Ease-of-use wins over security

* Can software be both secure and easy to use?

For most people, security will never be the highest priority compared with ease-of-use. Bill Gates got it right years ago when he ensured that ease-of-use and user-friendliness were the top considerations during the development of Windows as well as the applications running on the operating system.

In his Network World Editorial column last week (see link below), Editor-in-Chief John Dix mentioned the possible battles to come for desktop office productivity applications - specifically, how people are balking at the new licensing costs for Microsoft Office. He quotes an IS support manager with 1,000 desktops to outfit, who said: "With Office costing $450 now and coming complete with security holes, I want another option."

The manager evaluated Star Office and liked it, but said, "You can't hand embedded macros back and forth. You can pass them from Windows to Star Office OK, but you can't pass them back, and that kills it for us for now."

What the manager is overlooking, though, is that those "security holes" are mostly exploits of embedded macros. Ease-of-use and security are always going to be in competition. Always.

When you come home from the market, and walk up to your door with bags of groceries in each arm, don't you wish there was an easier way to open the door? But you have to put down the bags, dig out the keys, unlock the door, pick up the bags, go in, set down the bags and close and re-lock the door. That's not ease-of-use, but it is more secure.

The computer I use for most of my writing (including this newsletter) runs Windows 2000 Professional (no, I haven't felt the urge to upgrade it yet. After all, before Win 2000 it ran Windows 95). There's only one account defined (Administrator) and it has no password. That's a security hole big enough to drive a Hummer through. But it is much easier to use, and allows faster access on re-boot. Since the only other people with access are my wife and other family members, I don't feel that it is insecure. And I value the ease-of-use above security in this case.

I don't encrypt my files (I'm hardly a target for industrial espionage) but I do keep the machine behind two firewalls with secured connections and network address translation to protect the IP address. Security is easier to implement when it doesn't impact ease-of-use.

Microsoft has become more aware of security issues, but as long as consumers continue to vote for ease-of-use over security when it comes to choosing software (as the manager Dix quotes appears to be doing) then security will remain an elusive target.

EDITOR's NOTE: Due to the U.S. Thanksgiving holiday we will be sending just one newsletter this week. Regular service will resume next week. We wish you and your family a happy Thanksgiving.

Learn more about this topic

Novell does the Linux tango

Network World, 11/17/03

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2003 IDG Communications, Inc.