One of the age old questions is can you have functionality and security. This debate has again come up in at least one well known online security forum. The discussion has taken a few different directions in multiple threads. My opinion is you can have security along with functionality. But the level of that security would not meet the criteria of many who claim to be experts in the field. I’d venture to bet that any computer or browser can be locked down to the point of being close to completely secure. The problem with this is you give up a good amount of your computing experience. To do basic everyday computing task you would end up being frustrated to the point of not wanting to use your machine.
Many online who are big promoters of security aren’t fans of functionality. In some cases they can’t wrap their minds around why end users would find the super secure way of doing things aggravating. A good example of security products that have had to adapt to customers way of doing things are antivirus and firewall software. Years ago both of these required a very large amount of user interaction. Customers were expected to make decisions about things they had no clue about. Nowadays this has lessened a great deal. Security software now works in a much more quiet manner needing less user guidance and interaction.
It’s interesting how the majority of security researchers agree that end users are the weakest link in the security chain. Yet these same people would want security standards implemented that would in fact expect these customers to make choices they shouldn’t be making. A good example of this is NoScript for Mozilla based browsers. Other examples of less functional security settings are limited user accounts. When you’re running as a limited user account you are forced to figure out the steps to installing legitimate software. Consumers don’t want to have to figure out how to make it work they just expect things to function. Locking down a computer to the point of unusable will only lead to aggravation and end users finding ways to disable or circumvent the security that is in place.
Unfortunately many in the computer security field do not consider functionality when offering up advice or when they setup customers machines. In the end this only provides a negative experience for the end user. Of course a balance can be achieved. The debate has recently focused once again on if security software is really needed or more of a marketing ploy. It’s my opinion that security products are a must. In most cases a good antivirus and firewall allow the consumer to do what they want with their computer while still keeping them safe. This is done with minimal interaction from the end user nowadays. It also allows for the computer to not have to be locked down to a state of being completely useless to own.
The fact is there is bad security advice being given everyday online. Many who give this advice feel they are doing the right thing in regards to security. They do not take into account that there is no security if the customer is unwilling to use the products or setup that they have been asked to put in place. The much hated by consumers but praised as a step in the right direction Microsoft Vista security setup is key example of this. A security setup similar to an older software firewall. By design this expects consumers to make decisions they aren’t really capable of making. Do to not understanding what is being asked in most cases. The common way consumers deal with security alerts is to just click OK through everything. This defeats the layer of security that is in place.
Even though the supposed security experts know all this. They continue to offer advice that will in fact have end users making decisions that in many cases they shouldn’t be. I can think of many scenarios where what might be considered safe content shouldn’t be allowed. Only with an updated antivirus software in place and running in real time would you be informed of this. Most users could care less about security. If those who promote security or produce security products continue to make the process aggravating. The customer’s viewpoint will not change they will only become even less interested in the security process.
Are you looking for practical security advice? Or are you looking for software and hardware to secure your computer properly? Then please have a look at the link below.
This article is an example of what I touched on above. Aggravating users does nothing to encourage them to embrace security. Not to mention the fact that the consumer might not be making secure choices in the first place when dealing with the alerts they are being given.