors Associated with Students' Perceptions of Threat in the Community." Public Health Nursing, 19:6, pp. 451--459, Nov. 2002
|
| |
23
|
Moskowitz, C.L.a.C. Simple Desktop Security with Chameleon. in Lorrie Faith Cranor, S.G. ed. Security and Usability, O'Reilly, August 2005.
|
| |
24
|
National Institute of Standards and Technology (NIST). National Vulnerability Database, http://nvd.nist.gov.
|
| |
25
|
National Institute of Standards and Technology (NIST), 2002. The economic impacts of inadequate infrastructure for software testing. Technical Report 02-3, May 2002. This report estimates damage from attacks exploiting software vulnerabilities at $60 billion/year.
|
| |
26
|
Rafail, J. Cross-Site Scripting Vulnerabilities, CERT Coordination Center, 2001.
|
| |
27
|
|
| |
28
|
Symantec Internet Security Threat Report, Volume IX. www.symantec.com/enterprise/threatreport/index.jsp.
|
| |
29
|
US General Accounting Office (GAO), 2003. "Effective Patch Management is Critical to Mitigating Software Vulnerabilities." Testimony before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census.
|
| |
30
|
|
INDEX TERMS
Primary Classification:
H.
Information Systems
H.5
INFORMATION INTERFACES AND PRESENTATION (I.7)
H.5.m
Miscellaneous
Additional Classification:
H.
Information Systems
H.5
INFORMATION INTERFACES AND PRESENTATION (I.7)
H.5.2
User Interfaces (D.2.2, H.1.2, I.3.6)
Subjects:
Graphical user interfaces (GUI)
General Terms:
Human Factors,
Management,
Security
Keywords:
graffiti,
home users,
internet security,
patch management,
security framework,
software vulnerabilities,
usable security
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Flv
Pdf