I know that I tend to procrastinate a lot, but this time… I take nearly 1 year ! Last year I decide to draw a mockup of a new possible UI for msec. Why ?
Actual MSEC issues
Presently I do think that msec have several issues. IMHO most of theses issues are due to the fact that the target of these tools are not clearly defined. Here are, IMHO, the current list of issues :
- The UI is too much technical and require too much reading
- Whereas the UI is technically informative most users, even some of the skilled ones, won’t be able to tel if something is wrong or not
- The security parameter tab presents directly some low level settings, and even worse with a two-level tab layout. When you end up doing tabs of tab … it means that something is wrong in your UI
- MSEC will show the raw security check logs : this requires high technicals skills to understand, and with so many informations, you may not know if something is wrong or not. On top of that the list of world writable files is displayed, and this could be very big : users homes directories should be filtered out except $HOME/public_html if mod_userdir is installed.
New MSEC application UI proposal
So I decide to define the public which will use the application, and what do they expect to see. So let’s define the application goal and target:
- The application will be seen by the end user who may not be necessarily technically skilled
- As reference I will use the Microsoft Windows Security Center
- The application will be used to notify the user about the global security state of his computer, and only to perform some basics configuration settings
- More advanced/complete configuration settings should be handled by the CLI or another UI
- The UI should give clear visual hints to the user if something wrong or not
The mockup was done using OpenOffice.org Draw. The UI is in french but I will explain everything.
The status bar
We are going to begin … from the bottom with the status bar. The status will quickly give 2 informations: if MSEC is enabled and the current security level.
The main panel
Now we are going to detailed each elements in the main panel. All elements are constructed on the same layout :
- Status icon: it allows to know if the component is enabled, but also if there are some issues detected. The status icon have 5 states :
- Green: Component enabled and no errors/issues detected
- Orange: Component enabled but some errors/issues where detected
- Yellow: Component enabled but there are some warnings ( not critical issues or some advised features are disabled )
- Red: Component is disabled but it is strongly recommended to activate the component
- Grey: Component is disabled and not required
- Component icon: the icon allow to easily identify the component. Most of the time the icon will be the one used by the application allowing to configure the component. This way the user will quickly recognize it when looking for it in MCC or KDE system settings ( if the component is integrated and displayed there )
- Component name or description: allow to see the component name or description. Some additional informations may be eventually displayed
- Fold/Unfold icon: the icon allow to show more about the component and notably the basics actions that can be applied to the component. Most of the time these actions will allow to enable/disable the component, consult the log concerning the components. To show the logs for a component, we’d better use a standard icon to avoid putting unnecessary text.
Now let’s have a look at the details for each components.
This component will allow to know if the firewall is enabled and if there are issues.
- status icon : red and green are straightforwards. Orange will be used if scan ports or attacked have been detected and no actions have been taken by the user or a possible system policy ( block or allow/whitelist ). It means that mandi-ifw will have to communicate about its status. Yellow will be when the firewall is enabled but some features are not enable : all ports are opened, scan port detection feature not enabled, Interactive Firewall not enabled
- component name/description: quick summary for the firewall, may show the number of firewall rules
- component actions: enable/disable firewall, enable/disable Interactive firewall, enable/disable scan port detection, number of detected attacks, number of rules, show firewall logs
This component will deal with the security update.
- status icon : green = automatic security updates enabled and system up to date, yellow = automatic security updates enabled but system not up to date, orange = no automatic security updates and last security updates date from more than 1 or 2 weeks old, red = no automatic security updates and no security updates since 1 month or updates disabled ( no security updates media defined ). No grey state as for me security updates should always be enabled
- component actions : enable/disable automatic security updates, enable/disable security updates ( updates medias are defined and enabled/disabled in urpmi.cfg ), number of pending security updates, last security update check/installation, show security updates log
This component allow to check for the system integrity and its global safety by relying on the MSEC security checks.
- status icons: green = security checks enabled and no issues detected, yellow = security checks enabled but some warning from some security checks ( CHECK_WRITABLE, CHECK_SUID_ROOT, CHECK_USER_FILES, CHECK_PERMS, CHECK_RPM_INTEGRITY ). Orange = security checks enabled but some critical issues have been detected ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ), red = security checks disabled and eventually some critical issues have been detected from last manual check ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ) , grey = security check disabled
- component actions: enable/disable periodic checks, security checks frequencies, enable security checks when on battery, enable/disable email notifications, enable/disable user notifications
MSEC security policy
This component allow to configure some basics MSEC security policies. The mockup lack some of the actions that should be available in this part, they will be detailed below.
- status icons : green = msec enabled, no issues. Yellow = msec enabled but not at boot, grey = msec is disabled.
- component actions: enable/disable msec, enable/disable msec at startup/boot show msec logs, msec security level,
Contrary to what can be seen in the mockup, I decide to replace periodic checks with system integrity as for me this is more meaningful.
Last but not least, the user notification issue should be taken care too. Indeed presently the desktop notification will just notify that a security have been done, however the user don’t know if something is wrong or not. I guess that instead we should have notifications when one of the component is in red or orange state.
So finally after nearly 1 year I do decide to talk about this mockup : I do hope this will give some interesting ideas to some Mandriva dev or contributors