I've been watching yet another Air Crash Investigation movie on NG yesterday. The film was dedicated to DC9 crash in Detroit (August 1987). The first thing that impressed me much was that the crash was very similar to MD82 crash in Barajas two years ago (August 2008). In both cases the pilots did not extend flaps and slats for taking off. In both cases an aircraft failed to gain enough lift and crashed in seconds after takeoff.
The second thing I'd like to mention here is a principal one. The system that must have warned the pilots about bad takeoff configuration was turned off. Moreover, it has been turned off far before takeoff, and it has been turned off intentionally. The investigation has shown that the warning system was designed quite badly; it used to fire false "bad takeoff configuration" alarms in irrelevant situations. It was also discovered that it was a "good practice" amongst DC9 pilots to turn that system off just to prevent annoying false alarms. Thus, when the aircraft was accelerating down the runway, there was no advisor to let the pilots know that the aircraft is not ready to take off.
That was obviously a usability issue. The system was too annoying, so most of the pilots decided to turn it off just to save their ears from that zz-zz-zz-zz humming (even though turning it off caused a real risk for their lives).
So what do you want from a user (a skilled one or a dummy -- it doesn't matter) who is forced to scramble through that firewall warnings, antivirus software warnings, SSL certificate verification prompts, phishing or "dangerous site" warnings, ...? All that warnings (and correct answers to them) are vital for the PC to remain secure. However, a user does not want to think about security. All they want is to solve their problems: connect to an office via SSH, check mail at Google, download some new game to play. All that warnings just prevent them from solving their problems effectively; besides (and it is quite important) they will be able to resolve the problems simply by accepting everything asked by the protecting software. "Do you trust this certificate?" - "Sure I do, let me get in faster". "This distribution is not signed by the vendor. Should we run it?" - "WTF, that's a brand new Doom VII, you MUST run it!". And so on.
What I intend to say is that users will react similarly to DC9 pilots until security software stops annoying them. It is silly to ask users myriad of vital security-related questions a day and expect them to answer to each of those questions thoroughly. As a matter of fact, most of home PC security software is more or less perfect. However, a user is the weakest link in the chain and can make castle walls disappear with a single mouse click.
Because of all these, the strategic direction of IT security concepts (and, as a result, security software) is quite clear for me. It's all about usability. The perfect "secure system of the future" does all the security at the background, invisibly to the user. This might seem impossible in today environment (as all the today security depends on the trust relations in the end, and the user is the final instance to define trust), but it is the only way to make the things more or less secure. It is an absolute requirement to exclude the user from being involved into the process of making security-related decisions.
Tuesday, September 14, 2010
Subscribe to:
Posts (Atom)