Slashdot Mirror
When Does Usability Become a Liability?
nasteric asks: "I caught myself in the middle of a very interesting discussion last Friday over Krispy Kreme donuts and coffee. The discussion had to do with usability and security. Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack. Needless to say, this became an endless debate between our Microsoft Administrators and our Linux/Unix Administrators that will undoubtedly continue into the morning. Therefore I pose this question to the Slashdot community. Will making Linux more user friendly result in it becoming less secure? Hopefully your expertise will help shed some light on (and bring to and end) our discussion." Does decent usability necessarily imply the presence of vulnerabilities? Macs seem to have this area down pretty well, with little in the way of vulnerabilities. Can Linux software follow the same route?
Question: Is this an "Ask Slashdot" or an advertisement for Krispy Cream and Apple?
Also, since the editorial already starts us off with an "OS X vs Linux" flamewar, let me add to the discussion... Windows and Linux admins in the same organization? What organization is this?!
Why do people think that the command line is *not* "user friendly"? Do we write books by pointing and clicking at icons, avatars, and pictures? Except under amazing cirumcstances (Steven Hawking, the blind, etc) would you hire an author that did? Then why a system administrator?
As soon as autoexec.bat runs.
You are not the customer.
Is hide the more advanced/"dangerous" features from users that normally don't need them. They're there if you, but if you don't know about them, you shouldn't accidentally trigger them. That's part of good useability, too.
OK, here we go:
Yes, because users are stupid. Most "viruses" at the moment need a stupid user. Also, more users=more damage=more chance of someone wanting to attack it.
All employees must wash hands before seeking equitable relief.
One of the biggest design flaws in Windows from a security perspective is that nearly every service that comes with the system is turned on by default.
One of the biggest design flaws in Linux from a usablity perspective is that nearly every service that comes with the system is turned on by default.
I think that the claim has very little validity. I think the truth is that it "becomes more vulnerable" when the average user is less educated about security issues.
Making Linux more user friendly, in my mind, means improving upon the features that revolve around the GUI. The great thing about Linux is how much you can customize it; you can strip away the GUI and have a powerful production-level server environment. This is different from Microsoft products, as the ease of usability encompases the operating system.
Linux is much more "modular", in that you can build exactly what you want; an installation could take up anywhere from a few megs to a few gigs. The security and vulnerability lies in the end user.
Wireless News www.DailyWireless
windows, linux it doesnt matter... Lusers will FIND a way to screw things up... If linux had the larger market share, worm writers would tailor code for it. I dont really think it would change the world as we know it.
Please, no comments about how Mac OS X was "attacked" by a trojan.
It doesn't "expose" some fatal flaw in the OS, nor is it some newly discovered exploit. All it is was an application that displayed a dialog box. Mac OS applications (with the exception of Cocoa applications) have always been able to have:
a.) any icon, and
b.) any name
The only remotely slightly interesting feature of this proof-of-concept was that it stored the executable code within an MP3 ID3 tag, and even contained valid MP3 data. But that's mostly irrelevant, since the executable code could be anywhere, and the code can't even be moved in raw binary form without destroying the resource fork. Though the major media outlets haven't picked up on the subtleties of this thanks to Intego's FUD-mongering and self-serving press release, this "trojan" is nothing more than a Carbon application. (Though, the discussion that comes of this will be fruitful: maybe Apple will revisit yet again the filesystem metadata vs. file extension dichotomy, and discuss novel ways of visually identifying executables, perhaps in the same fashion as aliases.)
So, to get on-topic, no, an OS doesn't necessarily have to become less secure to become user-friendly. Some (most?) of the security of an operating system, both from a user perspective and network perspective, comes from underlying philosophical design principles and fundamentals - not to mention the intensive peer examination that open source software encourages. Sure, some user-friendly "features", such as auto-opening attachments in the preview pane of Outlook, exist to make things "easier" for the user. But this is a wrongheaded approach: a sensible focus on security can solve the majority of problems without necessarily making it harder on the user. Ease of use and security aren't entirely, or even mostly, mutually exclusive.
The key is making security easy to use.
But the age-old technique of "tricking the user" will ALWAYS be possible via various means, on any OS on any platform.
I fail to see any such correlation between usability and security. As many others have said (and will say), OS X really does have it down in regards to their security model, which I hope is embraced on OSS *nix soon.
this sig limit is too small to put anything good h
...then you should have asked for their explanation of why OS X is more secure than Windows.
Anonymous Kev
Proudly posting as AC since 1997
(Finally got a dang account in 2004)
The answer is "No, because of peer review."
Lets move on..
no
It's the same thing that has happened to other fields that eventually grew to the point where people could do some of the work on their own. For comparison think of publications, once restricted to highly specialized professionals and now available to anybody with a printer and a copy of printshop. Those home-brew print jobs make the pros squeem in pain. Amateur work will always be amateur, and the results will reflect this.
Once Linux gets to the point that it can be administered by people who aren't dedicated specialists, it's inevitable they will try it out and that most of these people will be less careful administrators. After all they aren't dedicated *nix admins and will often wear many hats in their organization. This doesn't mean that Linux is insecure, it's just a growing pain that it has to go through.
Don't forget how many people fall into the "it's working, it's now forgotten" category. These are the people that only perform oil changes on their cars and wonder why it eventually breaks down on them - and there are a lot of them. They won't patch it, back it up or anything else until the day it inevitably comes crashing down around them.
Cheese it, it's the cops!
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Depends on how the make it more user friendly. Most of microsofts flaws come from coding errors and automaticaly opend ports and services that aren't used.
I think linux can be user friendly without all that but with anything the more layers you add to it the complexity and ability to keep it secure will become harder. Not impossible but harder. At least with linux you will know were the problems are instead of having it for 2 years and then finding a patch for it one day.
Take the basic Linux safety measure. Having to log in as root to do anything significant. Win has this as well (admin, power user, etc) , but most people run as admin, partly because of crappy, admin-rights demanding software, partly because Win doesn't really tell you not to, but also partly because its a PITA to remember, and log in with, that secure PW to do any installs or maintenance.
A "user friendly Linux" (Lindows, anyone?) will have to be very, very careful not to end up down this same path.
You need a COMMIT; in there to make sure your transaction runs, otherwise my base will still belong to me. For great zig! COMMIT;
On Windows they call it Administrator, on Linux they call it Root. It's the same thing, the user account that has no restrictions on it. Every user wants to run that way, because seeing a "permission denied" message on their own box just isn't going to make them consider the system user-friendly.
It's really more of a user eductation issue than a technical one. The best security practices are usually in counter to an element of ease of use.
- user-friendly
- vulnerable
and so they think anything that's user friendly must be vulnerable. A classic logic error, whose name I forget right now.User friendly does NOT imply vulnerable, nor vice versa. I've posted before about building secure systems and securing existing ones. The techniques are, for the most part, well known albeit tedious, though I do anyway. (I even posted a security advisory to BUGTRAQ today...)
As long as the people making Linux user friendly keep security in mind when designing and implementing the new features, there will be no problem.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Of course if you have elitist programmer types who use their case-modded Amiga's to talk to talk to each in Klingon don't expect your user experience to be one 'Joe User' can use or enjoy. If you are one of those people who are disdainful of people not as smart as you and want to keep Linux/OSS in the hands of your CRT tanned brethren then by all means continue to disparage and FUD usability all day long - just don't complain about Linux's adoption - EVER.
A few things for folks to remember:
-_-
Have a look at Lindows. They make Linux easy enough for Windows users and supposedly, your grand mother to use. The first major step towards ease4 of use was the use of root as the primary logon. Security on these systems obviously just took a major step backwards.
Now let's face it, the ease of use your friends are talking about is things like not having to use a user ID and password when you turn on the PC and, most especially, not having to "su" to install spyware ^H^H^H^H^H^H^H pop-up blockers.
What had me thinking is why did the editor let us know that he was at Krispy Kreme's having donuts and coffee. That could have been left out.
hmm... for fun I enjoy launching DDoS attacks against 127.87.42.5
[As | If] Linux becomes more 'userfriendly,' security will suffer. This is not because it becomes inherently more vulnerable, but because it becomes accessible to ever less competent people.
A *NIX system does have inherent security advantages over Windows, but it still requires a very competent Admin to do a thorough job. Right now, I'd lay money (based on experience) that the average Linux Admin has a far better understanding than the average Windows admin simply because he needs to. This is going to change.
Consider that in my day, a programmer was still a computer scientist. Nowadays, I have to work with people who took a few months at a college course using a Visual design package and couldn't even program a Bubble Sort routine. It'll be similar with Linux security.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
I'm not sure how I understand how the product could be less secure. My concern, the same concern I have for Windows, is the implementation.
End users generally either accept defaults, or install everything they can - regardless of if it's anything they'd ever use. This also means opening all the ports for the applications they install (by default, in Windows). They're simply not experienced enough to appreciate what they do.
My limited experience in Linux (I consider myself a very average user at best) with Red Hat and Fedora distributions is that it opens itself up for whatever I install as well. I often find myself fortunate if I can get 80% of what I install working, so I suppose that's inherantly more secure.
However, I still use 14 character passwords in Windows and Linux. I still set appropriate permissions on files in both Windows and Linux. Vulnerabilities will always exist, regardless of platform. I fail to see how wider use would make the produce less secure, however.
Usability doesn't mean "avoids security." It means the interface is easy to use. You can do this *with* security. For example, just asking the user to re-type their password before running admin tools, even if they have rights to run them. (No su'ing to root; no process should *ever* run as root with user input/control.) That means that a virus can't just start running admin commands without the user knowing.
SELinux (or, hopefully, a similar system with a sane configuration/management interface) can also assist with this by limiting what vulnerabilities can do.
And the interface design itself helps. Microsoft's attempts at usability equate to "do everything automatically." Compare this to GNOME where the design is based not on automation, but on streamlining. I fully believe GNOME is *more* usable than Windows in almost every way, yet it hasn't the security problems as apps don't try to auto-run executables from untrusted sources, embed scripting languages with system-modification abilities, etc.
In truth, the interface can be designed such that it makes using security easier, vs hiding security away.
The argument is usually phrased as "Convenience vs Security." They can be seen as being opposed. That's not quite the same as "Usability vs Vulnerability" but that's the direction your friends' arguments were pointing.
I'm not sure that it always holds true that you have a single gradient between Convenience and Security. You can have elements of both, and it's not just a fractional position between two extremes.
For example, the 'root' problem is that root or Administrator can do anything on the system, so cracker types will focus their attention on the major prize. The alternative would be to spread rights and responsibilities into fine-grained accounts like "backup" and "network" and "installer" and other capabilities. An attacker has to work harder, but the machine's owner does too.
However, that doesn't mean that you're going to have to allow web browsers and email clients to execute unknown privileged code. Many of Microsoft's engineers in the 90s had no concept of trust and privilege, and it showed. Those few who understood the implications couldn't drive the rest of the overwhelmingly "convenience-driven" corporate culture to really care about the down-sides to an all-root-all-the-time lack of security. Now that Microsoft knows the implications, their inertia has them at a strict disadvantage: they must change, and in so changing, they break their #1 asset: long-term backwards compatibility.
[
"Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. " Ummm... what makes a Microsoft Admininstrator the authority on vulernability and usability?
and an Indian fellow named "Jack" was assigned my case.
I cannot wait to hear from "Jack" and hear how his beloved "Mets" are doing in this fine baseball season.
I await with interest to hear his small talk about traveling on the "NJ Turnpike" to work.
Tech Support. You gotta love it.
One nice trick Apple discovered is to have the users be non-root, yet still administrative. (Did you hear that, Lindows?) They did this by creating tools that run as root, but which require authentication to run. For example, a mortal user who is an administator can't trash the whole filesystem by dragging and dropping important items, because they are not root. But they can run Software Update, an application for downloading patches, by supplying a username and password.
On Linux you can add users to the group "wheel" and make them sudoers with much the same effect.
Apple also made many important directories like /etc invisible from within the GUI, which I think is a great idea as long as power users can turn it off.
Seems easy and secure to me...
All the "secure code" in the world wont shield the system from a clueless user.
/ /dev/rand > /dev/dsp
As secure as you think OSX is, anyone who wanted to write an application to fuck stuff up, call it "Super Happy Funtime Sexy Game", and email it to morons, could do so just as easily as they could with a VBScript file.
I could write:
#!\bin\sh
rm -rf
cat
echo Linux is teh gay!
Email it to some stupid people, tell them they have to run it as root or else they wont see the video of Condoleeza Rice's tits.
Stupid people will run what came with the box they bought at Best Buy. When those boxes start shipping with linux, they'll be on linux. The REALLY stupid people shop at K-Mart, who I understand are in the business of ubercheap linux boxes these days.
Be afraid, be very afraid, of the rootkits that get put on this new army of lindows boxes.
I don't need no instructions to know how to rock!!!!
...people kill security.
As you've noted, Mac OSX has managed it (although in all honesty it probably isn't the focus of as many attacks as Windows). I think that the main problem is that if users are running their browsers, email clients etc under their own uid, and they contract a virus then it's going to cause damage to all their files. I don't know about anyone else here, but I value the files in my /home more than the rest of the OS, which can easily be reinstalled (yes, I do back up, BTW).
;-)
I think that maybe all vulnerable processes, like web browsers, irc clients etc should run under a separate uid from the user (maybe each user should have 2 uid's - one normal, and one restricted so that it can only access a subdirectory of the users home). So rather than Mozilla launching as user fredbloggs:fredbloggs, it launches as "fredbloggs_restricted:fredbloggs_restricted" by default. The user could then chown some directory to be writable to fredbloggs_restricted" for downloads, cache etc.
Maybe this is already implemented? The real problem though is that a user could still build and run something they downloaded, potentially wiping all their files, unless a mechanism automatically made anything they installed themselves, run as the restricted user and not their own uid:gid.
Does any of that make sense?
Code, Hardware, stuff like that.
...it's popularity. The more popular an OS gets, more script kiddies will target that OS as that is where they can do maximum damage.
The trick to usability is to have a power interface which allows you to change everything and anything in the system and have a newbie interface which allows you to customize to your hearts content but not change the underlying core components. Because what most "joe users" want is modifying the look and feel of their desktop and not going into changing network settings or CPU settings. If they want that and can do that I think they are already ready for the power interface.
GUIs let you explore until you find what you want by pointing and clicking on things. With command lines, you need to know the commands, and the options, before starting. That means that you need some sort of training before you start using the command line. So in your analogy, you'd have to "learn" the language of the OS before you can start 'writing' anything at all. Learning English actually took you a very, very long time, even if you don't remember it.
Once you have that training, the command line is a very useful tool. But if you can't get the training, and aren't self-sufficient or technically apt enough to go to the bookstore and buy a book on how to use the command line, you're screwed.
That's why people like having icons for things. The message icon is your mail program. Don't have to remember what it's name is, or where it's at. Just click.
I'm in the process of rewritting some small freely available application because the original caused my computer to segfault under two circumstances which I consider normal use. In rewritting it, i've eliminated those errors and maintained the same performance. As well, I decided to start using a memory profiler, Valgrind. The end result is a more user friendly tool because it doesn't crash in normal operation giving bad error messages that only a programmer would understand. It is also more secure... no more buffer overflows.
My point is, moving towards usability shouldn't mean that we should loosen our belts, allowing the user to run amock in the system, we should tighten them.
Usability, however, does have to do with coherent UI design: picking icons that communicate what the button does on a toolbar, grouping menus is a logical way, making sure that there are keystrokes available for commonly used features, etc.
It sounds like the Microsofties have confused usability with Feature Creep.
Now.. the more people running Linux may in fact lead to more vulnerabilities being found, since testing only proves the existence of bugs, not the absence. However, history shows that bugs are fixed much quicker in open source then in closed source, so that's a race Linux wins easily. But as far as usability, comparing the latest KDE and GNOME desktop to Windows XP just shows that as far as usability, Linux may have already surpassed Windows.
Comment removed based on user account deletion
It isn't that making Linux more user friendly will make it less secure. It is that making the tools require less understanding will lead the friendly users to a false sense of security.
Consider netfilter/iptables... Understanding how to really secure your system from this particular perspective requires a bit of study. Sure, you can paint relatively broad strokes and secure your system with a few clicks for a large majority of cases. But not knowing how the configuration files ended up being written means not knowing to what you are actually vunerable as a result of making a few simplistic choices.
Unfortunately, the Peter Principle often applies to home computer ownership, too.
Does any of that make sense? ;-)
Nope. Any system that doesn't allow the user to do whatever they want to do is going to is not user friendly. We've got two somewhat paradoxical concepts here.
Users will always want to be runing at root at all times. Some won't grasp the security implications until it's too late.
Microsoft sacrifices security because, in their model, it is often the easiest way (tm) to make something more user friendly. So from a Microsoft point of view, it seems obvious that security and user friendliness are mortal enemies. That doesn't mean the two naturally correlate.
On the other hand, anyone can make a linux box insecure. The question then becomes as simple as whether you trust users to administer their own boxes. This is where you need user friendliness. This is where the OS has a choice to remain secure by staying obfuscated (and thus scaring users away at the expense of functionality) or become more friendly (at the risk of letting users hurt themselves).
Windows, by default, can be (is?) insecure. But that's not where the "(Microsft vs. Linux) vs. (User Friendly vs. Insecure)" debate should begin.
Hey linux--how about you worry about that particular hurdle when it's within a light year away or so?
The answer clearly is "maybe." It all depends on implimentation. Simplicity in itself is not responsible for vulnerabilities. Simplicity is the goal for the designer. Usability is the goal (and key) for the user. The problem is when you ignore good security methodology in the name of K.I.S.S and for the uneducated user.
/dev/cdrom /mnt/cdrom, they want to click on an icon or (if they're at the commandline) type in just the path to the drive. Autofs (and the like) go pretty far for this. But that's just a beginning.
I think it would be better to educate the users than to dummy-down the OS. Education needent be difficult. Documentation is key to understanding. If the user can't/won't read the docs....then it's all their problem, but if the docs are there, and they're clear and concise, and he reads them and can use them. Then you have a good system.
End users like "Joe Sixpack" don't want to have to type things like mount
Take Microsoft's lead. They spent an enormous amount of time, money, and effort making the systems useable and simple. Apple did the same (albeit on a slightly different track). Linux can too. Just because someone makes Linux (as a whole) easier for Joe to use doesn't mean that security will go out the window. It just means that there's more that needs to be thought about before implimentation.
And that's why there's the "maybe."
i used to be tech coordinator at my school. oh the headaches. anyways, i'd get all kinds of lame ass questions about how to do simple things. people learned how to use windows. just like riding a bike, it takes time. windows UI's break lots of guidelines. ever look at all the dialog boxes, like the font box, or the print dialog. they are 1st class abortions. and how 'bout office. what, a toolbar button that is a pop up menu, which can then double (or triple?) as a pull off floating toolbar? (it's a desert topping, it's a floor polish!) windows has had the luxury of being how things are done, and people learn to use it. so, anything that doesn't do it that way is "wrong" and "difficult". it's no different that driving on the right side of the road, with the pedals on the left side of the car. (here in the US) linux desktop by default has to emulate/mirror windows (mis)feature for feature. now, there are lots of bonuses like in konq, but 100 cool things doesn't make up for the 1 thing it doesn't do like windows. the best hope for linux desktop is new users without the pre-conditioned actions. i had several linux desktops in my old 7th grade class. you'd be amazed that kids with little computer training can pick up kde or gnome. it's just that they're not stuck, as it were, doing things the redmond way.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
If usability means all powerful scripting then Linux will become as troublesome as Windows. If, on the other hand, it remains impossible to run full executables from HTML (and then not be able to exclude HTML email even as an option) then the major attack vector for Windows will never exist.
If HTML email can still be turned off in Linux (like all the email programs in Linux do) then not only can't spammers run trojans but they don't know if I look at their creative efforts.
Port exploits will remain a problem in both Windows and Linux. Patches are issued for both on a somewhat regular basis.
Presumably Gator and other spyware would need to be rewritten for Linux and packaged as RPM's to be installed by Joe User based on his version of Linux. Somehow I suspect that it would be less frequent when installation is not a thoughtless act of clicking a box.
Only a "Built for Windows TV" would ever need such a capability !
The Linux security model splits user (fancy stuff) and root (low level stuff) very well. Retail Windows has only recently had this separation; ever tried to log into Administrator in Windows XP Home ?????
As GNU/Linux (a distribution) becomes more user friendly (presuming is isn't already) then nothing the GNOME or KDE can do would break the intrinsic security of the Linux kernel. Nothing.
So as long as a user plays in user space , Linux is happy to keep the hardware rocking. Log in to root and all bets are off but even so, when Linux has the NSA stuff then root won't always mean root.
Nah - this is stupid. a GNU/Linux distro like Mandrake is user friendly and as long as you are not using root - it can be secure and quite usable. Sounds like FUD to me.
The argument that Would. Not. Die. Seriously, you can see this argument popping up in discussion forums everywhere with great regularity. Then you can read it in major computer industry publications, too. I'd like to believe that ./ readers know better. For those that don't, here's an interesting article.
You like your Macintosh better than me, don't you Dave? Dave? Can you hear me Dave?
This means that yes, a trojan horse could run, and yes, it could keep running until the user logs out, and maybe even add a login item on a per-user basis, but it can't install anything into the system that runs at startup unless the user explicitly enters a password to say that "yes, I really expected this to be installing something". This simple authentication requirement would have prevented 99% of what has made Windows viruses so virulent.
In fact, the best form of user-friendly security basically amounts to having a bunch of policies for things that shouldn't generally happen, then shouting at the user and asking if you really want to do that. This concept has been popping up repeatedly on the Mac platform ever since the classic "GateKeeper" virus checker extension. I remember saying that I wanted to see an OS do exactly this sort of sanity checking (don't let an application modify the OS without user permission) back when I was still in elementary school (mid-eighties).
So here's what I don't get.... If this was obvious to me at about age 10, what does that say about companies that still haven't figured out how to implement such a basic security measure? And why would anyone in his/her right mind use an OS like Windows whose security policies haven't caught up to what seemed obvious to a 10-year-old kid almost 20 years ago?
For shame.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If the user doesn't care about security then it is hard to add more security without making the system more difficult to use.
On the other hand a system infected with viruses and trojans can be un-usable.
In all fairness to MS, the Windows history is from a novice single user or small work group. Windows was kinda of thrust onto the Internet, by, well, the growth of the Internet. It is more usable and less secure because of that.
Linux has the whole multi-user UNIX, USENET, geek, Internet history behind it. It is more secure and less usable because of that.
I see Windows and Linux evolving toward each other in security, in usability and in many other ways.
If it's ease of learning, then yeah, a picture is probably worth a thousand words. If it's actual ease of use (which is NOT to be confused with the latter- even though everyone and his dog keeps doing it...), then a CLI may well be the thing.
There's a lot of things that are purely cumbersome because of the GUI under XP or MacOS.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I'd actually argue that having all services turned off by default doesn't impact the "average dumb user's" useability experience at all, because the average dumb user utilizes their system pretty much exclusively as a client.
This is part of why home-NAT devices were able to spread so quickly among regular home users... because they don't care if their system can be accessed via ssh, http, or whatever... as long as they can access other systems in the expected fashion.
Still, a nice observation (once corrected).
A GUI you have to learn to click, double click, right click, directory structure, etc. You still have to learn. You are just learning something different. instead of cd [enter] you are double clicking on something. wether you type it or click it you are still learning something.
Evolution or ID?
Things that need to be expressed before my opinion:
:)
-Microsoft does not hire retards. Their programmers are skilled.
-IBM,Sun,Novell,etc, do not hire retards. Their programmers are probably equally skilled with Microsoft's.
-Linux was inspired by Unix
-Unix is a multi-user operating system originally designed during the dawn of computing for big iron mainframes accessible by client terminals via command line.
-Computer "users" at the time of the creation and dominance of Unix knew, more often than not, how to program, do shell scripts, etc. They were very computer-literate. To use a computer in that age meant you knew how a computer worked.
-Windows began as a (more or less) single user operating system intended to run on PCs, not mainframes, and is used more often than not by people who know nothing of programming, or how a computer works abstractly.
Before you jump to say that Microsoft produces crap code, think logically. The Windows O/S may be considered to be a history lesson for all the O/S programmers out there. Learn from it. Sure, they didn't invent the GUI. Sure they weren't the first windowing O/S. But consider that Windows is the first operating system to reach the level of adoption that it has. They have to support every common architecture, network protocol, hardware design, etc, in the world.
If Windows serves any purpose to you guys at all, it is to illustrate what works, and what doesn't. From their example, user stupidity has been illustrated. Never more than now have programmers been aware of the need to balance ease of use with covering for the ignorance of a user. From their example, we've learned that the user really shouldn't be trusted to be a good admin, that firewalls are a good feature to build into an O/S, etc etc. Microsoft has proven useful in studying the effectiveness of GUI systems and their pitfalls.
Don't sit and criticize Microsoft. Take the lessons they had to learn the hard way, and use them to make better code. That's essentially what Apple did with OSX, even though for them it was a lot easier - they don't have to standardize for all hardware and software configs. They offered very limited backwards compatibility, as ugly compatibility hacks aren't good to keep in code
------- "From bored to fanboy in 3.8 asian girls" ----------
You had me at "Krispy Kreme". ;)
Windows was NEVER built with security/multiple users in mind. It just kind of was added on as an afterthought when they got into the networking game. The problem Microsoft has had has always been of one with backwards compatibility. Windows 3.1 apps had to be compatible with 95, 95 apps had to work on 98, and so on. That's why to this day any app you install is going to drop something into the /WINDOWS/SYSTEM directory. Applications for Windows were pretty much written assuming that they will have full access to everything in the system. In a lot of cases that's still true today (for instance, an HP scanner driver/program I installed won't work properly on any other account besides the one that installed it). .DLL's, write stuff into the HKEY_LOCAL_MACHINE registry hive, and other such important things.
/sbin, /lib, or /etc. Primary system files never need to be touched, nor should they be. If someone wants to change the look and feel of their shell or X, they can write the appropriate file into their home directory.
When you install a Windows app, it typically wants to go in and overwrite/add
Linux/Unix, on the other hand, has always, always always been about networks and shared access. And the apps have always been written as such. Users can install and run apps straight from their home directories without having to add or change anything in
I guess what I am trying to say is that Linux won't be necessary to "open up" as it becomes more user friendly because it and the apps that run on it have been written with the idea that it's a shared system. Give the user their sandbox to play in and don't let them touch the rest of the system. Saying opening up the system Windows style is apples and oranges because Windows was originally created with a single, trusted user in mind, and it's been impossible for Microsoft to extricate themselves from that trap they set way back when. If you want an analogy, take a look at SMTP. If it was originally built with distrust in mind would we be having the problems with spam we are today?
-R
Does decent usability necessarily imply the presence of vulnerabilities?
Just because that's the broad experience of users with the current environment of "usable" administrative tools doesn't necessarily mean that it must be so. It's empirical evidence based on a sample size of ... well ... approximately one company.
However.
It is a caution. It shows that it is quite possible to (unintentionally) make system administration more unsafe when pursuing a single-minded goal and when the ideas for EZ system administration aren't subject to the kind of open scrutiny and community improvement that FOSS developers can provide. When a single company owns a market, it's tempting for them to "speed up" the standards process, to "innovate", and make something Really Great that later, turns out not to be perfect.
Practically, I've been encouraged that the free mail clients and free web browsers I use under Linux haven't been afflicted with "Automatically Run This" features of convenience to the degree that my Outlook and IE running friends have to contend with.
I will say though, that I've been nervous about various things that "wget something; cd something; make" redcarpet like packages and their potential for abuse.
"Provided by the management for your protection."
At least you understand it's not an "MP3 virus" or some kind of issue with iTunes, as others believe.
1. All Mac OS and Mac OS X applications have always been able to have any icon.
2. All Mac OS applications and all Classic/Carbon applications under Mac OS X, have always been able to have any name...including misleading names.
I would hardly call this a "deep-rooted, system-wide flaw". What does a Linux command-line executable "look like"? And indeed, it, too, can have any name, yes? Is that also a "deep-rooted, system-wide flaw"?
In fact, this item is revealed as the application that it is in every Finder view *except* icon view (which is also how it will appear on the desktop). Even a simple Get Info reveals that it's an application. The "solution", if one is needed, is to visually badge and/or identify something as executable, possibly with some small addition to its icon, as is done with aliases.
But no, this is not a "flaw" any more than it's been for the last two decades. (And for the market share number enthusiasts, this EXACT same "technique", as it were, was possible during the heyday of Mac market share as well. In fact, it's probably been "exploited" countless times. That's because the "exploit" is nothing more than tricking the user into running something they shouldn't.)
Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack.
Spoken like a true MSCE. No, making Linux more usable will not open it up any more than necessary. One just needs to make sure that there isn't 1. a scripting host with direct access to the OS configuration, 2. all ports open by default, 3. lots of services open by default, 4. all user accounts with root access by default, 5. applications that can call the scripting host unecessarily (can we say Outlook running VBS attachments on open in the scripting engine with Admin privileges on a default installation?). None of these things really effects users. The two main ones that would affect users are 1. installation programs - just make installers call for an admin password when installed on default-configured accounts - which is what RPM for instance already does - and 2. make passwords mandatory (is that such a usability hardship?)
There are plenty of other examples where making software more usable can make it more secure. I've used PGP before, which most of the time, is a pain in the ass, since I have to run all kinds of separate programs to generate keys and encrypt my text which I then have to paste into my mail program (yeah, I know, some have it built in, but mine doesn't [and yes, I know, you can get a hack to get Mail.app to use GPG, but it uses undocumented API's that are subject to change with each release of the OS]), and then do a similar amount of work when receiving mail. Apple's Mail can use X.509 certificates for S/MIME, which is pretty easy to use, although getting a key is somewhat difficult and undocumented. When I was working for a company which used Lotus Notes, however, signing and encryption were incredibly easy; in fact, your emails were signed and encrypted without you even knowing it, if they were sent to other Notes users on the same network. Now, Notes had problems of it's own, but that's the way security should work; it should be completely transparent to the user, so the user can work securely without having to worry about it.
The real danger with usability is making some of the software usable, while making the security features hard to use. This is the problem with Windows. On Windows, it is really easy to run an executable, but fairly difficult to tell that you're running an executable. On Linux, you don't have this problem because it's hard to run an executable, but it would be equally secure if you could easily run an executable, as long as it was clear that you were running an untrusted executable. For one thing, both Windows and the Mac need to do away with this file extension hiding business. If you can easily name an application Foo.mp3.exe and hide the .exe part (or Foo.mp3.app on the Mac), then it will always be difficult for users to tell that it is an executable, not an mp3 file. In fact, when double clicking on an application for the first time, the operating system should probably display a warning dialog saying that the application may be untrusted. This wouldn't effect most apps that people use, since they would only see that once, and then the operating system would remember that that app had been run. But it would make sure that if someone is double clicking a file that they didn't expect to be an application they would be warned, and would have the option of canceling that operation.
The problem with Windows is that it's *too* secure. Yeah, you heard me. Try using a Windows box without admin rights. I did, once, never again. It was some time ago so I can't remember what the problem was. And you can't just supply the Admin password, you have to logout, kill all your apps, login as admin, do what you were trying to do in the first place, if you haven't forgotten because of some other app whinging about losing data or something, logout again, restart everything....it just isn't worth it.
So with Windows you have to run as admin all the time, which is why trojans can get in so easily. Win9x effectively runs as admin all the time anyway unless you have a fancy administrator who configures it for you, which most home users don't.
If "user friendly" = "run as root by default" then yes, Linux would end up having the same problems as Windows. But it doesn't have to. Prompting for root password when attempting a privileged operation is one possible solution; if a trojan attempts to run and the root pw prompt appears, hopefully the user will be prompted to think "er, why did clicking on that MP3 cause a root prompt?" and give the game away. I'm sure there must be other solutions.
It depends what you mean by increased usability. A linux expert can do almost anything on Linux right now. Aunt Tillie can't check her e-mail, without risking creating an open SPAM proxy. Increasing usability has very little to do with the underlying code functions, and far more to do with the visual communication of relevant information. As long as the interface does not rely on security through obscurity, improving the interface will only improve security, with things like:
"Warning: Setting Up a SendMail Daemon without checking for security patches may risk increasing the world supply of electronic Junk Mail (SPAM). Perform check for securely signed patches (Default: Yes)? Use Default trusted patch Server patchserver.ThisLinuxVendor.com (Default: Yes)?"
Of course, increasing accessibility also increases accessibility to potential shoot-yourself-in-the-foot things like filesharing. Right now, Security through Obscurity usually protects Aunt Tillie from setting up a SMB share of her entire hard drive. On the other hand, if she does do it somehow, she'll never figure out that her DSL is slow because she's been turned into the leading WAREZ distro for Podunk. Security through Obscurity is generally considered harmful-- but it is Security. Good interfaces can be designed to provide the users with warnings to educate them as to hazards, while letting them shoot themselves in the foot if they really, really want to.
Now, if you talk about increasing the functionality, so the Linux users can do things like install spyware, or DirectX components to reformat their hard drive, then yes, that's likely to decrease security.
//Information does not want to be free; it wants to breed.
This question sounds like, "If I drink, will I have a car accident?" Well yes, but only if you're stupid and drive after you drink.
Adding easy usability is not a direct cause of poor security, rather, an indirect cause. Increasing usability usually means pre-configuring options and features for the user. As Microsoft has learned with XP-SP2, the defaults are a big part of it.
It's difficult to imagine all of the permutations of configuration a user might do, while believing it to be secure, and then to code that to configure everything the way they want, and to keep it secure at the same time. However, if you're going to expose these abilities to the user through a simple user interface, difficult or not, you have to plan for it.
When there is no UI, the documentation is the authority on whether the user is secure or not. The user has to follow the directions, config themselves, and if they mess up, it's their fault. Creating simple UIs to do this for the user means you are expecting them to do more while reading less documentation.
This does not make the user more liable for his stupidity, instead it makes the programmer more liable for the security.
The moral is: Don't add the UI unless you've considered all of the possible configuration and security side effects and you're willing to deal with them. It can be as simple as error messages that explain to the user that certain combinations of choices creates an insecure condition and a suggestion to RTFM before continuing. That puts the liability back on the user.
Another viewpoint is that adding easy UIs to a program that previously had none should make it more secure - because the UI provides the opportunity to proactively warn the user before they do something stupid. It's up to the programmer to take advantage of that opportunity. Having only a binary, documention, and config files means the user must be proactive and read the docs.
Bottom line: The UI can't possibly create more security vulnerabilities than no UI whatsoever already afforded the user. The only way it does that is by encouraging a clueless user to touch something they wouldn't otherwise touch. And that's a conscious desicion the programmer made and didn't bother to plan for in the form of security warnings attached to bad configuration choice events.
Windows is a victim of it's own simplicity. Microsoft can only combat this with better default settings, better UIs with more knowledge being passed to the user, and lots and lots of security patches.
# Erik
As a result anything that wants to break down security has no barriers to it beyond whatever the application provides. That is insane.
You can vastly improve security by separating these spaces, making applications run in the user spaces as much as possible, and requiring authentication to bridge the spaces.
UNIXen have done this for decades. You might argue that "UNIX is hard to use." That has generally been the case, but not universally. MacOS X does a pretty good job of providing a smooth interface on top of UNIX and does so without breaking down the UNIX security structure. Users do not run applications in privileged mode without authentication, for instance. If you want to install new capabilities, you must authenticate to do it. Thus it is difficult for viruses and malware to insinuate themselves.
If the application and OS data is not writable by normal users, and they must somehow authenticate to get write privileges, viruses have a much harder time propagating.
It is for this reason that more and more UNIX software that used to run in the old days (e.g. ftp) now runs as an unprivileged user now. You can break in through flaws in the application, perhaps, but the damage you can do is limited. This was a good security practice that became mainstream back in the 1980s.
Getting back to "user friendly" systems, the Mac is not even the best example of a nice user-friendly UNIX box. I'd argue that some of the network appliances are much better at it. I had a Cobalt box, for instance, that had a fine point-and-click web interface to UNIX system management. It was really easy to use; you didn't have to know squat about UNIX, or even that the box was running UNIX. And it required authentication for every change request. This was mediated by the browser so it wasn't even noticed by the user.
Or just look at the Tivo. Is Tivo easy to use? Oh yea. How many security problems have you heard of with Tivo boxes? None, because getting unauthorized software onto that box is a bitch. Hmm. Maybe it's possible to be both easy to use and very secure.
I note that you can set up a Windows box to be pretty secure if you want to. I used to do it as a matter of course. The problem with doing that is that there is no easy way to run an application as a different user, which means you have to bounce back and forth between the Administrator login and your user login. This was a royal pain in the neck in NT and 2K, although in XP it's pretty easy (but not nearly as sweet as it is on MacOS!).
Unfortunately Microsoft has never promoted this configuration as best practice. In fact, they've implicitly discouraged it by making it hard to create a system that separates administrator and user spaces. There is no installation system that takes authentication into account, much less tries to enforce it. And they've actively promoted wide-open systems by shipping them that way by default.
Because Microsoft does not even try to ship systems configured relatively securely it's no surprise that many applications do not operate correctly if installed on a fully secured system. That is unforgivable now that they've had Windows with security out there for eleven years. They should have steadily increased default security to force application vendors to use best practices.
When my daughter's account has to have administration privileges to run her Winnie The Pooh game, it really is not a surprise that there are a lot of these problems. And that is blame we can lay squarely on bad configuration practices promulgated by Microsoft more than any requirement to make the software easy to use.
If Microsoft really were interested in security then the next OS release would ship
jim frost
jimf@frostbytes.com
As I have seen a few times so far, Linux and Windows have traveled different paths in their product life cycles. Microsoft was born out of usability and friendliness. A pretty (to some) GUI with easy to use features (some what) with all the built in functionality you could ever need (and Bill said 640K would be all we'd need...). By lumping so much into an Operating system (which is inheritantly large to begin with - generally) you will definatly find yourself facing issues of Security.
Linux is different. Linux started out with a security mindset. Make it secure and let people figure out how to make it work. So with that as its roots, it was able to grow from there, and that focus on security is still there.
There is also a different community feeling with Linux as opposed to Windows. With Linux you have the Kernel changes and OS changes and what not, and that gets released for trail before an official release is made. And there is an avid community that tries out the latest and greatest and bugs are fixed and issues resolved before a release is mad public. That is not to say that there are no bugs and vulnerbilities found later on, but at least a good deal of things can be caught prior to general acceptance and use. On the flip side we have Windows that makes a SP release or an version of the OS avaialable, we download or buy the newest and run it only to find out later there are a couple thousand bugs that have yet to be fixed and we will have to wait 4 months until it is resolved in the next SP release. Or even better, a vulnerability is found, a worm/virus comes out to attack that exploit, MS then releases a patch/hotfix, then we run around trying to figure out which machines have been compromised and fix them.
Linux has come a long way in its usability, which I think is great. And if Microsoft is any clue, I think it is easier to add usability to a secure system then it is to add security to a newbie friendly OS.
That's just my two bits...
Sig? No thanks, I don't smoke.
Comment removed based on user account deletion
For your post to be persuasive, you're going to have to reexpress it as an image or series of images which conveys the same argument. Good luck.
Linux, on the other hand, has always been a multi-user system (well, it has since it became an OS, and not Linus's hyper-fast text editor). Because of this, and the unix philosophy in general, you'd have to go out of your way to find software that does not fit into the multi-user system model. Because of this, linux can remain more secure, even when giving it to 'joe user'.
Of course, the problem comes from the same third party vendors who don't get it in windows also not getting it in linux. Hopefully, they will know something about a multi-user system BEFORE bringing their wares to the linux world. Then again, the idiots creating cruft like 'bonzai buddy' will never get it, nor do they care.
back in the (command line) BBS days, our BBS shell had a toggled user var called (appropriately enough) I'm Smart | I'm Stupid--the 'stupid' user got less options, and more verbose help onscreen--i've always thought this was a great solution to the dilemma of how to have a workable system for both experts and newbs--why not create a modern version of this setup that will show/hide information and options, based on the user's S/S preference?
How to acquire French cuisine in four simple steps:
I'm not tense. I'm just terribly, terribly, alert.
With SELinux, it can be setup so that even root can't do anything it wants. Instead, there will be multiple administration accounts, each with particular permissions. The level of granularity is up to the users (or the distros), and with some experience, you'll see some pretty user-friendly installations with SELinux running (FC2 is coming up)
We'll soon be able to run apache securely, even with a gaping security holes that allow browsers to execute arbitrary code. We'll be able to download code and run it in harmless environments where privilege escalation is impossible and the bounds for operation are clearly set. And this will be the default setup for every linux user.
The radical sect of Islam would either see you dead or "reverted" to Islam.
It seems kindof odd that a computer super expert would be able to discuss usability issues with any sort of authority. The simple fact thay they know computer systems so well makes them prejudicial to being human interaction specialists.
- A lot of viruses exploit flaws in OS/application code, usually C/C++. These flaws are completely unrelated to usability issues, so increasing usability does not require these flaws to become more common.
- All other viruses are actually *caused* by usability *flaws*. This includes those viruses that come as
.pif or .zip files, and spyware that installs itself by instructing users to click "yes" on IE warning dialogs. The problem is not that users are stupid, the problem is that usability is bad. Truly usable software would always inform the user of the consequences of their actions in a way the user can understand, and not allow various ways of "tricking" the user into running something dangerous. Fixing these flaws increases usability and security.
- Bad usability can cause security breaches in other ways: users can be unaware that they just shared their entire hard drive to the Internet with write access, or that there is hidden information inside Word documents, or things like that. Usable software always informs the user of the consequences of their actions. Increasing usability increases user awareness of security issues.
- Increasing usability can increase code complexity, which means that there will be more bugs. However, the security problems fixed by the increased usability outweigh this, especially when safe languages are used so that code execution bugs aren't a possibility.
Usability is not the problem. Bloated, complex code in unsafe languages is the problem. The two are not necessarily associated. Increased usability increases security due to increased user awareness of security issues.main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
That's ill reasoning: "Windows is more usable, windows is less secure, thus usability means insecurity".
What really happens is that the lack of usability in Linux is the main cause of insecure setups.
I am sure most of you guys can manage the thousands of setup options and configuration files Linux has.
Not me. And not some other thousands of users.
As I occasionally use Linux, I have to rely on the default setup most of the times for most of the programs. But what happens when you need to change the default setup? Yo crawl through lines and lines of text till you find the f**ing line that changes the f**ing option you need to change. Before this, you have changed a dozen of some other options you are not really sure what are there for, just to try...
So, my conclusion is:
- Security problems in Windows are caused mainly by bad design.
- Security problems in Linux are caused mainly by bad usability.
As others have mentioned, user level security is part of usability.
However, there are differences between ground up security and added-on as afterthought security.
Windows' prime security and usability flaw is that every user insists on running as root (with admin privileges). Security Check: Walk up to any computer in your building. Open a command-line interface. Go to filesystem root. Issue command that tells computer to delete everything. If it does it, then it is not being used securely - regardless of whether it could be used securely.
Windows' admins get proud of some pretty strange stuff. For example, they don't like the idea of having computers on all the time and really like people to turn off their computers at night. Why, do you ask? One reason that was explained to me by Windows proponent was that all those switched-off computers were invulnerable to hacking/virus/attack. I responded to this argument by saying that my stapler didn't get viruses, but it didn't do email very well even so.
Best security is simplest security. The more your O/S CAN do, the more it might be persuaded to do. If you want to discuss apples and oranges, we can compare W2K security with Linux router. Both are difficult to hack, but the latter is much more difficult. As Linux gets more and more market share, there are going to be more security hits, viruses, worms, and whatnot. Not doing Linux because this is true is like not doing email because you might get (will get) spam. We're grownups. We can do arithmetic. What gives me the most functionality for the least price, balanced against risk? Linux, period.
Usability in its purest form means that the user has to jump through the fewest number of hoops possible in order to achieve their goals. Your programs can have streamlined menus, clear text, obvious buttons and intuitive guides and shortcuts without compromising security. Only in the case of default system settings do you see a conflict.
I would argue that certain things shouldn't work out of the box. Items such as your internet connection, terminal services (remote desktop), drive formatting (outside of the initial installation), and basically any other stuff that could kill your machine in a hurry should require a single additional step each in order to activate them.
Instead of enabling security holes the size of Texas by default, these items should have prominent, easy to follow displays which show you how to enable/disable and configure them (and perhaps a sentence on why it is disabled by default). When you click on them for the first time you should get a "set this up" wizard. You should also have the option of skipping the "wizard" style settings tool and go right a well designed advanced tool for those who know exactly what to change.
By making the act of enabling devices/services intuitive you are contributing to ease of use without sacrificing security. You are also promoting a sense of caution. If I need to take an extra step to turn something on, there is probably a reason for it. It also gets me used to how the system works and when there is a problem in the future, I'll have had the initial experience to help me resolve it.
That's my 2 cents worth at least.
--KS
I can probably answer this - the main advantage to a GUI is ease of learning what to do without reading a manual. I don't know if you ever read some of the old DOS manuals, but they were written in a way that my Dad or Grandma would never be able to figure out what to do, so they'd try the hunt and peck method.
/lib/help: Permission denied
for instance...
Dad sits down to a computer for the first time ever and see this:
#linux>
In his head - What is the first thing to do? Maybe type a sentence?
#linux>Show me what you do.
Show: command not found
#linux>What the heck does that mean?
What: command not found
Hmm - looks like the first word I type does something. I should try help
#linux> help
#linux> linux
linux: Command not found
At this point, dad tries to read the manual, but it's all so much techno-gibberish that he is lost by the third page. He smashes monitor with his typewriter.
Icons:
Dad starts computer and sees a screen with three pictures and a menu bar with Start on it. He clicks Start, and some more pictures appear. He selects one of the pictures from the menu and it starts the program. He tries to click a picture on the Desktop and it does nothing. He's not really sure what to do with those, but he can run them from the Start menu, so he ignores them.
So what did we learn from this?
GUIs have multiple solutions to the same task while CLIs usually don't (aliases break this slightly, but require being a little less noob)
CLIs require directions to learn at least the basics, and often those directions aren't easy enough to understand for the computer illiterate.
GUIs facilitate learning by showing the options, where with CLIs you need to find the options, and then usually the options for the options.
CLIs have a lot of configurability that GUIs have, but not ease of learning. Even once learned, the options need to be remembered, where a GUI will put them all in front of you if done correctly, although it has a tendency to get buried in submenus (like Preferences).
As far as I can tell, there is no word in everyday English that means 'being unable to speak the local language'.
This is quite a common occurance nowdays. Hop on a plane and within a few hours you can be in a place where you can't speak the local language. But we don't have any word for that condition.
Allow me to propose the new word:
illinguate
from 'illiterate' and 'linguistics'.
You're new here, aren't you?
Super user is a single account that can do everything. (By default, super user is named "root" on *nix and administrator for the NT branch of Windows.) When it goes away, breaking in and causing system-wide changes will be much more difficult by default.
In the meantime, Linux (not having making it easy to install this garbage) is becomming harder to penetrate since the main way to get things running is to force it on to the system or to actually behave and to get it running because the program is actually useful. By the time that Linux is super popular, the benifit of decades of hardening that Unix systems have supported will be even stronger, not weaker.
Under Windows, most of the freeware+spyware apps for Windows are there since Windows doesn't provide a feature.
Linux -- with KDE, Gnome, and Mozilla/Firefox -- often provide most of these creature comforts and it can be argued that there may be too many features (thus the Gnome simplification changes -- if you agree with them or not).
If a need arises for a minor utility, chances are it will be incorporated into KDE/Gnome/Mozilla/Firefox/... elimitating the teaser app that carries the spyware along with it.
If a version of spyware becomes sucessful under Linux, chances are this will annoy enough people that they will change the design of the software (KDE/Gnome/Mozilla...) so that -- like pop-ups in browsers now -- the spyware will become largely ineffective and sterile.
There are no commercial interests to ensure that this type of dammage is ignored. It will be routed around and not just for one specific annoying piece of spyware either; for everything in that class.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Below is the truth, the whole truth and nothing but the truth.
Windows was originally designed as a single-user, game-playing operating system. It had no concept of networking or segmented user space or file permissions, etc. These things, among others, were added on later as the need arose.
Windows was originally marketed to home users who wanted to play games and small businesses who wanted to track a few dozen or perhaps a few hundred accounts/clients.
Today, MS has positioned Windows as an Enterprise class OS. People who grew up playing games on Windows should know that this doesn't make sense.
I used to laugh when looking for patches for an NT4 domain that I administered a few years ago. I'd skip all of the new video (DirectX) enhancements that were constantly avaiable. What did gaming/video drivers have to do with domain controllers?
In short, you can't make something into something it's not... at least not without many problems. MS Windows is a classic example of this.
So what did we learn from this?
That a person on Slashdot can construct a hypothetical situation to support any point of view.
Hmm - looks like the first word I type does something. I should try help
/lib/help: Permission denied
#linux> help
Funny, I type "help" on my linux box and I get:
(There is more, but the lameness filter blocked it...)
So a help system that is incorrectly configured is apparently an example of the horrible usabiity of a command-line UI?
At this point, dad tries to read the manual, but it's all so much techno-gibberish that he is lost by the third page.
Nice bit of hand-waving there. "Darn, I forgot, the manuals might actually have useful information. Well, I'll just pretend that it's too geeky for poor old Dad to read through..."
Jay (=
Windows is not less secure because it is "more user friendly" and linux is not more secure because it can be obtuse and seem l33t-friendly. Windows is still locked into a one-box, one-app, one-user approach to things. And until they change that - and demand some basic network savvy from their average user - windows will never be more secure.
The unices were designed for a networked environment with lots of users with varying degrees of access. Security wasn't as afterthought - it was a prerequisite. As long as they are developed properly, adding some pretty icons, some control panels, even some (shudder) wizards will not make Linux less secure.
And since your pro-MS buddies are horrified by the thought of an open-source system,"open(ing) itself up" to "Joe User", I wonder why you're even taking the argument seriously. Burn them some liveCDs (I'd start with Knoppix, SuSE live-eval and FreeSBIE) and ask them to give those systems a good, hard look.
"In a hierarchy every employee will rise to his level of incompetence". The Peter Principle
As a daily user of all three of the mentioned OS's (OS X, Unix/Linux, 2000/XP) I've encountered the various problems and pitfalls that each have.
Just because on OS is very usable (easy to understand, navigate, etc) does NOT make it more liable to be hacked/trojaned/virused. What makes an OS a target of the "crackers"/script kiddies is how easy it is to bypass or defeat an OS's security system. The real blackhats enjoy a good challenge while the "crackers" and script kiddies want to do as little work as possible; all they are interested in is causing chaos and havoc.
Unfortunately, there are many more "crackers" and script kiddies than there are blackhats. As a result, the OS that's easiest to penetrate will ALWAYS be the one that gets attacked the most.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
That a bunch of Windows admins would so profoundly believe that insecurity is a necessary side effect of usability is simply an indicator of just how ingrained Microsoft's fatalistic view of security is in the windows community.
The problem isn't usability, the problem is Microsoft.
There are already Linux distributions with the usability of Windows that are far more secure. The barrier to Linux acceptance on the desktop is not usability. It's more in areas like organizational inertia, ignorance of the options and the success of Microsoft's FUD campaigns.
______
My friends and roommates who I've moved to Linux haven't had any problems with Linux's usability. It's the ones who haven't been willing to try it that have had problems with being afraid of it's usability. The roomate I have now is quite happy with Linux... I tossed him into it because his windows installation self destructed, and I really wasn't willing to provide support for Windows. He tried Linux 'as a test', and hasn't looked back since.
My first roomate that I tossed into the Linux lion's den ended up with Red Hat 6.1 and Windows 95 dual-boot. He started using Linux mostly beause that's where I always left it, and it generally just wasn't worth it to boot into Windows for most things. By the time he moved out, he'd not only given up on Windows... He'd turned into one of the most avid Linux boosters I've ever known.
Free Software: Like love, it grows best when given away.
Directly from Google Zeitgeist:
==
Operating Systems Used to Access Google
February 2004
Windows 98 23%
Windows XP 46%
Windows 2000 18%
Windows NT 3%
Mac 4%
Windows 95 1%
Linux 1%
Other 4%
==
That's Windows 91% vs Mac 4%
I'm not saying Mac's are more or less secure then Windows, because I have touched a Mac in 12 years.
I am saying that
"Security experts say this state of affairs primarily reflects the Mac's very small share of the personal computer market, which makes it an unattractive target for virus writers looking to spread mayhem."
is hardly a lazy analysis. When there are 22.75 Windows Boxen for every Mac, you can assume that:
Virtually all hackers are familiar with Windows.
As a Windows guy, I haven't had to touch a Mac for years.
That's not the case with Macintosh guys.
A Windows attack would reach 22.75 times the audience as a Macintosh attack.
Further more, Macintosh and Linux users are experienced enough with computers to know what an Operating System is.
These people are experienced enough to download patches, and not open all attachments.
I meet people who don't know what version of Windows they are running. These people cheerfully sign up for Gator(Grrrrrr....), double click attachments, and haven't updated virus definitions since the day they got their computer.
Again, I'm not saying that Windows is more secure, I am saying that it's ubiquity has made it the target to attack.
Sangloth
I'd appreciate any comment with a logical basis...it doesn't even have to agree with me.