When Does Usability Become a Liability? 930
nasteric asks: "I caught myself in the middle of a very interesting discussion last Friday over Krispy Kreme donuts and coffee. The discussion had to do with usability and security. Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack. Needless to say, this became an endless debate between our Microsoft Administrators and our Linux/Unix Administrators that will undoubtedly continue into the morning. Therefore I pose this question to the Slashdot community. Will making Linux more user friendly result in it becoming less secure? Hopefully your expertise will help shed some light on (and bring to and end) our discussion." Does decent usability necessarily imply the presence of vulnerabilities? Macs seem to have this area down pretty well, with little in the way of vulnerabilities. Can Linux software follow the same route?
It's all about the end user (Score:5, Interesting)
Making Linux more user friendly, in my mind, means improving upon the features that revolve around the GUI. The great thing about Linux is how much you can customize it; you can strip away the GUI and have a powerful production-level server environment. This is different from Microsoft products, as the ease of usability encompases the operating system.
Linux is much more "modular", in that you can build exactly what you want; an installation could take up anywhere from a few megs to a few gigs. The security and vulnerability lies in the end user.
oh of course! (Score:3, Interesting)
depends (Score:3, Interesting)
I think linux can be user friendly without all that but with anything the more layers you add to it the complexity and ability to keep it secure will become harder. Not impossible but harder. At least with linux you will know were the problems are instead of having it for 2 years and then finding a patch for it one day.
Yes (Score:5, Interesting)
A "user friendly Linux" (Lindows, anyone?) will have to be very, very careful not to end up down this same path.
"Microsoft Administrators" have no perspective (Score:5, Interesting)
User friendly does NOT imply vulnerable, nor vice versa. I've posted before about building secure systems and securing existing ones. The techniques are, for the most part, well known albeit tedious, though I do anyway. (I even posted a security advisory to BUGTRAQ today...)
As long as the people making Linux user friendly keep security in mind when designing and implementing the new features, there will be no problem.
How about the implementation? (Score:3, Interesting)
End users generally either accept defaults, or install everything they can - regardless of if it's anything they'd ever use. This also means opening all the ports for the applications they install (by default, in Windows). They're simply not experienced enough to appreciate what they do.
My limited experience in Linux (I consider myself a very average user at best) with Red Hat and Fedora distributions is that it opens itself up for whatever I install as well. I often find myself fortunate if I can get 80% of what I install working, so I suppose that's inherantly more secure.
However, I still use 14 character passwords in Windows and Linux. I still set appropriate permissions on files in both Windows and Linux. Vulnerabilities will always exist, regardless of platform. I fail to see how wider use would make the produce less secure, however.
Using Security (Score:5, Interesting)
SELinux (or, hopefully, a similar system with a sane configuration/management interface) can also assist with this by limiting what vulnerabilities can do.
And the interface design itself helps. Microsoft's attempts at usability equate to "do everything automatically." Compare this to GNOME where the design is based not on automation, but on streamlining. I fully believe GNOME is *more* usable than Windows in almost every way, yet it hasn't the security problems as apps don't try to auto-run executables from untrusted sources, embed scripting languages with system-modification abilities, etc.
In truth, the interface can be designed such that it makes using security easier, vs hiding security away.
Same route as Macs (Score:1, Interesting)
Sure. Just keep your market share at 3% or less and few people will bother to write viruses and worms to take advantage of your vulnerabilities.
Take 10 jumps on Windows : 0.9^10 ~= 35% chance of getting 10 Windows machines in a row that might be vulnerable (assuming they haven't patched, and there has always been a patch for any of these widespread worms).
Mac: 0.03^10 ~= 6*10^-14%. Linux: 0.01^10 ~= 1*10^-18%.
I wonder why there are more Windows exploits. Hmm.
Macs are also closed source for most of their stuff - think that would work for Linux? Going closed source?
Apple doesn't think so (Score:5, Interesting)
One nice trick Apple discovered is to have the users be non-root, yet still administrative. (Did you hear that, Lindows?) They did this by creating tools that run as root, but which require authentication to run. For example, a mortal user who is an administator can't trash the whole filesystem by dragging and dropping important items, because they are not root. But they can run Software Update, an application for downloading patches, by supplying a username and password.
On Linux you can add users to the group "wheel" and make them sudoers with much the same effect.
Apple also made many important directories like /etc invisible from within the GUI, which I think is a great idea as long as power users can turn it off.
Seems easy and secure to me...
Re:What you need to do (Score:4, Interesting)
User friendly == blunter instruments (Score:2, Interesting)
Consider netfilter/iptables... Understanding how to really secure your system from this particular perspective requires a bit of study. Sure, you can paint relatively broad strokes and secure your system with a few clicks for a large majority of cases. But not knowing how the configuration files ended up being written means not knowing to what you are actually vunerable as a result of making a few simplistic choices.
Unfortunately, the Peter Principle often applies to home computer ownership, too.
Re:Maybe... Need more sandboxes/restricted userids (Score:5, Interesting)
Nope. Any system that doesn't allow the user to do whatever they want to do is going to is not user friendly. We've got two somewhat paradoxical concepts here.
Users will always want to be runing at root at all times. Some won't grasp the security implications until it's too late.
Maybe (Score:3, Interesting)
I think it would be better to educate the users than to dummy-down the OS. Education needent be difficult. Documentation is key to understanding. If the user can't/won't read the docs....then it's all their problem, but if the docs are there, and they're clear and concise, and he reads them and can use them. Then you have a good system.
End users like "Joe Sixpack" don't want to have to type things like mount
Take Microsoft's lead. They spent an enormous amount of time, money, and effort making the systems useable and simple. Apple did the same (albeit on a slightly different track). Linux can too. Just because someone makes Linux (as a whole) easier for Joe to use doesn't mean that security will go out the window. It just means that there's more that needs to be thought about before implimentation.
And that's why there's the "maybe."
If usability means all powerful scripting (Score:2, Interesting)
If HTML email can still be turned off in Linux (like all the email programs in Linux do) then not only can't spammers run trojans but they don't know if I look at their creative efforts.
Port exploits will remain a problem in both Windows and Linux. Patches are issued for both on a somewhat regular basis.
Presumably Gator and other spyware would need to be rewritten for Linux and packaged as RPM's to be installed by Joe User based on his version of Linux. Somehow I suspect that it would be less frequent when installation is not a thoughtless act of clicking a box.
Re:Wha? (Score:5, Interesting)
Tracy Hickman (of Dragonlance fame.) has professed to using a "help you write" tool. Despite using what ammounts to a novel-wizard, his last four or five books were all NYT best-sellers. And he probably wrote the manuscripts in a GUI environment.
As for the CLI itself--it's not that CLIs can't be user-friendly, it's that they simply aren't. A user-friendly, intuitive command line would:
* Have plain-language redirects to all commands (swipe some code from a twenty-year old Command-line game if you must!)
* Have a help-file that's intuitively found and starts with the basics--file maniuplation, directory navigation, et al.
* Give immediate and clear feedback that something is working.
Re:Wha? (Score:5, Interesting)
It depends. The command line can be quite user friendly.
copy a b
That's a fairly easy way to understand how to copy a file in dos. But in the gui world, a person has to remember to right click and say copy (or ctrl+c) and then right click on the destination and say paste (or ctrl+v). Or remember that if dragging files between folders not on the same drive, the file is copied by default but if dragging between folders on the same drive move is the default in windows. KDE does this better, always asking the user what to do with files drug from one location to another.
As far as your example goes, it really depends on the os. In my copy example above, linux would have the user us cp. Well, how does the user know that? If the os let a person say:
burn song.wav to cd1 as audio-cd
burn all songs in c:\mp3 to cd1 as data-cd
that would be pretty easy and friendly. But no os does that AFAIK. No reason you couldn't make a bash alias to do that and then it would be easy for people.
On the other hand, I just found a really handy little program called sequoiaview that gives you a visual representation of how much space your files and folders occupy on a drive or network share. There's no way a command line utility could convey the amount of information in the sequoiaview window in as easy a fashion.
The thing to remember is that usability is Hard. Very Hard. But it isn't the medium that's restrictive, it's the capabilities of the person creating the interface.
Re:Mac Security (Score:5, Interesting)
This means that yes, a trojan horse could run, and yes, it could keep running until the user logs out, and maybe even add a login item on a per-user basis, but it can't install anything into the system that runs at startup unless the user explicitly enters a password to say that "yes, I really expected this to be installing something". This simple authentication requirement would have prevented 99% of what has made Windows viruses so virulent.
In fact, the best form of user-friendly security basically amounts to having a bunch of policies for things that shouldn't generally happen, then shouting at the user and asking if you really want to do that. This concept has been popping up repeatedly on the Mac platform ever since the classic "GateKeeper" virus checker extension. I remember saying that I wanted to see an OS do exactly this sort of sanity checking (don't let an application modify the OS without user permission) back when I was still in elementary school (mid-eighties).
So here's what I don't get.... If this was obvious to me at about age 10, what does that say about companies that still haven't figured out how to implement such a basic security measure? And why would anyone in his/her right mind use an OS like Windows whose security policies haven't caught up to what seemed obvious to a 10-year-old kid almost 20 years ago?
For shame.
Re:Wha? (Score:4, Interesting)
I agree, but not with your inference. You suppose that a computer language does not have this property, but as it is produced by the human brain without constraints upon it, surely it is an even purer reflection of the human brain's inherent language ability (however much it is inherent). There might have been constraints in the old days, but have you tried Python yet?
More on-topic however, I agree with the original poster but for not for his reasons. The picture / point-and-click approach is more of a use-base method rather than one based on underlying theory.*
The danger with this is you get people who do things by the step-by-step book instead of through a true understanding. Like how a mechanic used to have a good grasp of how an engine worked and nowadays tends to just follow the official process.
*Doesn't have to be, but it is.**
**My gods, I'm using footnotes in a
Re:Windows isn't less secure (Score:1, Interesting)
I remember one time on IRC telling someone to do a "/exec -o rm -rf". He didn't even ask. He just did it. The people who usually install linux are trying to learn a *nix and thus, commit a lot of errors.
"Unix Admins would..." Apples and Oranges. Don't compare users to admins. Stupid.
Re:Wha? (Score:2, Interesting)
If you were to teach a child to communicate through computer languages from the beginning, it'd be just as natural as the so called "natural" language. Look at the huge difference in languages throughout the world. English could be considered as different from Japanese as English to Perl. Okay, bad example, but my point being that they seem natural because they're imprinted to our brains at an early age. While using language to communicate may be instinctual, the language we actually use is not, it is learned.
This is offtopic a bit, but... (Score:1, Interesting)
So when we move to more fuzzy based computing systems and we get people programming simple-to-moderate automation tasks based on speech recognition algorithms, image representation computer languages, and feedback loop based "AI" that interprets our spoken and visually represented commands, does that mean our computer systems become less "stable" even though they are ultimately based on the mathematical flip-flopping of 1's and 0's?
Big difference..... (Score:2, Interesting)
I'm not defending Microsoft at all. Windows has many problems that need to be fixed. The best example is root access for users. The problem stems from Window's "root" (I made a funny) which is DOS, a single user OS. Linux on the other hand from the beginning was a multiuser OS. The problem I now see is that people are trying to make Linux too easy (ie. Lindows). This sounds good on the surface but I fear Linux is moving to the single user model on the desktop.
The best thing Microsoft can do now is to start with a new codebase.
Re:Wha? (Score:5, Interesting)
Talk about an asinine knee-jerk reaction!
The whole point of bringing up OS X was as a proof-of-concept that the sort of user-friendliness which Linux is moving towards does not automatically mean weak security. It has nothing to do with flame-wars, and everything to do to paying attention to what others in the industry are doing. (Something everybody should do, unless they want to lose in the long run.)
let me add to the discussion... Windows and Linux admins in the same organization? What organization is this?!
Damn near every Linux-centric organization I've ever been a part of, for a start. If you are a software company, you are going to have customers on Windows. If you are going to support those customers at all, you need to make your shit work in a Windows environment, which means maintaining a Windows environment.
Mixed environments are the norm, not the rule. A lot of companies even have a few Novell systems lying around doing stuff. Show me a "pure" Linux shop, or a "pure" Windows shop, and I'll show you an IS department run by a raging platform bigot.
Why do people think that the command line is *not* "user friendly"?
The command line is extremely user friendly. Having to remember the names and locations of dozens of config files in order to perform basic upkeep and maintenance of your server is not. I don't know about you, but I need to crack a book open to remind myself how to add a virtual host to my Apache web server each time I do it. If I was constantly editing the httpd.cnfg file (or whatever the hell it is), I wouldn't need to look it up every few months just to remember all the lines that need to be changed, but since it's only an occational change, a GUI front-end that held my hand through the process would not be entirely unwelcome. Granted, a badly designed GUI tool which lacked the flexibility I expect from raw config file edits would be ignored, but do it right and I would never need to open that file in vi again. That's what people mean when they say "user friendly."
Re:Absolutely Inevitable. (Score:4, Interesting)
To quote a musician I know... "I'm an amateur. I don't need to practice."
The only difference in quality of output between a lot of amateur musicians and a lot of professional musicians is the amount of practice. With more practice a musician makes fewer mistakes and can repeat the same music more consistently every time.
One pottery class I heard about divided the class into two groups. One group was given the job of making just one pot in a semester, but it had to be "perfect". They spent the entire time studying and preparing for that one pot. The other group was told not to worry about quality but to make as many pots as they could. Each group would be graded differently. At the end of the semester the group that made one pot each had made their pot, and the group that made as many as they could had made a lot of pots. The pots made by the people who were aiming for quality were consistently bad. They had made mistakes in their pot making, come across issues that they hadn't encountered in their research and so on. The other group had a range of pots. Their first pots were awful. Their final pots were excellent. They had learned from their mistakes throughout the course and had continually experimented with different firing temperatures, glazes, and so on.
So, what am I trying to say here? The professional who doesn't practice is not going to be any better than the amateur who works hard at it his art. I've been involved in printing from an amateur stand point and I would be confident enough with some (but not all) of the "home-brew print jobs" that I have done that I would quite happily pass them to a pro with no expectation that they "squeem" in pain. Some talented amateurs will always be better than untalented pros, the best output from untalented amateurs will beat the worst output from untalented pros and vice versa. Talented pros and talented amateurs will both produce good and bad work, but the best work of both will be on a par.
Z.
p.s. I used an 1854 Albion letter press for fine press printing. I can set type by hand using a case of type and a compositors wand, I can ink and run the (hand) press well, but I can't prepare the paper. My father (the owner of the press) can prepare the paper, and is better at page layout and adjusting the form. We both have our strengths and weaknesses but for rank amateurs our "home-brew print jobs" have done remarkably well. I also have a degree in Applied Physics and another in Software Technology, I am definitely no more than an amateur printer.
Need some standards here (Score:1, Interesting)
rm -r
Are you sure?
this message would basically be the indication that you're doing something that's going to modify how the system works. Now, for software installs, the software install needs to be able to check all of the operations it's going to do, and ask the "are you sure?" question if anything needs root access. Standardize these two things, and Linux for the average person will be happy.
As far as services, etc, go, leave it the way Linux does it - it's the right way! Don't turn anything on until it's needed. Yeah, Joe Luser is gonna whine that he has to try something and fail because the service isn't turned on, but it's better than having to unplug your machine from the network jack because you can't figure out which useless service is letting intruders in.
Honestly, most users would learn a bit by using a typewriter, a calculator, and some pigeons in place of their computer anyway. Although, they're probably the same users that need a CERT advisory to keep them from jamming the typewriter by placing badly-folded recieved papers from the pigeons. (mental image: a malicious raver-lookin' dude making michevious faces while folding paper and attaching the sheets to pigeon's legs)
Re:Guess what (Score:5, Interesting)
Why is this modded as insightful? Anybody who knows how to run something as root (and how to do it) would know how to look at the script and decide what it's doing. It's not like OS X has a "Run as Root" button on the toolbar or anything.
Yes, people can do stupid things. But if you sent that to your average OS X non-power-user, they would do absolutely no damage whatsoever, no matter how much they tried.
Re:Wha? (Score:5, Interesting)
Easy to whom? (Score:1, Interesting)
However, you CAN have both zones minned out.
In the case of Linux, the security is very high, and the ease of use is middling. It seems reasonable that Linux could still make SOME progress in the ease-of-use area before it starts sacrificing security. And, if Microsoft is to be prevented from owning the entire industry, Linux better get cracking.
However, making it easy-to-use for technicians is different than making it easy-to-use for the hoi polloi. Non-techies will demand a degree of ease-of-use which necessarily sacrifices much (if not all) of security, largely because of their lack of technical education.
I propose that such people be given souped-up playstations, and that real computers for real mission-critical systems be maintained by the educated geeks who appreciate the robustness of secure systems.
But thats just me.
Security needs to be usable (Score:2, Interesting)
There are plenty of other examples where making software more usable can make it more secure. I've used PGP before, which most of the time, is a pain in the ass, since I have to run all kinds of separate programs to generate keys and encrypt my text which I then have to paste into my mail program (yeah, I know, some have it built in, but mine doesn't [and yes, I know, you can get a hack to get Mail.app to use GPG, but it uses undocumented API's that are subject to change with each release of the OS]), and then do a similar amount of work when receiving mail. Apple's Mail can use X.509 certificates for S/MIME, which is pretty easy to use, although getting a key is somewhat difficult and undocumented. When I was working for a company which used Lotus Notes, however, signing and encryption were incredibly easy; in fact, your emails were signed and encrypted without you even knowing it, if they were sent to other Notes users on the same network. Now, Notes had problems of it's own, but that's the way security should work; it should be completely transparent to the user, so the user can work securely without having to worry about it.
The real danger with usability is making some of the software usable, while making the security features hard to use. This is the problem with Windows. On Windows, it is really easy to run an executable, but fairly difficult to tell that you're running an executable. On Linux, you don't have this problem because it's hard to run an executable, but it would be equally secure if you could easily run an executable, as long as it was clear that you were running an untrusted executable. For one thing, both Windows and the Mac need to do away with this file extension hiding business. If you can easily name an application Foo.mp3.exe and hide the .exe part (or Foo.mp3.app on the Mac), then it will always be difficult for users to tell that it is an executable, not an mp3 file. In fact, when double clicking on an application for the first time, the operating system should probably display a warning dialog saying that the application may be untrusted. This wouldn't effect most apps that people use, since they would only see that once, and then the operating system would remember that that app had been run. But it would make sure that if someone is double clicking a file that they didn't expect to be an application they would be warned, and would have the option of canceling that operation.
Usability is not vulnerability (Score:4, Interesting)
"Warning: Setting Up a SendMail Daemon without checking for security patches may risk increasing the world supply of electronic Junk Mail (SPAM). Perform check for securely signed patches (Default: Yes)? Use Default trusted patch Server patchserver.ThisLinuxVendor.com (Default: Yes)?"
Of course, increasing accessibility also increases accessibility to potential shoot-yourself-in-the-foot things like filesharing. Right now, Security through Obscurity usually protects Aunt Tillie from setting up a SMB share of her entire hard drive. On the other hand, if she does do it somehow, she'll never figure out that her DSL is slow because she's been turned into the leading WAREZ distro for Podunk. Security through Obscurity is generally considered harmful-- but it is Security. Good interfaces can be designed to provide the users with warnings to educate them as to hazards, while letting them shoot themselves in the foot if they really, really want to.
Now, if you talk about increasing the functionality, so the Linux users can do things like install spyware, or DirectX components to reformat their hard drive, then yes, that's likely to decrease security.
Re:Wha? (Score:3, Interesting)
Says who? A lot of GUIs are not end-user friendly either. Just because some CLI programs require the user to know arcane options does not mean that the CLI itself is broken. In fact, there is anecdotal evidence [osnews.com] to suggest that the command line is easier to learn for people who have never used computers before.
Come on, you have to do more than click an icon. At the very least, you have to select which files you want to burn from a list. More likely, you drag and drop the files you want to burn. That's easy for you, but not necessarily intuitive to someone who's never used a mouse before. With a CLI, a you at least have the option to write a script. Aunt Tillie might find it easier to type "burn file1.wav" than figure out which mouse button to press, and which icons to drag where.
opinion (Score:3, Interesting)
Adding easy usability is not a direct cause of poor security, rather, an indirect cause. Increasing usability usually means pre-configuring options and features for the user. As Microsoft has learned with XP-SP2, the defaults are a big part of it.
It's difficult to imagine all of the permutations of configuration a user might do, while believing it to be secure, and then to code that to configure everything the way they want, and to keep it secure at the same time. However, if you're going to expose these abilities to the user through a simple user interface, difficult or not, you have to plan for it.
When there is no UI, the documentation is the authority on whether the user is secure or not. The user has to follow the directions, config themselves, and if they mess up, it's their fault. Creating simple UIs to do this for the user means you are expecting them to do more while reading less documentation.
This does not make the user more liable for his stupidity, instead it makes the programmer more liable for the security.
The moral is: Don't add the UI unless you've considered all of the possible configuration and security side effects and you're willing to deal with them. It can be as simple as error messages that explain to the user that certain combinations of choices creates an insecure condition and a suggestion to RTFM before continuing. That puts the liability back on the user.
Another viewpoint is that adding easy UIs to a program that previously had none should make it more secure - because the UI provides the opportunity to proactively warn the user before they do something stupid. It's up to the programmer to take advantage of that opportunity. Having only a binary, documention, and config files means the user must be proactive and read the docs.
Bottom line: The UI can't possibly create more security vulnerabilities than no UI whatsoever already afforded the user. The only way it does that is by encouraging a clueless user to touch something they wouldn't otherwise touch. And that's a conscious desicion the programmer made and didn't bother to plan for in the form of security warnings attached to bad configuration choice events.
Windows is a victim of it's own simplicity. Microsoft can only combat this with better default settings, better UIs with more knowledge being passed to the user, and lots and lots of security patches.
You can have ease of use as well as security (Score:3, Interesting)
As a result anything that wants to break down security has no barriers to it beyond whatever the application provides. That is insane.
You can vastly improve security by separating these spaces, making applications run in the user spaces as much as possible, and requiring authentication to bridge the spaces.
UNIXen have done this for decades. You might argue that "UNIX is hard to use." That has generally been the case, but not universally. MacOS X does a pretty good job of providing a smooth interface on top of UNIX and does so without breaking down the UNIX security structure. Users do not run applications in privileged mode without authentication, for instance. If you want to install new capabilities, you must authenticate to do it. Thus it is difficult for viruses and malware to insinuate themselves.
If the application and OS data is not writable by normal users, and they must somehow authenticate to get write privileges, viruses have a much harder time propagating.
It is for this reason that more and more UNIX software that used to run in the old days (e.g. ftp) now runs as an unprivileged user now. You can break in through flaws in the application, perhaps, but the damage you can do is limited. This was a good security practice that became mainstream back in the 1980s.
Getting back to "user friendly" systems, the Mac is not even the best example of a nice user-friendly UNIX box. I'd argue that some of the network appliances are much better at it. I had a Cobalt box, for instance, that had a fine point-and-click web interface to UNIX system management. It was really easy to use; you didn't have to know squat about UNIX, or even that the box was running UNIX. And it required authentication for every change request. This was mediated by the browser so it wasn't even noticed by the user.
Or just look at the Tivo. Is Tivo easy to use? Oh yea. How many security problems have you heard of with Tivo boxes? None, because getting unauthorized software onto that box is a bitch. Hmm. Maybe it's possible to be both easy to use and very secure.
I note that you can set up a Windows box to be pretty secure if you want to. I used to do it as a matter of course. The problem with doing that is that there is no easy way to run an application as a different user, which means you have to bounce back and forth between the Administrator login and your user login. This was a royal pain in the neck in NT and 2K, although in XP it's pretty easy (but not nearly as sweet as it is on MacOS!).
Unfortunately Microsoft has never promoted this configuration as best practice. In fact, they've implicitly discouraged it by making it hard to create a system that separates administrator and user spaces. There is no installation system that takes authentication into account, much less tries to enforce it. And they've actively promoted wide-open systems by shipping them that way by default.
Because Microsoft does not even try to ship systems configured relatively securely it's no surprise that many applications do not operate correctly if installed on a fully secured system. That is unforgivable now that they've had Windows with security out there for eleven years. They should have steadily increased default security to force application vendors to use best practices.
When my daughter's account has to have administration privileges to run her Winnie The Pooh game, it really is not a surprise that there are a lot of these problems. And that is blame we can lay squarely on bad configuration practices promulgated by Microsoft more than any requirement to make the software easy to use.
If Microsoft really were interested in security then the next OS release would ship
Different Starting Paths (Score:2, Interesting)
Linux is different. Linux started out with a security mindset. Make it secure and let people figure out how to make it work. So with that as its roots, it was able to grow from there, and that focus on security is still there.
There is also a different community feeling with Linux as opposed to Windows. With Linux you have the Kernel changes and OS changes and what not, and that gets released for trail before an official release is made. And there is an avid community that tries out the latest and greatest and bugs are fixed and issues resolved before a release is mad public. That is not to say that there are no bugs and vulnerbilities found later on, but at least a good deal of things can be caught prior to general acceptance and use. On the flip side we have Windows that makes a SP release or an version of the OS avaialable, we download or buy the newest and run it only to find out later there are a couple thousand bugs that have yet to be fixed and we will have to wait 4 months until it is resolved in the next SP release. Or even better, a vulnerability is found, a worm/virus comes out to attack that exploit, MS then releases a patch/hotfix, then we run around trying to figure out which machines have been compromised and fix them.
Linux has come a long way in its usability, which I think is great. And if Microsoft is any clue, I think it is easier to add usability to a secure system then it is to add security to a newbie friendly OS.
That's just my two bits...
Re:What you need to do (Score:2, Interesting)
Strictly speaking, this has little to do with Fedora per se. It has been a property of the REDHATisation of software. All the default software under RedHat 9.0 is labelled as the task it performs -- "Movie Player", "Instant Messenger", "Web Browser" etc. Fedora picks up where RedHat left off.
Take a look at the bigger picture. Gaim is an instant messenger. It wasnt always the default instant messenger on RedHat (now called Fedora), and perhaps may not be the default instant messenger on this distro forever. The task of instant messaging however, persists.
This is essentially an issue of nomenclature -- specifically the choice of naming against the task vs naming against the product. i believe that the former is more logical but i am also partial to naming schemes in the [product_name]--[task_name] format. Examples from my Windows parition (coz thats what im currently running) "Kerio Personal Firewall", "LANguard Network Security Scanner" etc.
Special cases, such as typical MS naming schemes, which use the task name as the product name, tend to cause confusion in their own way. But thats a discussion for another day.
Disclaimer: i run Debian and RedHat 9.0 (waiting for FC2) and i find that the RedHat shortcut naming conventions are better than Debian's defaults (which essentially has no customisation).
Re:Wha? (Score:5, Interesting)
Apparently, the lead engineer is quoted as saying "a word is worth a thousand pictures" when it comes to GUI design.
Re:Command Lines Different kind of Learning (Score:2, Interesting)
So? Typing "copy file1.txt file2.txt" is a lot easier to learn than double-clicking My Computer, then double-clicking each directory in the hierarchy until you get to the right one, then right-clicking on file1, selecting Copy, then right-clicking the directory name, clicking Paste, then entering file2.txt. Contrived examples do not prove either point.
SELinux to make Linux even better (Score:4, Interesting)
We'll soon be able to run apache securely, even with a gaping security holes that allow browsers to execute arbitrary code. We'll be able to download code and run it in harmless environments where privilege escalation is impossible and the bounds for operation are clearly set. And this will be the default setup for every linux user.
Re:Wha? (Score:5, Interesting)
a. To know that there is a `man' command
b. To know which command to even bother looking up.
Then expecting a n00b to dicipher a man page is a leap. I also have never seen an icon or have I even seen anyone make a shortcut to the "format c:
Also, you imply there are 'wrong' choices, when in fact, there is not really a 'wrong' choice per se, just not the specific function you're looking for. If this is the case, you choose one of the other choices and move forward. Now you know what that other function does for when you do need it and have also completed what you set out to do. Not likely to get the same quick understanding on cl.
The main benefit of a gui is the flattening of the learning curve. It is not as efficient as knowing exactly what you want to do at the cl - this is true, but gets you to a point to where you can be somewhat productive. Obviously being adept at the cl will make you more efficient.
Actually it's the opposite. Usability = Security (Score:2, Interesting)
What really happens is that the lack of usability in Linux is the main cause of insecure setups.
I am sure most of you guys can manage the thousands of setup options and configuration files Linux has.
Not me. And not some other thousands of users.
As I occasionally use Linux, I have to rely on the default setup most of the times for most of the programs. But what happens when you need to change the default setup? Yo crawl through lines and lines of text till you find the f**ing line that changes the f**ing option you need to change. Before this, you have changed a dozen of some other options you are not really sure what are there for, just to try...
So, my conclusion is:
- Security problems in Windows are caused mainly by bad design.
- Security problems in Linux are caused mainly by bad usability.
Security vs Usability (Score:2, Interesting)
As others have mentioned, user level security is part of usability.
However, there are differences between ground up security and added-on as afterthought security.
Windows' prime security and usability flaw is that every user insists on running as root (with admin privileges). Security Check: Walk up to any computer in your building. Open a command-line interface. Go to filesystem root. Issue command that tells computer to delete everything. If it does it, then it is not being used securely - regardless of whether it could be used securely.
Windows' admins get proud of some pretty strange stuff. For example, they don't like the idea of having computers on all the time and really like people to turn off their computers at night. Why, do you ask? One reason that was explained to me by Windows proponent was that all those switched-off computers were invulnerable to hacking/virus/attack. I responded to this argument by saying that my stapler didn't get viruses, but it didn't do email very well even so.
Best security is simplest security. The more your O/S CAN do, the more it might be persuaded to do. If you want to discuss apples and oranges, we can compare W2K security with Linux router. Both are difficult to hack, but the latter is much more difficult. As Linux gets more and more market share, there are going to be more security hits, viruses, worms, and whatnot. Not doing Linux because this is true is like not doing email because you might get (will get) spam. We're grownups. We can do arithmetic. What gives me the most functionality for the least price, balanced against risk? Linux, period.
Re:Wha? (Score:3, Interesting)
Of course in the Microsoft multiple choice test, every single question has the option "E. None of the Above". And I can tell you, (because I had a teacher that did it once) that if you give students a multiple choice test where the correct answer to almost every question is "none of the above", 90% of them will score worse than they would on a short answer test with the same questions.
Re:This depends on what you define as ease of use. (Score:4, Interesting)
for instance...
Dad sits down to a computer for the first time ever and see this:
#linux>
In his head - What is the first thing to do? Maybe type a sentence?
#linux>Show me what you do.
Show: command not found
#linux>What the heck does that mean?
What: command not found
Hmm - looks like the first word I type does something. I should try help
#linux> help
#linux> linux
linux: Command not found
At this point, dad tries to read the manual, but it's all so much techno-gibberish that he is lost by the third page. He smashes monitor with his typewriter.
Icons:
Dad starts computer and sees a screen with three pictures and a menu bar with Start on it. He clicks Start, and some more pictures appear. He selects one of the pictures from the menu and it starts the program. He tries to click a picture on the Desktop and it does nothing. He's not really sure what to do with those, but he can run them from the Start menu, so he ignores them.
So what did we learn from this?
GUIs have multiple solutions to the same task while CLIs usually don't (aliases break this slightly, but require being a little less noob)
CLIs require directions to learn at least the basics, and often those directions aren't easy enough to understand for the computer illiterate.
GUIs facilitate learning by showing the options, where with CLIs you need to find the options, and then usually the options for the options.
CLIs have a lot of configurability that GUIs have, but not ease of learning. Even once learned, the options need to be remembered, where a GUI will put them all in front of you if done correctly, although it has a tendency to get buried in submenus (like Preferences).
Re:If Usability implies vunerability... (Score:3, Interesting)
The Wall Street Journal offered the usual explanation for why Mac had fewer malicious programs:
"Security experts say this state of affairs primarily reflects the Mac's very small share of the personal computer market, which makes it an unattractive target for virus writers looking to spread mayhem."
(quoted from "Apple Computer Probes Report of Music-File Virus" [wsj.com] -- note the headline says "virus" not "trojan")
I think that's the lazy analysis. The primary reason is because Mac OS X is much better organized and configured by default. However, it's hard to explain that to your readership without sacrificing credibility. They don't want the Windows crowd to think they're Apple zealots. Journalists don't even care what the real deal is; they just write whatever people expect and believe.
"Security experts say..." is just code for "This journalist figured..."
No word in English (Score:5, Interesting)
As far as I can tell, there is no word in everyday English that means 'being unable to speak the local language'.
This is quite a common occurance nowdays. Hop on a plane and within a few hours you can be in a place where you can't speak the local language. But we don't have any word for that condition.
Allow me to propose the new word:
illinguate
from 'illiterate' and 'linguistics'.
Re:Wha? (Score:3, Interesting)
The point is, the metaphor can be pushed too far. To me, it's clearly easier to just have to OS ask "Copy, Move or Link?" when I drag an icon. This also has the advantage that the computer is not doing what it assumes I want to do; it is doing what I tell it to do.
(don't get me wrong, I really like when a program can guess what I want it to do, but only if it is right most of the time...)
Nope: root is going away, protocol hardening, ... (Score:3, Interesting)
Super user is a single account that can do everything. (By default, super user is named "root" on *nix and administrator for the NT branch of Windows.) When it goes away, breaking in and causing system-wide changes will be much more difficult by default.
In the meantime, Linux (not having making it easy to install this garbage) is becomming harder to penetrate since the main way to get things running is to force it on to the system or to actually behave and to get it running because the program is actually useful. By the time that Linux is super popular, the benifit of decades of hardening that Unix systems have supported will be even stronger, not weaker.
Under Windows, most of the freeware+spyware apps for Windows are there since Windows doesn't provide a feature.
Linux -- with KDE, Gnome, and Mozilla/Firefox -- often provide most of these creature comforts and it can be argued that there may be too many features (thus the Gnome simplification changes -- if you agree with them or not).
If a need arises for a minor utility, chances are it will be incorporated into KDE/Gnome/Mozilla/Firefox/... elimitating the teaser app that carries the spyware along with it.
If a version of spyware becomes sucessful under Linux, chances are this will annoy enough people that they will change the design of the software (KDE/Gnome/Mozilla...) so that -- like pop-ups in browsers now -- the spyware will become largely ineffective and sterile.
There are no commercial interests to ensure that this type of dammage is ignored. It will be routed around and not just for one specific annoying piece of spyware either; for everything in that class.
Why Windows is Insecure (Score:5, Interesting)
Windows was originally designed as a single-user, game-playing operating system. It had no concept of networking or segmented user space or file permissions, etc. These things, among others, were added on later as the need arose.
Windows was originally marketed to home users who wanted to play games and small businesses who wanted to track a few dozen or perhaps a few hundred accounts/clients.
Today, MS has positioned Windows as an Enterprise class OS. People who grew up playing games on Windows should know that this doesn't make sense.
I used to laugh when looking for patches for an NT4 domain that I administered a few years ago. I'd skip all of the new video (DirectX) enhancements that were constantly avaiable. What did gaming/video drivers have to do with domain controllers?
In short, you can't make something into something it's not... at least not without many problems. MS Windows is a classic example of this.
Re:Wha? (Score:3, Interesting)
Now, I'm not going to say that a CLI is the ideal human-computer interface. But I will say that current GUIs, based on "real world" metaphors aren't ideal either. The ideal interface utilizes both visual and linguistic skills, where appropriate. Visual elements can be very efficient for certain situations (data visualization, looking for patterns, etc), motor elements can be efficient for others (designing, drawing, etc), and linguistic elements for others (generally, telling the computer what you want it to do in an expressive way).
This paper [acm.org] goes into a lot of detail about these issues.
Re:No word in English (Score:3, Interesting)
Re:This depends on what you define as ease of use. (Score:1, Interesting)
"CLIs require directions to learn at least the basics, and often those directions aren't easy enough to understand for the computer illiterate."
Linux is not designed for those users (e.g. mom and dad) in mind. Such users pay for companies like Microsoft to make software which is easy and intuitive to use. Linux and Windows fill two separate niches. I do not think it is fair to say that one provides a superset of features of the other.
"CLIs have a lot of configurability that GUIs have, but not ease of learning. Even once learned, the options need to be remembered, where a GUI will put them all in front of you if done correctly, although it has a tendency to get buried in submenus (like Preferences)."
GUIs lack a lot of configurability that CLIs have. Hence, CLI-scripting languages (e.g. bash) are often used to perform complicated tasks that would otherwise be cumbersome to perform with a GUI.
On another note, if an organization (e.g. Lindows) wants to create their own distribution to appeal to users who want a more user-friendly environment, then so be it. However, the Linux community should be wary of changing their development focus to satisfy such users.
The fact that many Joe Users do not like our software is not our problem. If Joe Users do not pay for their software, why should we be inclined to make our software work for them?
Don't get me wrong. Developers should be encouraged to help out the community by developing and providing free software that is useful. However, they should not be expected to make their software so easy to use that any monkey can use it. Let companies like Microsoft do this... they are the ones who must succomb to Joe User's demands. Fortunately, free software developers are not encumbered by the same problems (e.g. deadlines, budgets, and usability aspects.)
This goes back to my point that Linux and Windows fill two separate niches. Linux is whatever you want it to be. Windows is whatever sells.
Not *useability* that's the problem (Score:2, Interesting)
How many windows 3.11 vulnerabilities do you hear about today? None?
Does that mean that Windows 3.11 is secure? (haha).
So does it then follow that if 90% of the severs and clients on the internet were Linux... people would be complaining about how insecure linux was because people could hack it or spam it or DOS it or infect it with virii through unpatched vulnerabilities?