Slashdot Mirror
Microsoft Retracts Private Folder Option
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
If it actually worked as advertised, that'd be something I'd want to use. The correct answer for companies is to 1) forbid its use (just like you wouldn't let employees PGP-encrypt their work), and 2) find out how to disable it in Active Directory. Don't just dike out the functionality, though!
Dewey, what part of this looks like authorities should be involved?
Oh great, they retracted the article too!
But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 (redirects to download.microsoft.com) all that was removed was the HTML download page.
On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?
I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea. Good stuff :)
http://religiousfreaks.com/TrueCrypt is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
I recognize that there may be some degree of opprobrium as a result of pointing this out, as most of us here believe in bringing the newest and fastest technology to bear on a given problem. I don't disagree with this approach; indeed, given Moore's Law and costs not dramatically increasing, one would be a fool not to recommend the regular upgrade of hardware and software every two to five years, depending on circumstances.
Irregardless, news such as this points out that sometimes blindly following technology without carefully measuring its implications on IT and data processing can create issues. In the interest of bettering our approach to systems analysis and design, I feel it is important to quote: approximately 90% of the typical activities on 1/3rd of the computer systems out there can take 10-15% longer than performing their equivalents using a 50/50 methodology of planning the computing tasks first, computing the planned tasks second. In other words, you have to know where you are and where you want to be before you purchase and implement new systems; otherwise you not only run the risk of a wasted investment in extra or unnecessary technology (such as private folders when you only need and want public ones) but of having to backtrack and start again to purchase new technology to meet current, previous and future uses.
Unfortunately this seems intuitive but it's not; in fact, in many ways it can actually be seen to be counterintuitive. In other words, it's a balance -- one of considering the importance of keeping pace with current technology while retaining past and projected compatability with previous and anticipated data storage and processing needs.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Why is there an option to adjust view incidence of Apple, but not MS? I would love to be able to have the option to push MS out to the horizon, please?
"...but it's a bit of a sloppy release by Microsoft"
Hate it when that happens...
Couldn't they have just put a warning message/dislaimer in?
This sort of kneejerk reaction, removing a useful feature, is excedingly irritating. It's not users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...
I'm really starting to wonder if windows administrators should be working at my local burger king instead of with computers. It seems an awful lot of MS policy is dictated by these neanderthols. Hey - nice encryption feature added, and admins freak because they don't know how to block it. Sounds like the administrator's fault - they can't keep their users from installing unauthorized software? Encrypted folders should be the LEAST of their worries.
It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?
I tried this out on my personal computer and the most annoying thing about it is that you have to store it on the desktop.
There are far better third party folder encrypters out there than MPF.
Windows Private Folders was released with the best of intent, but I can see 3-4 things that would have made it not so controversial.
First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.
Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.
Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?
Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.
MS seems to have forgotten who their real customer is.
They didn't make controlling this easy enough for that customer.
Security solutions need to be thought out a bit more carefully.
What about using backdoored crypto with corporate issued keys? Wouldn't this make most everyone happy?
It's a shame that Microsoft caved in to the whining of the IT control freaks. There are legitimate reasons to encrypt sensitive information, even in the corporate setting. If you think that the possession of the Administrator password means that you should have unfettered access to every scrap of data on the network, you need to see a psychiatrist about your delusions.
Mea navis aericumbens anguillis abundat
Sometimes its about obsessive-compulsive lockdown freaks, but unfortunately in a number of businesses, IT *has* to be control freaks so the business doesn't get fined out of existance and people put in prison. Banks, hospitals, and other industries have to be very careful not to run afoul of HIPAA, Sox or other laws, unless they want the SEC to start coming in with a motion of discovery in hand to start auditing, and hit the company with very high fines should even a single financial E-mail have been deleted instead of being archived for seven years. No company wants the SEC or some audit board to start going through every file, folder, or hard disk, so its pretty normal for an IT group to be heavy-handed.
How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?
Log on as a user. "encrypt" a file.
Log on as an administrator. Go try and read that file.
With MS's new toy, that wouldn't happen.
I might be no expert in this area, but ... let's see...
... how?
1. Patch for data encryption feature.
2. User using data encryption.
3. Patch for removial of data encryption.
4. User accessing his encrypted data
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But why are enterprise end users installing software? Dont blame Microsoft for your problems.
Why are you frantically trying to block something you dont know about - why dont you solve that problem by only allowing the software that has been approved? Why are there people that still dont understand that if a user can install appX, they can install virusX too? I mean really, you do understand this right?
This was a home user product. IT wasnt intended for businesses.
Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
.sig: file not found
Not that I agree with incopetent IT managers who can't figure out how to lock certain options in a system dictating software policy for Microsoft but while individuals may have a right to privacy and to keep things to themselves, they certainly don't have a right to store it on MY system. The problem is, too many people assume that because they use something it is now theirs to do with as they please and that's not the case. The computer belongs to the company, if they let you do non work related things on that computer that's their perogative but you have no right to use that computer for any purpose other than those the company allows you to do. Now by the same token I believe that if a company is going to require that I use my personal equipment for a job, that I have the same rights and control over that equipment as they have over theirs which means if I want to store that information triple encrypted that's my perogative because it's my machine. But unless it's a personal machine, you have no rights to do anything on it.
T Money
World Domination with a plastic spoon since 1984
Unless all decryption keys are registered on the domain controller.
I agree, but at the same time, turing this feature off is equally as logical as removing the delete key from the system.
You already have a level of trust with your users. Why doesn't that trust extend to a new techology with the same level of associated potential concequences (data loss)?
The only possible answers to that question are that you don't really trust your users at all (in which case you're a moron for giving them any access before giving them training), or that you don't understand the new technology. Which is it?
I was not impressed.
Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.
Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....
'irregardless' IS a properly constructed word. It means 'not regardless', which is not, I'm sure, what he meant to convey.
I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea.
Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.
At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.
Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.
As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
Gee, I can't even download, much less install, *anything*.msi behind our firewall (which makes both the Berlin and Great Walls look like garden decorations). So maybe M$ is responding to inept or poor "IT managers" - in which case there's the real problem.
I work at a small company, where my role only requires me to spend part of my time as an IT admin. I take this same approach, and find it's mutually beneficial. Users don't have install rights, but I also will install things on individual workstations that people ask for. (They actually used to have install rights on their personal workstations - not if they logged into others - but I had to take it away because they'd blindly install some web background program that would install 30 spyware applications. They were understanding when I removed that right after they saw the damage it caused). I've helped people setup their personal email accounts in thunderbird.
I've read articles talking about how if you don't allow people time to do personal tasks at work, that instead of taking 5 or 10 or even 30 minutes of work time, they'll take a sick or vacation day to catch up on errands, and I can see this happening. Personally I don't really mind fixing a server issue on the weekend or late at night, because I'm afforded this flexibility at work. At some offices, as soon as it hits 5:00pm, everyone drops what they're doing and goes home.. that's just a sad situation. It's not that people should be expected to work late, or work exactly their 8 hours per day, but if, for example, a task will take 20 minutes to finish before you go home, versus 45 minutes if you have to start in the morning when it's no longer fresh in your mind, it's better to stay the 20 minutes. In a company where workers are prohibited from doing anythink but work on company time, they're obviously not going to be willing to go the other way, and sacrifice their personal time for work.
Speak before you think
You just use steganography to hide the video game walkthroughs and Linux HOWTOs in a bunch of barnyard porn. She'll never find them.
Realistically, it is often better to let users know that they are not being treated like a bunch of slaves, crooks, children or sheep at the workplace, but that management and IT administration have the right and ability to lock things down at any time for any reason. More importantly, it helps to let users know how public some of the activities they naively think are private actually are.
Pointing out to a user that her favorite screensaver or wallpaper image comes from an external (to the organization) source that is not to be trusted, and showing her a relatively easy to read headline article on a major Web site she's heard of that details how such external connections cause real problems serves a couple of major purposes. It shows that you aren't making rules just because you can (or enjoy lording them over hapless users) and also encourages her to learn more about computers, how they work on the 'Net, and computer security.
I prefer education to enforcement as my primary means of preventing internally generated IT hassles. If users have to be treated like dumb and/or malicious animals, why would one want to be working in IT for such an organization? Most organizations, unlike public schools and correctional institutions, do not have to allow just anybody more than guest access to their systems. Don't expect to get much useful work out of users who are treated like school kids or convicts, but do expect to see them strive for excellence as they develop innovative ways to get around your rules/edicts, just as children and felons do in other areas of real life.
Oh, yeah, a good system administrator should study Sun Tzu's The Art of War, everything I posted above notwithstanding...just in case it comes to that.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
It uses some data from the user's profile as an encryption key. If you re-install the OS, or delete the user account - your data are really gone.
You cannot access EFS encrypted data if you mount the hard disk to a different machine; nor you can do that if you're dual booting.
So volume-based encryption tools such as Private Disk or TrueCrypt are a better idea. Not only that they give you more features, but they use more reliable encryption mechanisms. (EFS uses 3DES, and you get AES if you apply a service pack)
The saddest poem
Nice quote from Stuart Graham there, complaining about all the extra work he now (alledgedly) has.
I replied to him on that site. If he's not running a decent group policy to stop non-admin users from installing any old crap on their machines, he deserves all the extra work he gets. If he's any kind of enterprise sysadmin, he wouldn't even bat an eyelid at this piece of software.
That might very well be the case in the US, but here in the EU, the jurisprudence in place here has recognized that there is a certain privitazation during working hours, and an employee therefore has the human right of privacy, within limits, at work. Thus, you're allowed to use a work telephone to call your doctor without the call being taped (could be a different phone than the one on your desk) as well as using your corporate e-mail address for personal correspondence in the expectation that it won't be read (using PRIVATE on the subject line, or having an Inbox folder labeled as such).
Now, IANAL, but I was a member of my company's Works Council and did all the research when my company started implimenting an Internet/E-mail policy, and have read some of the decisions made by the European Court of Human Rights, including commentary and suggestions from the semi-governmental privacy watchdog. A 'private' folder for working on a new resume, or other such personal things, most definitely would be allowed and the Administrators cannot just go into them even though the computer is company property.
Of course, there are limits as to what you can do privately, and companies can impose reasonable and justifiable restrictions (no porn, no racist content) BUT an employee can expect that system admins won't go into a folder marked PRIVATE without a very serious suspicion of something going on. If you do, the employee stands a good chance of winning a lawsuit should less intrusive methods weren't used first.
A simpler answer to this folder issue would be to either lock users out of installing software on their own (which given the number of programs that need Admin rights to run isn't always an option) or by having a policy in place that states no IT help will be given for unauthorized installations, and enforce it. Or inform the users that regular scans will be made of installed programs and sanctions will be applied to those found with unexplained programs, like this encrypted folder.
Microsoft forgot that other companies treat there users like dumb shits and don't want to face up to the facts.
People, stop being fucking elite about the computers. I have worked with people who are scared to do anything with the computers becasuse of IT's attitude.
Here is a clur, tell the people if they use it and loose the password the data is gone. Most people will get that. If they don't and they loose valuable data too bad. They'll catch on, or they will be shown the door.
The Kruger Dunning explains most post on