There’s an import point here in the sub-text about manual controls.
Well, many actually.
One point is that of ‘being in control” vs “transparency”.
If all I want to do is listen to music or drive, then dropping a CD in a player or moving the selector past P, R and N make more sense. If I want fine control in any one of many ways then the manual controls make sense.
So what has this to do with Security?
Bruce Schneier has pointed out that security needs to be transparent and intuitive, but that means different things to different people.
To an end user it means no spam and no malware and intrusive pop-up adverts and no corruption and crashes or slowdowns. The ordinary user doesn’t want to be told to install patches or configure his personal firewall. He wants to write letters, balance his check-book, play games, watch videos or do the work he’s paid for. At many of my larger
client sites the IT department does its job well enough that the end users see nothing what so ever of the security process – I’ve discussed before how they don’t even have their AV enabled – its only there to satisfy the eternal auditors.
But there are people who do need the fine control, either professionally or as a self indulgence for their ego. For some people the array of knobs and sliders on their hi-fi, the ability to hit 6,000 RPM before moving out of first or having a menu interface that takes their attention off the job and has them fiddle around for a few critical seconds is very important.
In “The Inmates are Running the Asylum” (ISBN 0-672-31649-8) Alan Cooper talks about the way adding a computer to a previously established device can make it more like a computer than what it is supposed to be. The book is about user interface modelling and is a recommended read.
My first cell phone had a simple menu. The numbers, and ‘up/down’ lever and “go” button. I could operate it “blind”. Every phone I’ve had since then has a complicated multi-level menu that I have to look at in order to do even simple things.
Its the same with Cameras. My favourite is my old Canon A-1. It was one of the first generation of fully automatic cameras and only had automatic exposure control, which could be easily turned into manual without taking one’s eye from the viewfinder or being distracted from the job at hand – composing and taking the photograph.
We keep saying that security is everyone’s responsibility, but really its not, not in the sense that everyone has to be encumbered by clunky user interfaces that get in the way of doing the real job. And for most people, the details of security have nothing to do with their job.