Tuesday, May 15, 2007

Norton Internet Security Doesn't Just Work, and It Should

Norton Internet Security is sold as a turnkey system for novice users. They certainly need something of the sort (although a case can be made that security is now so important that it should be the operating system vendor's responsibility). Users need something that keeps the bad guys from hurting them, without requiring a whole lot of fiddling with, because they don't know how to do it. That's why they buying that product, right?

Unfortunately, Norton Security is written by geeks, who are unable to shed their geek mindsets and produce something that Just Works, as their users need it to. Here's an example of their doing it wrong.

Carbonite, as I've shown you on this blog, is an automatic Internet backup system that not only Just Works, but is my poster application for the Its Just Works movement. Carbonite, like many other applications, periodically updates itself with bug fixes and (we hope) improvements. When Carbonite communicates back to its Internet home site after an update, Norton security detects it and pops up the following box, which caused my wife to come running to me in panic:

If the ultra-smart geeks at Norton, who do nothing but eat, sleep, drink, and live security, can't figure out whether allowing Carbonite to access the Internet is safe or not, how the heck is my poor wife supposed to know? In fact, I MYSELF do not know whether this box is crying wolf, or whether it actually has detected something bad, such as Carbonite being hijacked by bad guys. Take that one step further, and I MYSELF don't know how I would even go about figuring out whether this communication is safe or not.

Norton seems to THINK that this situation is probably benign, as you can see by the "Low Risk" label and the recommendation of "Allow Always". And I think, or at least I HOPE, that they're right. But if that's true and the action really is benign, why is Norton bothering to ask me? It's the same confirmation mindset that I've decried over and over again on this blog. Rather than put themselves in their users shoes, Norton is forcing the user to put on security programmer shoes, and there's not a chance in hell that any user on God's good earth, and I mean NOT ONE SINGLE PERSON, can possibly do it properly. Instead, by crying wolf when no lupine creature is in sight, Norton is conditioning users to click "Yes" every time they see a security warning. They're making all users less secure. Bad idea.

Maybe Norton's lawyers made them do this so that they can disclaim responsibility if they actually do make a mistake. In that case, it wouldn't be the designer's fault, and I will hereby transfer my annoyance and scorn to the lawyers. But Norton messed up here, because they did not put themselves in their users' shoes, as they should have.


David said...

David, what you are asking for here is the equivalent of car that's smart enough to automatically apply the brakes or swerve to avoid a collision. It just can't be done at the current state of the art. The only way a firewall could be sure if a new program update is malicious is if all the virus and trojan writers in the worked agreed to register their malware in a central register.

In general I like what you stand for, and I have practiced similar philosophies for 20 years. However, IMHO you damage your credibility by asking for something that is plain plum impossible. You would do better to ask for something that at least softens the blow for your wife under these impossible situations, like a nice 'n easy explanation of the situation.

David S Platt said...

I'm saying, David, that if Norton can't figure it out, my wife's contribution, or even mine, is of less than no benefit. Silence would be a better response to this situation than what they actually do, which is upset people for no benefit, nor any possibility of any benefit. You and I might reasonably disagree on whether silence would or wouldn't be a better response (I say yes), but I'm sure we would agree that it's technically feasible, no?

NgCH said...

david, if what you say is true, then this mean that Norton's advertisement that their products are 'easy to use' is no longer true anymore. Now there's something to ponder over about.

Stanley Poh said...

I kinda support both david.

They should be sure and allow it silently and at the same time inform the user they have a choice if they do not agree.

ashleigh said...

You want to try Zone Alarm.

It eats programs, even programs you put in the list to say "allow this program".

It removes them completely from your system without telling you!

Norton my be awful but it is less awful than some others!

Skronk said...

Most pop-up messages can be confusing and worrying to the beginner - I've known people who were half convinced that the cops were about to hammer down their door because something or other 'performed an illegal operation'. The 'YOUR SYSTEM MAY BE AT RISK' message from Microsoft security centre and other security software has sent other friends into a complete panic.
Some software is kinder to the beginner than others. I would wholeheartedly recommend Commodo Firewall, Anti-virus and Bo-clean in this respect. They scan your system when you install them and create a whitelist so the user gets bothered with fewer questions. It is a very bad idea for the beginner to get into the habit of clicking 'yes' to every messaga box just to make it go away.

FutureDomain said...


They can make it smart enough to block threats and allow credible programs through without prompting the user. In fact, the new version never asks me about a program, it maintains a blacklist and whitelist like ZoneAlarm and monitors unknown programs to determine if they're a threat. If it blocks a program I want, I have the ability to unblock it.

If a software program physically cannot decide I would probably agree with you, but in most circumstances the decision is tossed in the user's lap because the software makers were too lazy to implement it.

By the way, I love your book David S. Platt (the other David).