Understanding Wants and Needs of Personal Firewall Users

I’ve presented results of a user study by my graduate student Fahimeh Raja at SafeConfig. She conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. There are several interesting findings. Through a qualitative analysis of the data, we found that most of our participants were not aware of the functionality of personal firewalls and their role in protecting computers. Most of our participants required different levels of protection from their personal firewalls in different contexts. The most important factors that affect their requirements are their activity, the network settings, and the people in the network. The requirements and preferences for their interaction with a personal firewall varied based on their levels of security knowledge and expertise. We discuss implications of our results for the design of personal firewalls. We recommend integrating the personal firewall with other security applications, adjusting its behavior based on users’ levels of security knowledge, and providing different levels of protection based on context. We also provide implications for automating personal firewall decisions and designing better warnings and notices.