| Tuesday, July 16, 2002 |
20:30 - Hacking the Wetware
|
(top)  |
See, this is exactly the kind of thing I'm talking about.
On my Windows machine at work, I had decided to download the RealOne player. After going through the real.com website (which, as had not changed almost since the company's birth, involved finding the tiiiiiny little nigh-invisible "Free RealPlayer" links tucked away into the corners of a sequence of two or three Big! Flashy! Pages! that Try! to Trick! you into Downloading! the Trial! Version! of the Pro! Player!), I got to the auto-starting download page:
See what's going on there? There's a screen shot of the little "Security Warning" window that pops up, the one that asks you if it's okay to run this executable you're downloading from RealNetworks, Inc... with a big bright green arrow telling you to "Click 'Yes' when this dialog box appears".
The whole point of the "Security Warning" window was to give Windows users control over whether random websites could install things onto your computer. You're supposed to look at the certificate owner as reported in the dialog box, follow the little link, review the certificate, and only click "Yes" or "No" depending on what you conclude about the site in question.
That would be great, in an ideal world. But you know what happens on planet Earth? People have no idea what that little box is. "Security... certifi-- what? Where did this-- signature? RealNetworks... run and install... huh?"
Real.com is evidently having to respond to enough user confusion over this supposedly user-empowering, process-streamlining feature of Windows that they've had to put in a screenshot and instructions on how to click "Yes" to make it go away. Instead of letting users come to treat the Security Warning dialog as the intelligent gatekeeper against unauthorized code execution that it was intended to be, they tell users "Oh, don't worry about that-- it's just one of those 'computer things'. Who knows where these things come from? Just click 'Yes' and you'll be all set."
Am I the only one who sees how ridiculous (and dangerous) this is?
Instead of making the user read the dialog box, decode what it means, and make an informed decision based upon the evidence at hand, Real is training people to ignore the security measure and just follow the instructions in order to get past it. This is, as a learned friend of mine puts it, hacking the wetware-- it's appealing to laziness and convenience to suck all the usefulness out of a potentially powerful tool, and indeed to make it worse than useless.
What, for example, would happen if some spy-ware or ad-ware company put up a screenshot like this, telling you to "just click Yes"? What if some virus you got in the mail did that, provided it was dressed up in enough legitimate-looking graphics?
And is anybody under any illusions that Palladium will be anything but more of this, only a hell of a lot more ubiquitous and prone to being just as roundly ignored and abused?
Palladium, after all, is supposed to be based on "clearance levels" and execution accessibility granted by the end user. This is how spam and viruses are supposed to be rendered toothless. But who doubts that it will be more than six months before 85% of the Internet will have trained themselves to reflexively click "OK" on the mysterious little boxes that come up all the time-- clustering so thickly as to completely remove any convenience whatsoever from computing?
That's the problem with so much of Microsoft's approach to software design: the solutions they make would be perfect... if only we were all machines. If only we all followed rules, obeyed signs, read instructions, then Windows would be the most perfect of all operating systems-- little things like "filename aesthetics" and "intuitiveness" and "user-friendliness" would be patently unnecessary, and nobody would click on anything they weren't supposed to-- everything would hum along. But such software becomes unusuably onerous if the users are human beings.
Microsoft's engineers are the consummate geeks. They're recruited from the CS labs of the most demanding high-tech schools in the nation; most of them already harbor a loathing for the human race, for their peers, and for the "common man" who used to beat them up on the schoolyard. (I have known a number of these people.) They joke wryly after their interviews finish up, saying "Yeah, I'm gonna go take 'em down from the inside," but what happens is that they're hired to design software that interacts best with machines rather than with people, because machines are whom these fellows trust more.
All they usually think about in their spare time is hacking the wetware. You know how much Microsoft will pay a CS major who successfully rigged a sweepstakes or hacked into a bank? And how useful do you think that person will be in writing software that everyday people are supposed to benefit from?
I weep for the future.
By the way, I have nothing against the RealOne player itself; it actually seems to be quite a slick little package, proprietary-ass interface widgets where you have to hunt around for a piece of "dead" border space if you want to move the window anywhere or not. And it's sluggish and choppy as hell when you drag windows around the desktop, because while Windows 2000 tries hard to have effects like transparency built-in, it's no Quartz.
But other than that, it's a rather likable little piece of software.
|
|
