The "gooey" fallacy

Graphical User Interfaces (GUIs) are commonly believed to make computers accessible by presenting virtual concepts through visual and spacial metaphors. For every action you wish to undertake in such interfaces, there is a corresponding physical object you can interact with: a button, a slider, a window. Our files and folders are neatly arranged on our desktop or stacked in our dock.

When compared to the unfamiliar metaphors favoured by command-line interfaces, there can be no single doubt that a GUI makes it easier for someone unwilling or unable to invest time in learning the operation of a computer to relate to a new, virtual world. After all, there is little appeal in prompts, terminals and shells…

Yet, these highly visual environments are extremely misleading. By inviting us to compare the virtual world with surroundings that are familiar to us, they lull us into a false sense of security, and lead us to easily believe that we have it all under control. Indeed, while most of us certainly nurse a few extraneous stacks of forgotten folders, or even a half-eaten Marmite sandwich from a writing marathon long gone, there are few parts of our office whose workings we do not oversee and, to some reasonable extent, control.

A modern computer, be it a Linux— Windows- or Mac OS X- based machine essentially stores a hodgepodge of hidden files, scripts and programs. Linux makes this fact painfully clear, and tends to appear messier to the untrained eye, but there is no telling what lurks around an apparently orderly, carefully edited system such as a freshly unwrapped Leopard install. Did you know, for example, that your Mac currently ships with a picture of an orange clamshell iBook or twelve identical — or nearly identical — JPG versions of the world map?

Certainly, image files are mostly innocuous. They slow down backups and shrink hard drives, but they are little cause for concern to the system administrator. What, however, of the many utilities, frameworks and headers that are part of our modern installations, whether included by default or inconspicuously added at a later date? In other words, what about these lines of executable code that nobody ever hears about?

On a Windows XP machine I recently got to massage, Secunia PSI found no fewer than three — count'em — installations of Adobe Flash. All three of them were outdated and insecure. All three of them were invisible to Windows or, indeed, to Adobe's very own Flash-excising utilities. Yet, they were around, ready to be exploited by some determined attacker, with only a little bit of guessing required, since the most vulnerable of them was within an AOL installation path.

Command-lines may be scary, but the very darkness of a terminal is a constant reminder of things we cannot see. Effectively, it reminds us of things we should secure, because we cannot keep constant watch on them. As animals, we are rightly afraid of the dark, and of the unknown. This is why we tend to crawl into confined, secure spaces when our ability to perceive threats diminishes. By removing these visual cues, modern interfaces lull us into a sense of security that is hard to shake, so hardwired is the impression that we "see it all."

I am by no means advocating a return to command-line interfaces for everyone, although I remain to be convinced that it would be a bad thing if such an alteration were to happen. I do, however, wish our computers were less secretive about their inner workings, shipped with fewer unused files, and allowed us to understand where things are stored.

It is rumoured that Microsoft is working on a system that would be built around a common core, onto which "modules" would be "latched" at will, according to the needs of the user. While I have my doubts about our collective ability to make such a thing happen at the scale usually required by Windows products, I find the idea to be incredibly appealing.

The complexity of modern computing means we cannot see every part of a system at any given time. Simply opening an antique watch and attempting to survey the movement of all the gears at once, all the while reading the time should be proof enough that our mind has a limited power of useful perception. Yet, the fewer moving parts there are, the fewer chances one of them will break. This truism remains very much valid in the field of security.

Printing, video decoding, sound recording and wireless networking are all luxuries. None of these "modules" is actually required to bring a computer online, and I am willing to bet only very few users use them all at once or even all on the same machine. A base installation should therefore not include them until the user requests their installation. This could be automated and rendered painless through thoroughly understood mechanisms, much like those we rely on today to install kernel updates at the click of a button.

Snow Leopard's promise to slim down is a step in the right direction. Slimming down is not the same as securing, certainly, but it is the beginning. It also entails a review process, that we can only hope will be as strict as possible.