First off let’s make this really easy and say that for the most part many people who use computers do not really know enough to really be in control of such a powerful machine. I try to equate it to a toddler driving a car. Sure you can jury-rig it so they can reach the pedals and steer but at the end of the day they are still too young and in experienced to be driving themselves.
The real problem
All of this being said, you might think I’m blaming the users. Quite the opposite in fact. It’s actually less like a toddler driving a car and more like an average person trying to fly a fighter jet. In a war zone. Running on reserve fuel.
While it may not feel like this when you are working on a computer, the fact is we are all under constant attack, and it’s scariest when we don’t realize we are under attack. This map in fact starts to give you an idea of that. Link – Norse IPViking Live Map
So who’s fault is this? Who is to blame? I think a lot of this falls on the programmers and the companies developing all of this new fancy technology. There tends to be a focus on what a product can do and not how secure it really is.
Well a lot of companies seem to be heading in the right direction, that is limiting the power the user has and increasing the security controls, they never really get there. Chromebooks, for example, try this. However, at the end of the day it is still an internet connected device, and as such open to attack and new compromises. There is a constant battle between making things safe and user-friendly, and making things powerful and useful. This is a battle that never seems to be won.
What I’m not saying
I want to make it very clear that I’m not saying we should censor the internet or try to limit everything so that we can somehow be safe. This sort of utopian thinking never seems to work. I do think that there should be more option. Power users will flock to open source distros (aka Linux) and find solace. The average user should have an option that gives them everything they need and very little that they don’t. Almost every site you visit you should be HTTPS and your browser should yell at you in plain english when it isn’t. Chrome started to do this, and I’m glad.
Many people would see this and know not to continue. Why? It isn’t because there is now a red lock, or that the language has changed. It’s because the option to ignore the advice has been hidden. As far as the user is concerned it’s not an option to continue.
This is a good thing. If you are on a HTTPS site with a bad, expired, or mismatched certificate you shouldn’t continue. Not unless you know what you are doing.
At the end of the day most people don’t need a lot of the power their computer has. They don’t need administrator accounts. They need accounts that protect them from themselves. If something pops up on the computer asking for a password, many of people will type it in. We need systems that don’t rely on the user actually knowing how to do complex things, but instead work on simplifying things.
Many hackers are very good at working with the complex, but they don’t need to. If you want access to a multibillion dollar industry you don’t need to build really sophisticated malware to get in. You simply send out a few hundred phishing emails to the HR department and wait for someone to give their credentials. It might sound simple. That’s because it is. At the end of the day simple attacks will win out because they are easier.
I really hate losing control of systems. I hate that it’s getting harder and harder to mess with core settings. I also recognize that for the mass populous this is a good thing. I would much rather that most users are faced with an interface that shows them what they understand, and nothing that they don’t. I think this is some of the success of the original iPad. iOS has since gotten more complex, but somewhere around iOS 4 or 5 it was pretty powerful and super simple! I could hand my iPad to pretty much anyone and they could use it without getting in much trouble. I didn’t have to worry about them messing it up. At the time mobile malware was basically nonexistent (that has since changed).
I don’t think the future should mean everyone should only work on tablets, but I do think that many developers are torn between trying to satisfy power users and being simple enough for the average user. I don’t know who will master this. I’ve been pleasantly surprised with the direction that Microsoft is going. Between the new Surface and Windows 10 I think there is a good balance there between ease of use and power. That being said I don’t think they are there yet. At the end of the day give that computer to an average user and come back 6 months later and it will be bogged down with crapware and likely be infected with viruses and malware (yes, even with built-in antivirus.) Additionally, the user won’t have a log in password and will be using the same password for their twitter and their financial accounts.
So what does this all mean? Honestly, I don’t know. I look forward to what the future holds and at the end of the day this was just a rant and me realizing it has been far too long since I’ve posted anything on here. I’ll try to not let so much time pass between posts.