When Does Usability Become a Liability?
nasteric asks: "I caught myself in the middle of a very interesting discussion last Friday over Krispy Kreme donuts and coffee. The discussion had to do with usability and security. Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack. Needless to say, this became an endless debate between our Microsoft Administrators and our Linux/Unix Administrators that will undoubtedly continue into the morning. Therefore I pose this question to the Slashdot community. Will making Linux more user friendly result in it becoming less secure? Hopefully your expertise will help shed some light on (and bring to and end) our discussion." Does decent usability necessarily imply the presence of vulnerabilities? Macs seem to have this area down pretty well, with little in the way of vulnerabilities. Can Linux software follow the same route?
I think that the claim has very little validity. I think the truth is that it "becomes more vulnerable" when the average user is less educated about security issues.
Making Linux more user friendly, in my mind, means improving upon the features that revolve around the GUI. The great thing about Linux is how much you can customize it; you can strip away the GUI and have a powerful production-level server environment. This is different from Microsoft products, as the ease of usability encompases the operating system.
Linux is much more "modular", in that you can build exactly what you want; an installation could take up anywhere from a few megs to a few gigs. The security and vulnerability lies in the end user.
Wireless News www.DailyWireless
Take the basic Linux safety measure. Having to log in as root to do anything significant. Win has this as well (admin, power user, etc) , but most people run as admin, partly because of crappy, admin-rights demanding software, partly because Win doesn't really tell you not to, but also partly because its a PITA to remember, and log in with, that secure PW to do any installs or maintenance.
A "user friendly Linux" (Lindows, anyone?) will have to be very, very careful not to end up down this same path.
Usability doesn't mean "avoids security." It means the interface is easy to use. You can do this *with* security. For example, just asking the user to re-type their password before running admin tools, even if they have rights to run them. (No su'ing to root; no process should *ever* run as root with user input/control.) That means that a virus can't just start running admin commands without the user knowing.
SELinux (or, hopefully, a similar system with a sane configuration/management interface) can also assist with this by limiting what vulnerabilities can do.
And the interface design itself helps. Microsoft's attempts at usability equate to "do everything automatically." Compare this to GNOME where the design is based not on automation, but on streamlining. I fully believe GNOME is *more* usable than Windows in almost every way, yet it hasn't the security problems as apps don't try to auto-run executables from untrusted sources, embed scripting languages with system-modification abilities, etc.
In truth, the interface can be designed such that it makes using security easier, vs hiding security away.
One nice trick Apple discovered is to have the users be non-root, yet still administrative. (Did you hear that, Lindows?) They did this by creating tools that run as root, but which require authentication to run. For example, a mortal user who is an administator can't trash the whole filesystem by dragging and dropping important items, because they are not root. But they can run Software Update, an application for downloading patches, by supplying a username and password.
On Linux you can add users to the group "wheel" and make them sudoers with much the same effect.
Apple also made many important directories like /etc invisible from within the GUI, which I think is a great idea as long as power users can turn it off.
Seems easy and secure to me...
This means that yes, a trojan horse could run, and yes, it could keep running until the user logs out, and maybe even add a login item on a per-user basis, but it can't install anything into the system that runs at startup unless the user explicitly enters a password to say that "yes, I really expected this to be installing something". This simple authentication requirement would have prevented 99% of what has made Windows viruses so virulent.
In fact, the best form of user-friendly security basically amounts to having a bunch of policies for things that shouldn't generally happen, then shouting at the user and asking if you really want to do that. This concept has been popping up repeatedly on the Mac platform ever since the classic "GateKeeper" virus checker extension. I remember saying that I wanted to see an OS do exactly this sort of sanity checking (don't let an application modify the OS without user permission) back when I was still in elementary school (mid-eighties).
So here's what I don't get.... If this was obvious to me at about age 10, what does that say about companies that still haven't figured out how to implement such a basic security measure? And why would anyone in his/her right mind use an OS like Windows whose security policies haven't caught up to what seemed obvious to a 10-year-old kid almost 20 years ago?
For shame.
Check out my sci-fi/humor trilogy at PatriotsBooks.
True, but only because you both share a common frame of reference. Communicating outside of a common frame of reference becomes much much more difficult and thus a much larger volume of data. Try getting food from a blind man in france.
This reminds me of something I've read. When Apple was engineering the GUI back in the early 1980's, early tendency in testing was to just use icons and imagery for buttons and functions, testing showed that this was disatrous however, and the best approach in terms of speed to learn and usability was to use both descriptive text and an icon.
Apparently, the lead engineer is quoted as saying "a word is worth a thousand pictures" when it comes to GUI design.
This sig has been deprecated.
Even a true or false question offers a question with options. A blank command line does neither. Even knowing to type man and a command requires
/u/s" command - your argument is not representative of typical usage. Also, icons are generally easy to associate visually with an application - if not, you run it and see what comes up. As a general rule, most applications will not mess with your data just by loading them up and MOST applications will not negatively affect your hardware - thus poking around is good.
a. To know that there is a `man' command
b. To know which command to even bother looking up.
Then expecting a n00b to dicipher a man page is a leap. I also have never seen an icon or have I even seen anyone make a shortcut to the "format c:
Also, you imply there are 'wrong' choices, when in fact, there is not really a 'wrong' choice per se, just not the specific function you're looking for. If this is the case, you choose one of the other choices and move forward. Now you know what that other function does for when you do need it and have also completed what you set out to do. Not likely to get the same quick understanding on cl.
The main benefit of a gui is the flattening of the learning curve. It is not as efficient as knowing exactly what you want to do at the cl - this is true, but gets you to a point to where you can be somewhat productive. Obviously being adept at the cl will make you more efficient.
ymmv
Below is the truth, the whole truth and nothing but the truth.
Windows was originally designed as a single-user, game-playing operating system. It had no concept of networking or segmented user space or file permissions, etc. These things, among others, were added on later as the need arose.
Windows was originally marketed to home users who wanted to play games and small businesses who wanted to track a few dozen or perhaps a few hundred accounts/clients.
Today, MS has positioned Windows as an Enterprise class OS. People who grew up playing games on Windows should know that this doesn't make sense.
I used to laugh when looking for patches for an NT4 domain that I administered a few years ago. I'd skip all of the new video (DirectX) enhancements that were constantly avaiable. What did gaming/video drivers have to do with domain controllers?
In short, you can't make something into something it's not... at least not without many problems. MS Windows is a classic example of this.