The Metro user interface is coming soon to a Windows 8-based computer near you. Now is the time to start thinking about if your organization is prepared for such a different interface.
The mantra seeming to drive IT consumerization today is "dumb it down." We've been seeing it with Apple iOS-based devices and now with the new Windows 8 Metro interface. This approach of dumbing things down so we can protect users from themselves seems chivalrous and better for security, but only on the surface. The reality is that this approach allows manufacturers and software developers to have more control of their systems and software.
Note that Metro isn't just a new user interface -- it's a whole new design architecture for applications. In fact, Microsoft is so enamored with Metro that it's referring to the traditional Windows interface and programs to which we've grown accustomed as "legacy."
More on desktop security:
Supercookies take a bite out of enterprise desktop security
VDI: The answer to today's desktop security nightmares
Gathering and documenting your Windows desktop security policies
Windows Runtime and Metro style can make a sysadmin's life easier
People are being forced to use this one-size-fits-all Metro user interface, and based on my observations of real-world users, it's not making them happy. And what happens when people feel like they're not getting what they need? They take it upon themselves to install software. They also "jailbreak" and tweak as much as possible so they can do what they want to do.
Software developers sometimes forget that people are averse to change and are creatures of habit. If users were once able to do something on a computer or device, they're going to expect that feature to be there indefinitely. Case in point: I've already installed the Start8 program on my Windows 8 Consumer Preview so I could get the Start button back. I know many others who will do the same thing.
I know I'm going to sound like an old fogey here, but what part of Windows XP wasn't user-friendly? What's wrong with Windows 7? I get that it's all part of innovation, but I feel that product management teams often change paths to merely justify their existence. Where's the value? The Windows 8 Metro interface may be quick, but quick doesn't always mean simple -- especially for old-school Windows users.
A new interface and set of applications could introduce yet another attack surface on our endpoints. Furthermore, under every "simple" user interface is a maze of complexity. And complexity is the enemy of security. Don't let a technology that a core vendor pushes on you drive the way you do business. Sure, we'll likely be forced to adapt to the "simpler is better" approach to computing eventually. Just be careful how you address this with users. They've got enough being forced on them as it is.
Speaking of which, I'd like to know whom this odd Metro user interface and set of new applications is benefiting. I'll argue that it's not the very people who support, troubleshoot and often tout the Windows operating system: IT professionals -- at least, not this IT professional.
Of course, Windows 7 and XP have their own annoyances. But yet another user interface on yet another OS we probably don't need? It can't -- it won't -- be good for security in the short term, maybe even over the long haul. Perhaps mobile usage will drive demand for the Metro user interface on the desktop. Only time will tell.
About the author:
Kevin Beaver is an information security consultant, expert witness, author and professional speaker at Atlanta-based Principle Logic LLC. With over 23 years of experience in the industry, he specializes in performing independent security assessments revolving around minimizing information risks. Beaver has authored/co-authored 10 books on information security, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he's the creator of the Security On Wheels information security audio books and blog, providing security learning for IT professionals on the go.
This was first published in June 2012