Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Retracts Private Folder Option

Posted by ryuzaki0 on from the hey-no-takebacks dept.

An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."

6 of 336 comments (clear)

  1. Nothing for you to see here. Please move along. by The+MAZZTer · · Score: 4, Informative

    Oh great, they retracted the article too!

    But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 (redirects to download.microsoft.com) all that was removed was the HTML download page.

    On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?

  2. Who cares... by Poromenos1 · · Score: 5, Informative

    TrueCrypt is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  3. I decided to try this software by CyberSlugGump · · Score: 3, Informative

    I was not impressed.
    Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.

    Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....

    1. Re:I decided to try this software by gr8dude · · Score: 3, Informative
      HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password.


      Data loss can be really painful, if the data were encrypted. Normally, the decryption key is embedded into the encrypted file itself, but the encryption key (let's denote it with k_E) itself is encrypted with something, a password for example, or the password's hash. So, even though k_E resides inside the encrypted file, it doesn't make the file less secure, but it does make it more fragile. If there's a one bit change in the part of the file which holds k_E, then the data are gone forever. When k_E is obtained by decrypting it using the password (or the password's hash), it will not be correct, because of that flipped bit. So the data recovery programs you mentioned may be able to physically recover the data, but that is useless, because at the logical level - the gathered data are encrypted, and the true encryption key was lost. If something like CBC mode is used, then an error in the first decrypted block will propagate to the next, and so on.... What you will recover is a bunch of crap.

      The solution is to make a backup of the area of the file which contains k_E, provided that the encryption software allows you to do that. If it doesn't, then I am afraid to use such a program (unless somebody guarantees I will never have power outages, and my hardware will never fail, and my OS is going to last forever, etc). Of course, you can always backup the encrypted file itself, but then the backup is of a much greater size that it could have been if you backed up only k_E.
      --
      The saddest poem
  4. Re:What an example of vocabulary outpacing functio by mliikset · · Score: 3, Informative

    'irregardless' IS a properly constructed word. It means 'not regardless', which is not, I'm sure, what he meant to convey.

  5. Re:That could've been a good feature! by NtroP · · Score: 3, Informative

    On OS X, you have the option of creating a "Master Password" that has the ability to unlock any encrypted home directories. It shouldn't be too hard to implement a setting that says a Domain Admin can unlock any encrypted files on computers that are joined to their domain. Something is fishy here. There has to be more broken with this scheme than just the user being able to encrypt their data.

    --
    "terrorism" and "pedophilia" are the root passwords to the Constitution