Interface design failures – Symantec Endpoint Protection

Continuing on the interface-design-that-is-so-dreadful-it-turns-people-off-technology thread, here’s a true gem I got a few days ago.

As I was minding my own business, using my computer in the low-maintenance way I’ve come to use it over the years, this thing popped up:

Symantec Internet Security popup

Yes, we use Symantec Endpoint Protection at work. What I don’t want it to do, is interrupt what I’m doing to ask me if it may… do its job. The LuCallBackProxy.exe program is part of Endpoint Protection. You would think that a product that is supposed to protect you from the bad guys, at the very least can differentiate between itself and untrusted programs trying to communicate with untrusted remote sites.

But no, this is Symantec Endpoint Protection itself, asking if it’s OK for it to do its job, treating one of its own components as a potential threat, giving you no good reason for it, making the user construct conspiracy theories about trojaned software or just throw up his/her hands and click “OK” once more.

Users are not given an indication of why the trapped action might be dangerous and are not empowered with understanding of what’s going on on their machine. But really, that popup should not have been there.

Interface design failures – Microsoft Sharepoint

I don’t want to paint only Free Software suites as poorly designed when it comes to usability and the User Interface (UI). Proprietary software suffers from the same symptoms.

Take the example of the latest and greatest SharePoint by Microsoft. It encourages you to “just drag & drop” files to its file repositories. This should be simple enough, given that

  • WebDAV is a very mature technology (it’s been around for ages) and
  • This is a Microsoft Client (Internet Explorer 7) on a Microsoft Operating System (Windows XP) talking to a Microsoft Server (Windows Server 2008) and a Microsoft software stack (Sharepoint Services). Which means they might as well use whatever proprietary protocol they wish to suit their needs, it’s not exactly as if they’re restrained by adherence to silly little open standards…

You might think errors would be handled with more grace than this:

This response is dreadful because:

  1. It’s mislabeled as a “warning”, when it’s clearly an error. A warning is issued when you ought to be aware of something that might land you in a difficult situation. From the point of view of the I/O operation, it has already failed. This must have happened because of an error somewhere.
  2. It’s not informative. “Something broke, somewhere, I think…” is a useless message. Which files didn’t make it through? Why? At what point?
  3. It’s a dead-end. What do you mean “OK”? No, it’s not “OK”. I want a button that says “Retry”, or “Diagnose” or “Fix this” or something. Telling the user “sorry mate, didn’t work” and then offering just an “OK” button is frustrating and reinforces users’ perception that all popup messages just need to be mindlessly clicked on away. (for more on this, check out Peter Gutmann‘s Security Usability book chapters – p.73 “Security and Conditioned Users”)

So all that’s left is to retry copying the files over. If it fails again, the only thing you can do is get up from your desk and do something else (in the real world), swallowing once more your endless frustration with the stupid systems you have to work with daily.

Don’t use Adobe Acrobat Reader

Adobe Acrobat Reader. Also known as “the PDF reader”. It’s an application meant to do ONE thing: Open & read PDF files. If that’s the case, may I ask why it:

  • installed 86.65MB of files on my machine and
  • required an Operating System restart to be removed?

One of the most basic principles of security engineering is KISS – Keep It Simple Stupid!

Adobe Acrobat Reader is a user-space application that is used very often to handle files that come from untrusted online sources. Having it intertwined so much with the Operating System that removing it amounts to an OS reconfiguration that in turn requires a restart, is simply dreadful design that is only bound to explode in the face of users again and again.

Please consider using simpler software that gets the job done just fine, like FoxIt PDF Reader.

Debian GNU/Linux Squeeze – first impressions

Well.. when it comes to usability Debian still has a long way to go.
Even though I’ve used Debian for various machines for years, I found myself reading all about package management internals (pseudo-packages etc). I know all that stuff, but why was I spending time reading it again?

The reason is that I had a newly installed Debian system and I *dared* wish to remove the games from Gnome. No reason for them to be there, as I never use them. So I fired up a terminal, su’ed to root and used aptitude to figure out what package I had to remove. Soon enough it was obvious that I needed to get rid of the package “gnome-games”, as all of these games come bundled together. No problem with that, issue the standard aptitude remove gnome-games, only to be told that to do that, I need to remove Gnome. The whole thing. The entire graphical environment.

Thinking “surely, it just means the metapackage, well that’s annoying but I’ll live”, I told it to proceed. It was the recommended action, and apt is supposed to be excellent at conflict resolution, right?

So I hit enter (for Yes), and voila! A long list of packages to be removed and the warning that “217MB will be freed”. WAIT – HOLD ON – STOP IT dammit! Don’t take my entire GUI away!

Using aptitude has failed me on this one, and it’s not exactly rocket science. Freshly installed system, and I’m asking it to remove a trivial package. Since it says that gnome-games is “recommended” and not a hard dependency, why does it try to rip the rest of gnone away?

And, what’s that cryptic interface that surely users will love:

root@lifebook:~# aptitude remove gnome-games
Reading package lists… Done
Building dependency tree
Reading state information… Done
Reading extended state information… Done
Initializing package states… Done
Reading task descriptions… Done
The following packages will be REMOVED:
0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0B of archives. After unpacking 2,511kB will be freed.
The following packages have unmet dependencies:
gnome: Depends: gnome-games (>= 1:2.30) but it is not going to be installed.
The following actions will resolve these dependencies:

Remove the following packages:
1)     gnome

Leave the following dependencies unresolved:
2)     gnome-games-data recommends gnome-games
3)     gnome-desktop-environment recommends gnome-games (>= 1:2.30)
Tier: Safe actions, Remove packages (10000)

Accept this solution? [Y/n/q/?] n

The following actions will resolve these dependencies:

Keep the following packages at their current version:
1)     gnome-games [1:2.30.1-1 (testing, now)]

Tier: Cancel all user actions (20000)

Accept this solution? [Y/n/q/?]

I mean…

Please write instructions in plain English. Right after I’ve asked aptitude to remove gnome-games, it comes back with

gnome: Depends: gnome-games (>= 1:2.30) but it is not going to be installed.

What is that supposed to mean, exactly? Should that perhaps be rewritten to spell

A software package you’re currently using (gnome) needs the package you’re trying to remove (gnome-games).

There. That’s in English.

Then you’re told

The following actions will resolve these dependencies:

…which sounds quite good, and then the geek-speak starts:

Remove the following packages:
1)     gnome

Leave the following dependencies unresolved:
2)     gnome-games-data recommends gnome-games
3)     gnome-desktop-environment recommends gnome-games (>= 1:2.30)
Tier: Safe actions, Remove packages (10000)

Accept this solution? [Y/n/q/?]

What’s the user to make out of all this? Let’s see…

  • You get a 1-2-3 list of actions broken into two sub-lists and then are given a chance to answer yes/no. Why can I not choose the action I want? I would just hit “1” and sod the unresolved dependency.
  • What’s all this gnome-games-data stuff? I never asked for that. I never ought to see that.
  • Is “Tier: Safe Actions, Remove packages (10000)” supposed to mean something to users? (I understand what the poet is trying to say, after years of using Debian and after thinking about it for a good hard minute, but man is this bad interface design)

Then I try to copy/paste this madness to a text file on my USB stick to transfer to another computer to post here, and I realise that right-clicking on my mounted USB stick comes up with ALL OF THE FOLLOWING THREE options at the bottom of a huge menu:



Safely Remove

I thought that user interface design was one of the strengths of the GNOME project. Well, it’s still failing in some basics and it’s quite disheartening to see such design in a modern operating system in the year 2010.

PS: Using the System -> Administration -> Software Centre to remove gnome-games doesn’t do anything. Just ignores me.

Using the convoluted Synaptic package manager (what an interface! 10 buttons, 3 panes, menus, mystic “S” columns…) I was able to remove gnome-games without wiping out my GUI, even though I was warned that “gnome” would be removed too. At that point, I was past caring.

Ubuntu 10.4 LTS (Lucid Lynx) – first impressions

So I thought I’d resurrect my old Thinkpad and slap the latest and greatest Ubuntu distribution on it to see how it’s doing.

System: IBM Thinkpad T23

CPU: PIII/1GHz (speedsteps to 730MHz most of the time to conserve energy)

RAM: 512MB

First attempt: Install using “desktop” installation CD. Stopped it because it doesn’t allow me to encrypt my filesystem during installation. Really, that should be the default nowadays, as the performance penalty on modern systems is negligible and it will make laptop theft a much less lucrative business.

Anyway, I had to get the not-so-aptly-named “alternate” installer – downloaded that one via BitTorrent and was impressed with the speed. What a fantastic protocol!

Used the menu-driven installer to create an encrypted filesystem on my 80GB ATA drive, which was very easy, but took ages. Surely, it shouldn’t need to write to the entire disk to begin with… just make sure whatever is written from then on, is encrypted on the fly. Not sure how cryptfs works, need to look into that (but surely smarter people than me are involved in this and they *must* have done it the TrueCrypt way – encrypt only existing data, offer option to securely wipe free space).

At the end of the installation was offered the chance to encrypt my home directory, which I took just for the heck of it. Very good one on Ubuntu, to offer encryption this way. Of course, I’d still rather encrypt the entire filesystem with a local-only password that is not exposed over any network services etc.

So after seeing how the encryption of my home directory works, I removed it, thinking it was slight overkill to encrypt my home directory on top of an encrypted filesystem. My hardware can barely cope with modern software, let alone two layers of encryption… Notice: uninstalling home directory encryption showed no noticeable speed increase. The machine is still slow, but usable.

Then comes some user account confusion. I want to have access to the root account, so I use Ubuntu’s way of getting a root shell ($sudo bash) and set a password for the root user. This results in slightly schizophrenic behaviour from the system whenever a “system change” is about to be authorized – sometimes it asks me for my regular user’s password (which, since I gave root a password fails – some funky Ubuntu magic must have removed my user account from the sudoers file, no matter, I re-authorise myself as a sudoer – and uses sudo to then run whatever it needs as root) and other times it’s honest and asks me for the root password. Bet this would all be extremely confusing for a new user. Of course a new user would not need to setup a root password, I hear you say. Perhaps you’re right.

Then comes the ugly realisation that my home directory is readable by the entire (local system) world. Whaddya mean drwxr-xr-x  ? Is there *any* reason for this? How have GNU/Linux distributions done *without* world-readable home directories for ages? When a security-inhibiting decision is made on my behalf (that I cannot comprehend), I get frustrated.

Then comes software. Using the “Ubuntu Software Centre” I search for “truecrypt”, find only two graphical front-ends (“Easy Crypt” and “GDecrypt”), try installing “Easy Crypt” and am told that “This action would require the installation of packages from unauthenticated sources.” Oh my, I certainly wouldn’t want that, so I look into the “details” expandable box and I get the following useful information:

helpful message for easycrypt

Yep, just that. One word. Fantastic. So I either have to Google for a workaround, or give this interface the toss and not bother. I decide to do the latter as I’ve already spent too much time troubleshooting why Skype (which *is* available via the official Ubuntu repositories) crashes every time I have an incoming call. (I haven’t figured it out, by the way. I suspect the problems of the year 2000 are still with us in 2010, so it must be the sound server’s fault…)

Moving on, I explore Ubuntu One – a fantastic idea by any other name would be just as sweet – 2GB worth of online storage for stuff in your home directory. Great! Alas, it turns out it’s all stored unencrypted *unless* you use an encrypted home directory, which I just undid – argh! Why, oh why, does one need home directory encryption to enable online secure storage? This strongly hints that Canonical is taking the big vendor approach of providing one model in which everything works (mostly) fine and interoperates seamlessly, and you’re screwed if you choose a separate model (e.g. full disk encryption vs home directory encryption). But I’ll do it. I’ll re-encrypt my home directory because they have done it so easy that it’s really not rocket science, at least for an old Linux user like myself. For newbies, the advice is “stick to defaults and don’t you dare budge!” – which doesn’t ring like the Linux I knew.

In the mean time, I am rather impressed that a week has passed and there hasn’t been a single security vulnerability fixed and thus no notification to install critical security updates. So I check manually, and – oh la la! – there’s 41 of them! What happened there? Why no notification icon? Even default settings didn’t work in this case and I’m getting more and more pissed off as I lose trust in the system.

Ubuntu 10.04 not displaying security update notification