I've been watching yet another Air Crash Investigation movie on NG yesterday. The film was dedicated to DC9 crash in Detroit (August 1987). The first thing that impressed me much was that the crash was very similar to MD82 crash in Barajas two years ago (August 2008). In both cases the pilots did not extend flaps and slats for taking off. In both cases an aircraft failed to gain enough lift and crashed in seconds after takeoff.
The second thing I'd like to mention here is a principal one. The system that must have warned the pilots about bad takeoff configuration was turned off. Moreover, it has been turned off far before takeoff, and it has been turned off intentionally. The investigation has shown that the warning system was designed quite badly; it used to fire false "bad takeoff configuration" alarms in irrelevant situations. It was also discovered that it was a "good practice" amongst DC9 pilots to turn that system off just to prevent annoying false alarms. Thus, when the aircraft was accelerating down the runway, there was no advisor to let the pilots know that the aircraft is not ready to take off.
That was obviously a usability issue. The system was too annoying, so most of the pilots decided to turn it off just to save their ears from that zz-zz-zz-zz humming (even though turning it off caused a real risk for their lives).
So what do you want from a user (a skilled one or a dummy -- it doesn't matter) who is forced to scramble through that firewall warnings, antivirus software warnings, SSL certificate verification prompts, phishing or "dangerous site" warnings, ...? All that warnings (and correct answers to them) are vital for the PC to remain secure. However, a user does not want to think about security. All they want is to solve their problems: connect to an office via SSH, check mail at Google, download some new game to play. All that warnings just prevent them from solving their problems effectively; besides (and it is quite important) they will be able to resolve the problems simply by accepting everything asked by the protecting software. "Do you trust this certificate?" - "Sure I do, let me get in faster". "This distribution is not signed by the vendor. Should we run it?" - "WTF, that's a brand new Doom VII, you MUST run it!". And so on.
What I intend to say is that users will react similarly to DC9 pilots until security software stops annoying them. It is silly to ask users myriad of vital security-related questions a day and expect them to answer to each of those questions thoroughly. As a matter of fact, most of home PC security software is more or less perfect. However, a user is the weakest link in the chain and can make castle walls disappear with a single mouse click.
Because of all these, the strategic direction of IT security concepts (and, as a result, security software) is quite clear for me. It's all about usability. The perfect "secure system of the future" does all the security at the background, invisibly to the user. This might seem impossible in today environment (as all the today security depends on the trust relations in the end, and the user is the final instance to define trust), but it is the only way to make the things more or less secure. It is an absolute requirement to exclude the user from being involved into the process of making security-related decisions.
Showing posts with label future. Show all posts
Showing posts with label future. Show all posts
Tuesday, September 14, 2010
Monday, February 22, 2010
The future of IT security
The situation in the field of informational security is very far from the perfection today. The main problem is that it's just too complex, while a lots of people, mostly unprofessional, are forced to deal with it. Not understanding the potential effects and risks completely, they often prefer to ignore non-important or too sophisticated details (from their point of view), rather than to set up the things as they need to be.
As an example, let's recall the security subsystem available in Windows 2000. The OS itself provided a powerful mechanism for access rights management, multi-user features, flexible PKI support etc. However, most of the users of this system preferred to work with Administrator privileges, negating most of the security features provided by the system and making the core of the system open for external intrusions. What's the reason? The proper configuration of security subsystem involved non-trivial manipulations from a user. It was much easier for him to add himself to the administrators group and throw all the problems away. I am glad to see the progress made in this field by Microsoft in subsequent versions of their OS.
That's why it is obvious for me that the main trend in IT security for the middle-term future is directed to simplification of the interfaces of security subsystems. The unrelated people do not have to deal with e.g. certificate management, web site authenticity confirmation (does anybody read the text displayed on that strange popup in the browser?), or choosing between explicit and implicit TLS modes when connecting to their favorite FTP archives. Transparency of the security subsystems is the main goal for the future. The people only need to be confident that the data they store in their PC's are safe, just as they are confident about the safety of their money on a bank account.
As an example, let's recall the security subsystem available in Windows 2000. The OS itself provided a powerful mechanism for access rights management, multi-user features, flexible PKI support etc. However, most of the users of this system preferred to work with Administrator privileges, negating most of the security features provided by the system and making the core of the system open for external intrusions. What's the reason? The proper configuration of security subsystem involved non-trivial manipulations from a user. It was much easier for him to add himself to the administrators group and throw all the problems away. I am glad to see the progress made in this field by Microsoft in subsequent versions of their OS.
That's why it is obvious for me that the main trend in IT security for the middle-term future is directed to simplification of the interfaces of security subsystems. The unrelated people do not have to deal with e.g. certificate management, web site authenticity confirmation (does anybody read the text displayed on that strange popup in the browser?), or choosing between explicit and implicit TLS modes when connecting to their favorite FTP archives. Transparency of the security subsystems is the main goal for the future. The people only need to be confident that the data they store in their PC's are safe, just as they are confident about the safety of their money on a bank account.
Subscribe to:
Posts (Atom)