Slashdot Mirror
Microsoft Retracts Private Folder Option
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
If it actually worked as advertised, that'd be something I'd want to use. The correct answer for companies is to 1) forbid its use (just like you wouldn't let employees PGP-encrypt their work), and 2) find out how to disable it in Active Directory. Don't just dike out the functionality, though!
Dewey, what part of this looks like authorities should be involved?
Oh great, they retracted the article too!
But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 (redirects to download.microsoft.com) all that was removed was the HTML download page.
On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?
TrueCrypt is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
I'm really starting to wonder if windows administrators should be working at my local burger king instead of with computers. It seems an awful lot of MS policy is dictated by these neanderthols. Hey - nice encryption feature added, and admins freak because they don't know how to block it. Sounds like the administrator's fault - they can't keep their users from installing unauthorized software? Encrypted folders should be the LEAST of their worries.
It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?
Do not ever say "lol" on slashdot again, do you understand me? Never. This is my sanctuary from the rest of the internet. If you ruin it I will hunt you down. Same goes for not capitalizing, needlessly doubling question marks, and smileys, to a lesser extent. This is not AIM.
By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"
ResidntGeek
Windows Private Folders was released with the best of intent, but I can see 3-4 things that would have made it not so controversial.
First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.
Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.
Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?
Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.
Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
.sig: file not found
You must have pretty low standards if you think of Slashdot as a refuge from idiocy.
That's exactly what I have. I just graduated from a Catholic school, in Florida. You can guess how much faith I have in other people.
ResidntGeek
Being able to access the data and actually doing so are two different things.
I need to be able to access the data, if only for backup purposes. The person in the company with the password might be run over by a bus tommorow. Or if you prefer something less dramatic, they may regularly change their password (good!), forget their old one (who cares?) and then need to restore from an old backup to prove what was on the system 6 months ago (Ah....).
But at the same time, with that power comes responsibility. If I was found to be accessing the data for any purpose other than "to provide a copy to give people who have a legitimate need to access it", I'd be sacked so fast....
I'm sure people will flame for this, especially hard core IT types, but at some level the reason that users forget passwords lies with IT/Security types themselves. Forcing users to remember passwords on multiple, disparate systems that each have unique restraints (No passwords that have been used in the last X changes, 3 different character classifications, passwords must be X characters long, that must be changed every X days) almost forces users to write down their passwords somewhere that they can retrieve them easiy. The problem is further compounded when the users is locked out after only a very few attempts. I understand the reasoning behind every rule but it is unreasonable, in my opinion, to force some sort of data entry clerk or analyst to remember logins for 4 different, often times rarely used, accounts that all have different security parameters. If you can't provide single sign on for your users and you have DOD grade requirements, then I think you lose the justification for being upset when they forget their passwords.
Just my humble opinion,
Chris
I see you've never worked in support, have you? The sysadmins WILL be held responsible for all data on the network, even if they are not given access to it. Therefore, it's in the syadmin's best interest to make sure that they can acquire access to it in any type of emergency. Besides, with full access to all the workstations, do you think that bypassing encryption on files that are still accessable is terribly difficult? There are a lot of keyloggers out there, and I'm sure one of them would be able to sniff the password as it was entered. If you're unable to trust your system administrators, you've got bigger problems.
I used up all my sick days, so I'm calling in dead.
I think you're viewing the issue too narrowly.
In any large company, there is a lot of information floating around that you are probably better off not having access to.
While it doesn't make sense to have every secretary and general low-level peon be able to encrypt stuff in such a way that nobody can ever recover them, I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.
If you work someplace where there isn't any internal backstabbing, and nobody above you would ever consider hanging their poor sysadmin out to dry in order to save their own pillowtalking ass, then great. Let me know where to send my resume.
Generally speaking, while I would want to be sure that I had admin/override rights to all the people below me in a chain of command, I wouldn't want to have those rights to people above me in the chain of command. Not because I'd find the idea of reading my boss' email particularly tempting, but because when something Bad Happens, I want to be able to say with absolute candor, not only didn't I do anything, but I couldn't possibly have done anything.
It's like having the keys to a file cabinet which contains information way above your security clearance level. I wouldn't want to have them, because I don't want to be the guy in the hot seat when somebody way above my pay grade fucks up and decides to find someone expendable to take the blame.
Let the executives have their personal encrypted folders, with a nice big warning sign that says "If you forget your password, NOBODY ELSE WILL BE ABLE TO ACCESS THIS." If they forget their passwords, then it's their problem, or if they maliciously encrypt things as they're tendering their resignation, then it's Legal's problem. The last thing I'd want to do is make it my problem.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea.
Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.
At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.
Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.
As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
I see you've never worked in support, have you? The sysadmins WILL be held responsible for all data on the network, even if they are not given access to it.
This is like saying the Postal Service is responsible if a letter I write in Sanskrit arrives at its destination in Sanskrit instead of English.
The sysadmin should preserve the data just fine, the encrypted data. If employees keep losing their work to encryption, treat the employees the same way you would treat them if they keep inadvertantly shredding important documents. You wouldn't complain to the shredder company because the shredder doesn't have an undo button.
> You wouldn't complain to the shredder company because the shredder doesn't
> have an undo button.
I wouldn't, but my users probably would.
By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"
Not unless it was the password the user chose to encrypt the data with.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
You just use steganography to hide the video game walkthroughs and Linux HOWTOs in a bunch of barnyard porn. She'll never find them.
Something about the fact that this was modded "informative" is frankly scary.
There are plenty of good reasons for encrypting data on a work machine. The first one that comes to mind is personal data stored on the machine, such as tax returns, or scanned copies of ID and credit cards for emergency use. Sure, people really should keep it on personal machines and not work machines, but that isn't always practical.
Companies with "Big Brother" policies also come to mind. Things like your personal resume (which we should always keep up to date), or contact lists might be construed as someone job-shopping and lead to retribution. Seen it happen.
Lastly, there is the legitimate issue of controlling data access at a more granular level. All kinds of HR information need to be eyes-only, and not subject to the SysAdmin's probing eyes. One old job, the system administrator found the spreadsheet with everyone in the company's salary, coming bonus (2 months), and raise (3 months out) information. This led to several people jumping ship or demanding more money, and created a lack of trust of management. Personnel disciplinary letters should also be protected in some organizations.
Without the facility, many of these documents become "sneaker-netted", which doesn't help the organization any.