Graphical User Interfaces (GUIs) are evil. Or in the words of a friend of mine – “the work of the devil.” I know people generally like shiny windows and icons and that’s fine for a lot of work. But, when it comes to being an info security professional, GUIs are just wrong in many cases. Stick with me. You will want to rethink your position on “just give me a shiny GUI over white letters in a stark, black window any day.” Here are a few reasons why GUIs aren’t necessary.
One of the biggest issues with a GUI is that it is designed to take away the onerous drudgery and work from performing computing tasks. If I’m writing a document, such as this one, give me a few bells and whistles so I can more easily manipulate text using a mouse. However, if I’m honest, I’m writing this in as close to a text editor as you can get. No frills. No clutter. Just a visual representation of a sheet of paper. Sometimes you need to shove everything off your desk and get to work without the distractions.
Don’t bury the details
When a GUI appears to be doing a lot of the work for you, it is. At the same time, it’s hiding a lot from you. The developers believe, sometimes rightly, that the details are clutter that will get in the way of you doing your job. You should be focused on the work and not the minutiae of how the work is done. However, the very things the GUI is hiding from you are often the details that you really need to see as a technology professional. Without the details, it can be hard to learn how everything fits together. As an example, if you were doing forensics work using one of the GUI tools like EnCase or FTK, you either wouldn’t get some of the low-level details or it would be harder to see them, as you’d get from tools like SleuthKit. Using the SleuthKit, you really need to understand how the filesystem is put together to be able to understand the output.
Beyond that, there are cases where the tools you need for a task are just command-line based. As an example, if I to want to see whether another system was available and responsive on the network, I would use the program ping. There is no GUI alternative, at least installed by default on most operating systems, for ping. The same is true for traceroute/tracert. If you needed to do some troubleshooting for problems with your domain name server, it’s easiest to use a program like nslookup or dig. There are no other tools that are GUI-based that are available by default.
Automatic task completion
The last case I will put to you, though there are several others, is the ability to complete complex tasks automatically. When we use command line programs, we can put a list of those commands together into a file and have the entire list executed. On Windows, this would be called a batch file or a PowerShell script. On Linux, it would be called a shell script. This means you can have a complete process that can be repeated verbatim, over and over again. On Linux and other Unix-like operating systems, including macOS, you can chain several commands together to perform complex operations. The ability to take the output from one command and use it as an input to another program is called piping.
Let’s take an example. The following command sequence takes the idea of piping beyond just output -> input.
ps auxww | tr -s ” ” | cut -d ” ” -f 2 | sort
This command sequence gets you a process list, which has a lot of space characters between columns, and sends the output to a program that translates characters. This particular command removes extra space characters. The output, without all the extraneous characters, goes to the program cut. This program cuts the second column (field) from the output with the space character as the delimiter between the fields. Finally, the output of that, which is the process ID, is sent to the program sort. What we end up with is a sorted list of all the process IDs.
Command line programs give you a lot of control over the information you get and how it’s presented. You can enjoy your GUI programs if you like but I will tell you that if you really want to become a knowledgeable security professional, you should get comfortable with the command line. It will be your friend and give you a lot of power while minimizing your dependence on fancy GUIs.