Elsevier

Decision Support Systems

Volume 46, Issue 1, December 2008, Pages 254-264
Decision Support Systems

Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls

https://doi.org/10.1016/j.dss.2008.06.010Get rights and content

Abstract

In the new era of a ubiquitously networked world, security measures are only as good as their weakest link. Home computers with access to the Internet are one of the weaker links as they are typically not as well protected as computers in the corporate world. Malicious actors can not only target such computers but also use them to launch attacks against other systems connected to the Internet, thus posing severe threats to data and infrastructure as well as disrupting electronic commerce. This paper investigates the factors that affect the use of security protection strategies by home computer users in relation to a specific, but crucial security technology for home – a software firewall. This paper proposes individuals' concern for privacy, awareness of common security measures, attitude towards security and privacy protection technologies, and computer anxiety as important antecedents that have an impact on the users' decision to adopt a software firewall. The results of our study suggest that attitude plays a more important role than perceived usefulness in shaping users' intention to use firewalls. We attribute this interesting finding to the non-functional nature of firewall systems that work best in the background with a complex relationship to users' productivity. Hence, the results add to our current understanding of Technology Acceptance Model vis-à-vis technologies that serve non-functional needs such as security. We then present a set of guidelines to home computer users, Internet Service Providers, e-commerce companies, and the government to increase home users' adoption rate of privacy and security protection technologies.

Introduction

The widespread use of personal computers and internet connections in the home today has profoundly changed the way individuals and society share information and conduct business. Yet, with this increased power has come an increasing concern for the security and privacy of information that is processed in the home computing environment. Even though a multitude of security and privacy protection technologies (such as software firewalls, anti-virus protection and proper browser settings) are available, a recent survey by America Online (AOL) has shown that a majority of individuals with a home internet connection do not use even simple protection strategies [3].

This apparent general lack of concern for computer security on the home front has big implications beyond the homes of the affected computer users. Compromised computers can be further employed by unscrupulous elements to not only steal sensitive information of the affected users, but also to launch attacks against legitimate business interests (e.g., distributed denial of service attacks) thus disrupting electronic commerce. Such computer crimes result in different types of losses. According to the Carnegie Mellon University's CERT Coordination Center, in 2004, 83% of organizations faced some type of loss due to electronic crimes, 56% experienced operational losses, and 25% experienced financial losses [9]. Due to the significance of these implications, protecting the security and privacy of home computers is of direct importance to both individuals and organizations.

Anti-virus protection, firewall and patches to cover security holes in critical software are perhaps among the top security mechanisms that a consumer can use to protect one's home computing environment. Of these security mechanisms, a firewall is considered the most effective in protecting computers and is the most widely used form of protection in businesses [9]. The aforementioned AOL survey [3] specifically indicated that among these security technologies, firewall is the least understood and least used in home computing environments. According to this survey, while more than 80% of respondents had anti-virus programs installed in their computers, only 37% had firewall solutions installed. One of the possible reasons for the low use of firewalls is the difficulty faced by individuals using and maintaining firewall applications when compared to keeping their critical software (such as operating systems and internet browser) and anti-virus protection up-to date. The relative difficulty of using the firewall and the low installed base in home environments provides the motivation for this research. Hence, this paper will specifically investigate factors that impact the adoption of firewalls by home computer users.

The next section briefly reviews the relevant antecedents that impact home firewall adoption. Section 3 develops the research model and presents the hypotheses. Section 4 describes research methods while Section 5 reports the results of the study. Section 6 discusses the significance of the results and explores further avenues of research. Finally Section 7 provides a summary of contributions to theory and practice.

Section snippets

Online threats to networked computers

As computers around the world are increasingly bound together by the Internet and the World Wide Web, the role of computers in every day life has evolved from that of primarily a business tool to an entertainment device used in homes by every member of the household. Computers have increasingly assumed a significant role in homes where they are used for a myriad of tasks ranging from word-processing to watching a movie. According to a January 2008 Leichtman Research survey, over 87% of US

Research Model

The Technology Acceptance Model (TAM) has been used widely in predicting an individual's technology adoption intention [11], [24], [35], [36], [37] and will be used as one of the main components of our research model. Traditionally, intention to engage in a behavior has been an important construct that predicts actual behavior better than either attitude towards a behavior or a set of beliefs about that behavior [2], [14], [36]. Intention to engage in a behavior has in turn been known to be

Research design

A survey methodology was utilized to test the proposed research model. For this study, we recruited 130 students from a large public university in the United States of America. The participants were paid an honorarium of $5 each for participating in the study. They were also told that they had a chance of winning one of the two $50 cash prizes if they completed the survey in its entirety as a part of the incentive scheme. Responses from 10 participants were dropped due to missing information

Results

A Confirmatory Factor Analysis (CFA) was conducted using PLS to determine the item-factor loadings (with the original list of 42 items and 10 constructs). As a result of this analysis, three items – CA1, UA2 and SU3 – were dropped due to poor convergent and discriminant validity. The results showed that the rest of the 39 items loaded higher on its corresponding latent variable and lower on other latent constructs thus indicating good convergent and discriminant validity. Factor loading

Discussion

The results of the PLS analysis show that computer anxiety had a significant negative impact on both the users' awareness of security measures available to protect their home computers as well as the perceived ease of use of the firewall. Users' awareness of top security measures against vulnerabilities subsequently influenced the perceived usefulness of firewall technology and their attitude towards using the firewall. However, users' concern for information privacy had a significant direct

Theoretical contributions

The results of the study show that the three beliefs – computer anxiety, an individual's awareness of top security measures (to protect her from vulnerabilities) that could be used at homes and concern for information privacy – are relevant antecedents that have an impact on that individual's intention to use a firewall in a home environment. Heeding the call by Benbasat et al. (2005) to add relevant antecedents in specific contexts of adoption, this research adds these three specific beliefs

Acknowledgements

We thank the PSC-CUNY for its support of this project. We also appreciate the valuable feedback provided by Dr. Marios Koufaris and Dr. Raquel Benbunan-Fich in improving this manuscript.

Nanda Kumar is an assistant professor in the Computer Information Systems department at Baruch College, City University of New York. He received his Ph.D. in Management Information Systems from the University of British Columbia in 2003. His current research interests include human-computer interaction, behavioral aspects of B2C e-commerce, digital government, impact of IT on the organization of work and leisure. His work has appeared in journals such as Information Systems Research, MIS

References (39)

  • AOL/NCSA, Online Safety Study, 2004, last accessed on, at:...
  • M. Arami et al.

    Information privacy concerns and e–commerce: an empirical investigation

  • I. Benbasat et al.
  • M.R. Benioff et al.
  • B.J. Calder et al.

    The concept of external validity

    Journal of Consumer Research

    (December 1982)
  • CERT/CC, 2004 E-Crime Watch Survey: Summary of Findings, CSO Magazine and Computer Emergency Response Team/Coordination...
  • D. Compeau

    Social cognitive theory and individual reactions to computing technology: a longitudinal study

    MIS Quarterly

    (1999)
  • M.J. Culnan

    “How did they get my name?”: an exploratory investigation of consumer attitudes toward secondary information use

    MIS Quarterly

    (1993)
  • M.J. Culnan et al.

    Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation

    Organization Science

    (1999)

    • Cited by (62)

    • Motivators behind information disclosure: Evidence from Airbnb hosts

      2019, Annals of Tourism Research
      Citation Excerpt :

      To construct the theoretical frameworks, several theories were applied to explain information disclosure behavior, such as the theory of reasoned action (TRA) and the theory of planned behavior (TPB). These theories suggested that the main reason for consumers' hesitation to disclose information is privacy concerns (Jahangir & Begum, 2007; Kumar, Mohan, & Holowczak, 2008). TRA indicated that consumers' intention or motivation for volitional behavior is driven by their attitudes and subjective norms.

    • The impact of security awarness on information technology professionals’ behavior

      2018, Computers and Security
      Citation Excerpt :

      The relationship between the independent variable and dependent variable were assessed using the partial least squares (PLS) method. The use of PLS as the method for evaluating relationships between variables in human behavior in the area of information security has been the most common approach in quantitative studies (see for example: Gurung et al. 2009; Kumar et al. 2008; Liang and Xue 2010; Vance et al. 2012, and Hanus and Wu 2016) and therefore was considered appropriate for the context of this research As noted above the instrument used for this study was previously used by Hanus and Wu (2016), enabling a direct comparison of results between the student population that was researched in that study and the IT professionals that were the subject of the current study.

    • Investigate how developers and managers view security design in software

      2023, arXiv

    • Lessons in Prevention and Cure: A User Study of Recovery from Flubot Smartphone Malware

      2023, ACM International Conference Proceeding Series

    • Consumers' (ir)responsible shopping during emergencies: drivers and concerns

      2023, International Journal of Retail and Distribution Management

    • Investigate How Developers and Managers View Security Design in Software

      2023, International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
    View all citing articles on Scopus

    Nanda Kumar is an assistant professor in the Computer Information Systems department at Baruch College, City University of New York. He received his Ph.D. in Management Information Systems from the University of British Columbia in 2003. His current research interests include human-computer interaction, behavioral aspects of B2C e-commerce, digital government, impact of IT on the organization of work and leisure. His work has appeared in journals such as Information Systems Research, MIS Quarterly, Communications of the ACM, and Decision Support Systems.

    Kannan Mohan is an Assistant Professor of Computer Information Systems at Baruch College. Dr. Mohan received his Ph.D. degree in Computer Information Systems from Georgia State University. His research interests include managing software product family development, providing traceability support for systems development, knowledge integration, and agile development methodologies. His work has appeared in journals such as Communications of the ACM, Decision Support Systems, Information and Management, and Communications of the AIS.

    Richard D. Holowczak is presently an Associate Professor of Computer Information Systems and is Director of the Bert W. and Sandra Wasserman Trading Floor/ Subotnick Financial Services Center in the Zicklin School of Business, Baruch College, City University of New York. He holds M.B.A. and Ph.D. degrees from Rutgers University. His research focuses on digital libraries, electronic commerce and networked information systems. He has published articles in IEEE Computer Journal, IEEE Transactions on Knowledge and Data Engineering, Communications of the ACM, Online Information Review and ACM Computing Surveys.

    View full text
    Copyright © 2008 Elsevier B.V. All rights reserved.