Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Retracts Private Folder Option

Zonk posted more than 8 years ago | from the hey-no-takebacks dept.

336

An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."

cancel ×

336 comments

Sorry! There are no comments related to the filter you selected.

That could've been a good feature! (5, Insightful)

Just Some Guy (3352) | more than 8 years ago | (#15725076)

If it actually worked as advertised, that'd be something I'd want to use. The correct answer for companies is to 1) forbid its use (just like you wouldn't let employees PGP-encrypt their work), and 2) find out how to disable it in Active Directory. Don't just dike out the functionality, though!

Re:That could've been a good feature! (5, Interesting)

Anonymous Coward | more than 8 years ago | (#15725091)

Here is an idea for those IT managers complaining, DONT allow users to install applications. What kind of a security policy do you have that allows users to just install software. Frankly I like this feature, it is simple to use for home, and is a better option than EFS at home.

Re:That could've been a good feature! (0)

Anonymous Coward | more than 8 years ago | (#15725158)

On XP home, I can give my users only the most basic rights, they belong to the group Users. This is as limited as it gets, and they can still install programs by default (they just have to be signed and can't make machine/domain level changes).

Re:That could've been a good feature! (4, Insightful)

Penguin Follower (576525) | more than 8 years ago | (#15725335)

"On XP home, I can give my users only the most basic rights, they belong to the group Users. This is as limited as it gets, and they can still install programs by default (they just have to be signed and can't make machine/domain level changes)."

Of course, we're talking about the enterprise here, so XP Home is an exception. In an Active Directory domain, using Group Policy I can pretty much lockdown whatever I need to. I could make your start menu have only a couple items, make your account use a predefined user profile (and a read-only profile at that so, that any changes you make are gone at next login). I can even set domain-wide everyone's home page in Internet Explorer (and I can change pretty much every other setting in IE as well). The point being here, is that as the original poster said, you can lock Windows down to disallow users installing updates from Microsoft.

Re:That could've been a good feature! (2, Insightful)

nurb432 (527695) | more than 8 years ago | (#15725280)

Just tell users 'if you use this and lose data you are on your own' and ' if you use this and hide anything you are violiting our AUP and subject to termination'.

Actually we do allow PGP, under the premise 'if you hose it, your data is gone'.

Nothing for you to see here. Please move along. (4, Informative)

The MAZZTer (911996) | more than 8 years ago | (#15725077)

Oh great, they retracted the article too!

But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 [betanews.com] (redirects to download.microsoft.com) all that was removed was the HTML download page.

On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?

Why didn't MS see this coming? (2, Insightful)

gasmonso (929871) | more than 8 years ago | (#15725080)

I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea. Good stuff :)

http://religiousfreaks.com/ [religiousfreaks.com]

Re:Why didn't MS see this coming? (0)

iceqb (952368) | more than 8 years ago | (#15725103)

lol whats the problem, make the private folders accessable by the administrator user ?? M$ is pissing me off saying theyre gonne release all kind of stuff (winfs anyone :P) and then retract/postpone it.

Re:Why didn't MS see this coming? (5, Funny)

ResidntGeek (772730) | more than 8 years ago | (#15725132)

Do not ever say "lol" on slashdot again, do you understand me? Never. This is my sanctuary from the rest of the internet. If you ruin it I will hunt you down. Same goes for not capitalizing, needlessly doubling question marks, and smileys, to a lesser extent. This is not AIM.

By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"

Re:Why didn't MS see this coming? (0)

Anonymous Coward | more than 8 years ago | (#15725148)

lol!! whats you're problem man?? cant u take a joke ;)

Key escrow? (2, Insightful)

tepples (727027) | more than 8 years ago | (#15725215)

You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"

Unless all decryption keys are registered on the domain controller.

Re:Key escrow? (0)

Anonymous Coward | more than 8 years ago | (#15725235)

data encrypted with a key escrowed with the sysadmin is data that might as well not be encrypted

Re:Key escrow? (4, Insightful)

Trepalium (109107) | more than 8 years ago | (#15725304)

I see you've never worked in support, have you? The sysadmins WILL be held responsible for all data on the network, even if they are not given access to it. Therefore, it's in the syadmin's best interest to make sure that they can acquire access to it in any type of emergency. Besides, with full access to all the workstations, do you think that bypassing encryption on files that are still accessable is terribly difficult? There are a lot of keyloggers out there, and I'm sure one of them would be able to sniff the password as it was entered. If you're unable to trust your system administrators, you've got bigger problems.

MOD PARENT UP (0, Redundant)

jimicus (737525) | more than 8 years ago | (#15725324)

If I had mod points and hadn't already posted, that would be getting a +1 insightful striaght away.

Re:Why didn't MS see this coming? (5, Funny)

Xzzy (111297) | more than 8 years ago | (#15725218)

You must have pretty low standards if you think of Slashdot as a refuge from idiocy.

Re:Why didn't MS see this coming? (5, Funny)

ResidntGeek (772730) | more than 8 years ago | (#15725281)

That's exactly what I have. I just graduated from a Catholic school, in Florida. You can guess how much faith I have in other people.

Re:Why didn't MS see this coming? (2, Insightful)

jimicus (737525) | more than 8 years ago | (#15725318)

By the way, the folders are fucking ENCRYPTED. You can't decrypt data by saying "THIS IS YOUR ADMINISTRATOR, OPEN UP!"

IMO, most of the "But we need to be able to stop the admin seeing stuff" comments are probably from kids still in school, who would rather the affected data was lost than be readable by the admin in the event of something bad happening. (They generally give themselves away when they say "My school blocked this...")

It would be interesting to see how many of them retain this view the first time they lose data in a work environment.

Re:Why didn't MS see this coming? (2, Insightful)

fisher182 (110270) | more than 8 years ago | (#15725123)

perhaps they simply aren't as incompetent as the so called "IT managers" and therefore don't think at that level?

"this looks good, let's release it." "oh noez i can't keep my users from installing this and then forgetting their passwords! arrrrrrgh m$ is teh evils!" "damn, these idiots managed to mess up a good thing once again, pull it back until the clowns managing networks can catch up to the rest of us or get fired and replaced with people who didn't go to Burger King Tech Institute."

Re:Why didn't MS see this coming? (3, Interesting)

uarch (637449) | more than 8 years ago | (#15725134)

Because its not IT people developing the features.

At most companies the closest developers (and PM's if you're MS) at come to IT is when they have a problem with their office workstation. They call/email IT and someone swings by to fix the problem.

Sure, there are companies where the IT people think up & implement features in key products. MS is not one of them.

Re:Why didn't MS see this coming? (1)

jt2377 (933506) | more than 8 years ago | (#15725183)

private folder is great for home users; just 'cause IT managers going ape-shit about it doesn't mean MS didn't develope it with good intention. how come no one throw out the usual Opensource response to this new "feature". you know the usually "i don't want this feature added to already bloated Windows!"..etc.

Re:Why didn't MS see this coming? (1)

serial_crusher (591271) | more than 8 years ago | (#15725224)

There already is an open source version: http://www.truecrypt.org/ [truecrypt.org]

Private Folders, harsh admins, and common sense (4, Insightful)

FractalZone (950570) | more than 8 years ago | (#15725375)

I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea.

Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.

At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.

Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.

As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.

Who cares... (5, Informative)

Poromenos1 (830658) | more than 8 years ago | (#15725082)

TrueCrypt [truecrypt.org] is your friend. It's open source, it mounts as a drive and you can even have hidden volumes (so you can deny having stored porn when your gf tells you to show her). It's great.

Re:Who cares... (3, Funny)

Sheetrock (152993) | more than 8 years ago | (#15725135)

Well, one can do this at the risk of having her think you're pleasuring yourself to video game walkthroughs and Linux HOWTOs, anyway.

Re:Who cares... (1)

creepynut (933825) | more than 8 years ago | (#15725213)

Hey! We don't all get off to the same stuff!

Re:Who cares... (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15725365)

First, if you had a gf, why do you need to please yourself to porn? especially if she's open to sex.

Two, This is Slashdot, people having girlfriends? IMPOSSIBLE!

Three, GIRLS DO NOT EXIST ON THE INTERNET.

Re:Who cares... (5, Funny)

lawpoop (604919) | more than 8 years ago | (#15725248)

Hey, I was always *excited* when a gfr asked me to show her the porn ... ;)

Re:Who cares... (4, Funny)

Poromenos1 (830658) | more than 8 years ago | (#15725263)

Not when "the porn" is pictures of her you took when she was sleeping ;p

Re:Who cares... (5, Funny)

Anonymous Coward | more than 8 years ago | (#15725270)

...6 years before she met you.

Re:Who cares... (4, Funny)

Kadin2048 (468275) | more than 8 years ago | (#15725277)

It's way worse when "the porn" is pictures of other people that you took when they were sleeping.

Re:Who cares... (1)

Mathness (145187) | more than 8 years ago | (#15725371)

Oh yeah, it is great. Until the day you come home to find that your gf have made a backup of all data she could find on the HD, repartioned the whole drive to install Linux on it, just to show how much she loves you.
And when she says to you "I love you hon, don't you like my present?", all you can think is "NooooooOOoooo my porn" and pretend it is tears of joy.

Yeah, got to love that hidden volumes feature.

What an example of technology outpacing function.. (3, Funny)

Sheetrock (152993) | more than 8 years ago | (#15725089)

I recognize that there may be some degree of opprobrium as a result of pointing this out, as most of us here believe in bringing the newest and fastest technology to bear on a given problem. I don't disagree with this approach; indeed, given Moore's Law and costs not dramatically increasing, one would be a fool not to recommend the regular upgrade of hardware and software every two to five years, depending on circumstances.

Irregardless, news such as this points out that sometimes blindly following technology without carefully measuring its implications on IT and data processing can create issues. In the interest of bettering our approach to systems analysis and design, I feel it is important to quote: approximately 90% of the typical activities on 1/3rd of the computer systems out there can take 10-15% longer than performing their equivalents using a 50/50 methodology of planning the computing tasks first, computing the planned tasks second. In other words, you have to know where you are and where you want to be before you purchase and implement new systems; otherwise you not only run the risk of a wasted investment in extra or unnecessary technology (such as private folders when you only need and want public ones) but of having to backtrack and start again to purchase new technology to meet current, previous and future uses.

Unfortunately this seems intuitive but it's not; in fact, in many ways it can actually be seen to be counterintuitive. In other words, it's a balance -- one of considering the importance of keeping pace with current technology while retaining past and projected compatability with previous and anticipated data storage and processing needs.

Re:What an example of technology outpacing functio (0)

Anonymous Coward | more than 8 years ago | (#15725133)

I dare someone to mod this up.

Re:What an example of technology outpacing functio (0, Offtopic)

Anonymous Coward | more than 8 years ago | (#15725189)

I gave you the 25 cents for using the word "opprobrium", however, I had to take it back when you said "Irregardless" instead of just "Regardless".

The correct way is to simply say, "Regardless, news such as this..."

Your net score is $0.00. Please try harder next time.

Thx.

Re:What an example of technology outpacing functio (-1, Troll)

sohp (22984) | more than 8 years ago | (#15725293)

Because "irregardless" is not a word, anything else you might have said in your comment went into my bitbucket the moment I hit that abomination.

Re:What an example of vocabulary outpacing functio (3, Informative)

mliikset (869292) | more than 8 years ago | (#15725337)

'irregardless' IS a properly constructed word. It means 'not regardless', which is not, I'm sure, what he meant to convey.

Speaking of which (3, Funny)

djupedal (584558) | more than 8 years ago | (#15725090)

Why is there an option to adjust view incidence of Apple, but not MS? I would love to be able to have the option to push MS out to the horizon, please?

"...but it's a bit of a sloppy release by Microsoft"

Hate it when that happens...

Sigh.. (3, Insightful)

ChowRiit (939581) | more than 8 years ago | (#15725092)

Couldn't they have just put a warning message/dislaimer in?

This sort of kneejerk reaction, removing a useful feature, is excedingly irritating. It's not users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...

Re:Sigh.. (0)

Anonymous Coward | more than 8 years ago | (#15725175)

It's not [that] users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...

You obviously don't work in IT.

Re:Sigh.. (0)

Anonymous Coward | more than 8 years ago | (#15725210)

After getting to know people, I'd have to say they don't usually plan on forgetting their password. They just do. (One of the problems with squishy-brain memory.)

Re:Sigh.. (4, Insightful)

will592 (551704) | more than 8 years ago | (#15725303)

I'm sure people will flame for this, especially hard core IT types, but at some level the reason that users forget passwords lies with IT/Security types themselves. Forcing users to remember passwords on multiple, disparate systems that each have unique restraints (No passwords that have been used in the last X changes, 3 different character classifications, passwords must be X characters long, that must be changed every X days) almost forces users to write down their passwords somewhere that they can retrieve them easiy. The problem is further compounded when the users is locked out after only a very few attempts. I understand the reasoning behind every rule but it is unreasonable, in my opinion, to force some sort of data entry clerk or analyst to remember logins for 4 different, often times rarely used, accounts that all have different security parameters. If you can't provide single sign on for your users and you have DOD grade requirements, then I think you lose the justification for being upset when they forget their passwords.

Just my humble opinion,
Chris

Re:Sigh.. (3, Insightful)

CastrTroy (595695) | more than 8 years ago | (#15725353)

There's nothing wrong with writing your password down and keeping it in your wallet. You keep your credit cards, money, social insurance card, and a lot of other important stuff in your wallet. Why wouldln't your passwords be safe in your wallet. Besides, if you write them in a secret code, then nobody else can read them.

Okay, so they patched it out ... (1)

ScrewMaster (602015) | more than 8 years ago | (#15725093)

how do I patch it back in?

Separate enterprise (1)

Nightspirit (846159) | more than 8 years ago | (#15725099)

I guess they are doing this 1/2 assed for windows vista, but it would be nice to have different home and enterprise OS versions. A decent amount of features have been cut or rolled back because of enterprise. For example, personal folder encryption, wifi synch over activsynch, and I'm sure at least a couple others.

incompetent? (4, Insightful)

MustardMan (52102) | more than 8 years ago | (#15725104)

I'm really starting to wonder if windows administrators should be working at my local burger king instead of with computers. It seems an awful lot of MS policy is dictated by these neanderthols. Hey - nice encryption feature added, and admins freak because they don't know how to block it. Sounds like the administrator's fault - they can't keep their users from installing unauthorized software? Encrypted folders should be the LEAST of their worries.

It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?

Re:incompetent? (0)

Anonymous Coward | more than 8 years ago | (#15725198)

But it's not that easy!! Windows automatically updates itself when the patches are released... =(

Re:incompetent? (4, Insightful)

93 Escort Wagon (326346) | more than 8 years ago | (#15725291)

"It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?"

Ah, who says Microsoft doesn't know how to do PR? "Patch Tuesday" was indeed sold to us as being schedule friendly; but the actual intent was to improve Microsoft's security image. Microsoft realized that releasing patch after patch every few days was making people think (rightly) that their OS was riddled with bugs and holes - even the non-IT press was talking about it.

It seems to have largely worked. What with the "express install" option and such, most folks don't even realize they're installing 18 separate patches for a given month. We even get people on here, who should know better, mouthing untruths like "Oh, no one even knew about those holes until Microsoft patched them - so it's the user's fault if they get hacked".

Re:incompetent? (0)

Anonymous Coward | more than 8 years ago | (#15725340)

I'm a Windows administrator, and your post is dead on. I work with a few if these 'neanderthols' every day. They freak and reject anything that doesn't come with the proverbial "easy button". And as for unix/linux - forget it. They won't touch it with a ten foot pole. It scares the crap out of them.

i tried this out... (2, Insightful)

Ichigo Kurosaki (886802) | more than 8 years ago | (#15725105)

I tried this out on my personal computer and the most annoying thing about it is that you have to store it on the desktop.

There are far better third party folder encrypters out there than MPF.

Re:i tried this out... (2, Informative)

The MAZZTer (911996) | more than 8 years ago | (#15725127)

Yo can delete the icon from your desktop. Then you can access it from explorer under Desktop... want it somewhere else? That's why we have shortcuts. :)

Or if you want to be slicker about it you can get the NTFSLink tool and make a Junction to C:\Documents and Settings\\My Private Folder.

Still available from microsoft... (0)

Anonymous Coward | more than 8 years ago | (#15725108)

Download it direct: click here. [microsoft.com]

Or maybe, this is a false-flag operation by the government encourage windows users to use easily breakable encryption? What kind of encryption does this use, anyway?

EFS is very poorly documented. Limits & failur (1)

Futurepower(R) (558542) | more than 8 years ago | (#15725114)

See this thread: EFS [slashdot.org] is Microsoft encryption that is also poorly implemented.

I have heard no complaints about TrueCrypt [truecrypt.org] , which is free, open source, developed by people with serious intelligence and dedication, and supports both Windows and Linux.

Re:EFS is very poorly documented. Limits & fai (0)

Anonymous Coward | more than 8 years ago | (#15725195)

It's not poorly documented, you fuckwits and others like you are just incapable of reading any fucking documentation. EFS is implemented via standards. Encryption is handled through x509 certificates which are readily available from the personal certificates store on the system. The EFS documentation plainly recommends that you back these certificates up.

Google + "Windows EFS" = first link

http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx [microsoft.com]

If it's not in man format, translated poorly like furniture directions from Ikea, apparently it doesn't exist.

Who's threatened? (0, Flamebait)

sane? (179855) | more than 8 years ago | (#15725119)

Is the problem here the IT managers, or Microsoft?

From my perspective I consider businesses and the IT gestapo all to ready to claim that everything that touches 'their' machines their sole property. The reality is that individuals have a right to privacy and a right to keep certain things to themselves - whichever computing resource they might use. Some companies seem to be run along very fascist lines.

Encrypted folders are not the threat, over inquisitive BOFH and PHB are the threat.

Re:Who's threatened? (3, Insightful)

MoneyT (548795) | more than 8 years ago | (#15725193)

Not that I agree with incopetent IT managers who can't figure out how to lock certain options in a system dictating software policy for Microsoft but while individuals may have a right to privacy and to keep things to themselves, they certainly don't have a right to store it on MY system. The problem is, too many people assume that because they use something it is now theirs to do with as they please and that's not the case. The computer belongs to the company, if they let you do non work related things on that computer that's their perogative but you have no right to use that computer for any purpose other than those the company allows you to do. Now by the same token I believe that if a company is going to require that I use my personal equipment for a job, that I have the same rights and control over that equipment as they have over theirs which means if I want to store that information triple encrypted that's my perogative because it's my machine. But unless it's a personal machine, you have no rights to do anything on it.

Re:Who's threatened? (2, Insightful)

ivan256 (17499) | more than 8 years ago | (#15725246)

I agree, but at the same time, turing this feature off is equally as logical as removing the delete key from the system.

You already have a level of trust with your users. Why doesn't that trust extend to a new techology with the same level of associated potential concequences (data loss)?

The only possible answers to that question are that you don't really trust your users at all (in which case you're a moron for giving them any access before giving them training), or that you don't understand the new technology. Which is it?

Re:Who's threatened? (1)

jimicus (737525) | more than 8 years ago | (#15725346)

You already have a level of trust with your users. Why doesn't that trust extend to a new techology with the same level of associated potential concequences (data loss)?

Because every time data is lost, regardless of the cause, IT is expected to wave its magic wand and bring the data back. Sooner or later, the person losing the data is going to be high enough in the pecking order to get someone in IT sacked because the data wasn't recoverable.

Re:Who's threatened? (1)

ShaneThePain (929627) | more than 8 years ago | (#15725228)

You had SOME credibility, then you used "Fascist" where you should have said " Authoritarian"

Know the truth. www.americanfascistmovement.com

Fascism Forward!

Re:Who's threatened? (1)

biglig2 (89374) | more than 8 years ago | (#15725237)

How do we keep finding these people who've never heard of Goodwins law?

Anyhow, back on topic, let me ask you some questions: your work machine, did you buy it yourself? Did you pay for it out of your own pocket? Did the company give it to you to put your own private stuff on? The data your produce, did the company tell you to keep it yourself, that they don't want it? Has your company lawyer told you that it's fine to keep anything you want on that machine, that being sued is fun? Did you sign a contract saying that if the computer locks up and a vital document is lost and the company loses a big deal, that you'll pay them every penny back? Did your ISO9000 inspectors tell you the whole thing was no big deal, and that your company policies are pretty much just guidelines?

Re:Who's threatened? (1)

sane? (179855) | more than 8 years ago | (#15725302)

If personal freedom and democracy is such a good way to run a country, why is it supposed to be a no no for a company. Think back, who told you it was?

Companies pay fees for specific work; they don't own souls.

Re:Who's threatened? (1)

0racle (667029) | more than 8 years ago | (#15725393)

They do own the hardware and data you produce for them. They buy that time and work from you. Just because you believe that democracy is a good political model, doesn't mean it must be good and applied everywhere.

Why do i get the feeling its about lost control... (0, Redundant)

plasmacutter (901737) | more than 8 years ago | (#15725128)

Why do i get the feeling that for "IT managers" at major companies, known for doing things like using the patriot act to snoop myspace/facebook of prospective employees.. and to do far worse to the privacy of current employees, that it's about lost control and lost ability to compromise 110% of employee privacy?

Re:Why do i get the feeling its about lost control (0)

Anonymous Coward | more than 8 years ago | (#15725151)

Exactly. Power tripping admins crying about Sarbanes Oxley or whatever the alarmist flavor of the month is and that they need access to every file on the network. Fortunately, saner heads prevail at most companies.

Re:Why do i get the feeling its about lost control (2, Insightful)

dfloyd888 (672421) | more than 8 years ago | (#15725156)

Sometimes its about obsessive-compulsive lockdown freaks, but unfortunately in a number of businesses, IT *has* to be control freaks so the business doesn't get fined out of existance and people put in prison. Banks, hospitals, and other industries have to be very careful not to run afoul of HIPAA, Sox or other laws, unless they want the SEC to start coming in with a motion of discovery in hand to start auditing, and hit the company with very high fines should even a single financial E-mail have been deleted instead of being archived for seven years. No company wants the SEC or some audit board to start going through every file, folder, or hard disk, so its pretty normal for an IT group to be heavy-handed.

Re:Why do i get the feeling its about lost control (1)

plasmacutter (901737) | more than 8 years ago | (#15725169)

I'm thinking more along the lines of ..

"companies like at&t, verizon, and other telcos sharing your info with the NSA *have* to be lockdown freaks or those dirty whistleblowers will get them fines and prison"

Eye-tee martinets can't spy on users. (0, Offtopic)

Ph33r th3 g(O)at (592622) | more than 8 years ago | (#15725131)

Oh, the humanity.

WPF was released with good intentions (5, Insightful)

dfloyd888 (672421) | more than 8 years ago | (#15725136)

Windows Private Folders was released with the best of intent, but I can see 3-4 things that would have made it not so controversial.

First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.

Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.

Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?

Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.

If they only fixed Windows file sharing (0)

Anonymous Coward | more than 8 years ago | (#15725137)

Microsoft Windows File Sharing needs to get fixed,
  too many wizzard interfaces with Windows XP and Vista hide what is really going on with the settings .

  Windows 95 and 98 had a great interface . Sure NTFS wasnt around then , but it was simple for the user
  http://www.wellesley.edu/Computing/FileSharing/Win dows/98me_imgs/properties.jpg [wellesley.edu]

  So many people Windows XP Home have lost data due to it sharing via Administrator and full rights .
  ( Yes the common user doesnt want to pay a extra amount for classic file sharing)
  The amount of times Ive seen people cut and paste data accross the network ,
  in the process losing it off the source PC is amazing .

  In the home envoirment most users now use DC++ instead of Windows File sharing ,
  its secure, easy and quicker only draw back they have to run a DC++ server .

  Isnt it about time a Desktop Windows os finaly removed Server and admin functions :
  Remove admin shares ,
  dont allow people to share the windows drive ,
  Store profiles , bookmarks and data on another partition ,
  Remove telnet server
  Remove ICS
  Remove ISS Webserver
  (basicaly a lot of options and stuff that Nlite and XPY does to fix windows bloat)

  Also another thing that beginers mixed with Windows file sharing is when DHCP fails
  on class C network , instead of re trying to askin the user , it goes to a class b 169.x.x.x IP

------------------------

Charliebrownau
http://charliebrownau.livejournal.com/ [livejournal.com]

Customer, ease of use, security (2, Interesting)

nuggz (69912) | more than 8 years ago | (#15725141)

MS seems to have forgotten who their real customer is.
They didn't make controlling this easy enough for that customer.

Security solutions need to be thought out a bit more carefully.
What about using backdoored crypto with corporate issued keys? Wouldn't this make most everyone happy?

Re:Customer, ease of use, security (3, Insightful)

kfg (145172) | more than 8 years ago | (#15725321)

MS seems to have forgotten who their real customer is.

Dell, the RIAA and the DVD Forum.

KFG

Er. Uh. Uhm... (1)

adolf (21054) | more than 8 years ago | (#15725142)

I am not the world's foremost Windows licensing guru, but I have an option on my XP Pro laptop which lets me encrypt files and directories.

How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?

Re:Er. Uh. Uhm... (2, Informative)

Planesdragon (210349) | more than 8 years ago | (#15725160)

How is the retracted update different from the functionality which I have seen in-place since I bought the machine a year ago?

Log on as a user. "encrypt" a file.

Log on as an administrator. Go try and read that file.

With MS's new toy, that wouldn't happen.

Re:Er. Uh. Uhm... (0)

Anonymous Coward | more than 8 years ago | (#15725247)

XP Home edition cannot encrypt files

I'm not sure what the other guy ment by "user encrypt file, admin try read file"- in XP by defualt the admin wil not be able to read the file - the recovery agent is no longer required in XP

The recovery agent needs to be created before the files were encypted

In Windows 2000, yeah, then the admin could do that.

Also, in XP, if you force a password reset, you will not be able to recover you EFS files unless you have a backup of your certificate.

micros~1 (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15725145)

Micros~1 is from teh NATAS!!
Bill Gates is teh DEVIL!!

Lord, IT guys are such whiners (0, Troll)

I'm Don Giovanni (598558) | more than 8 years ago | (#15725153)

Truly, I can't think of bigger bunch of whiners than IT guys (web devs come close).

Fsck IT (3, Insightful)

Detritus (11846) | more than 8 years ago | (#15725154)

It's a shame that Microsoft caved in to the whining of the IT control freaks. There are legitimate reasons to encrypt sensitive information, even in the corporate setting. If you think that the possession of the Administrator password means that you should have unfettered access to every scrap of data on the network, you need to see a psychiatrist about your delusions.

Re:Fsck IT (1)

MoneyT (548795) | more than 8 years ago | (#15725211)

Why shouldn't it? If I'm in charge of managing, controling, supporting and securing a companie's machines then I damn well better be privy to every scrap of data on the machines. Whether I will use that is irellevant, I should indeed have access. Any one who charges you with securing something and doesn't give you full access to it is only looking for a security blanket. If you can't trust your IT guys with your sensitive data, then you need to get your data out of the IT guys domain or hold the IT guys innocent of any problems arrising with the data you won't give them access to.

Re:Fsck IT (1)

mark-t (151149) | more than 8 years ago | (#15725279)

Agreed.

If one is going to keep certain data out of sight of administrators, then one may as well not HAVE administrators at all, because the long term consequences are bound to be the same.

Re:Fsck IT (4, Insightful)

Kadin2048 (468275) | more than 8 years ago | (#15725330)

I think you're viewing the issue too narrowly.

In any large company, there is a lot of information floating around that you are probably better off not having access to.

While it doesn't make sense to have every secretary and general low-level peon be able to encrypt stuff in such a way that nobody can ever recover them, I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.

If you work someplace where there isn't any internal backstabbing, and nobody above you would ever consider hanging their poor sysadmin out to dry in order to save their own pillowtalking ass, then great. Let me know where to send my resume.

Generally speaking, while I would want to be sure that I had admin/override rights to all the people below me in a chain of command, I wouldn't want to have those rights to people above me in the chain of command. Not because I'd find the idea of reading my boss' email particularly tempting, but because when something Bad Happens, I want to be able to say with absolute candor, not only didn't I do anything, but I couldn't possibly have done anything.

It's like having the keys to a file cabinet which contains information way above your security clearance level. I wouldn't want to have them, because I don't want to be the guy in the hot seat when somebody way above my pay grade fucks up and decides to find someone expendable to take the blame.

Let the executives have their personal encrypted folders, with a nice big warning sign that says "If you forget your password, NOBODY ELSE WILL BE ABLE TO ACCESS THIS." If they forget their passwords, then it's their problem, or if they maliciously encrypt things as they're tendering their resignation, then it's Legal's problem. The last thing I'd want to do is make it my problem.

Re:Fsck IT (1)

mark-t (151149) | more than 8 years ago | (#15725390)

I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.
But if you _don't_ have the root password, and security somehow got breached anyways and stuff put on the system that an administrator cannot access, there is no facility for effective damage control. It doesn't really matter that at least it's nobody's fault because the entire company could very well go tits up in the interim. So the IT guy is out of a job either way.

If a company isn't going to let the IT guy do his job, it's only a matter of time before he won't have that job anymore.

Re:Fsck IT (1)

biglig2 (89374) | more than 8 years ago | (#15725255)

Do you tell your Finance department to fuck off, that you'll do your own accounts better than they will?

Do you tell your HR department to fuck off, that you know employment law better than they do?

Do you tell your janitor to fuck off, because if they clean your toilet they might see the stains you left?

Do you tell your product marketing manager to fuck off, that the product you designed is bound to have people who want to buy it?

Do you tell your CEO to fuck off, that new merger negotiation is something you'll handle yourself?

No? Well, then don't tell the people your boss pays to protect the companies data to fuck off when they point out that putting it somewhere that they can't protect it is a stupid idea.

Re:Fsck IT (1)

penrodyn (927177) | more than 8 years ago | (#15725309)

Yes, I do tell my IT guys to f*ck off, they're the lowest form of life along with politicians and lawyers. Most of them act like born again fascists. If they showed a bit more humility it wouldn't be so bad.

Re:Fsck IT (1)

mark-t (151149) | more than 8 years ago | (#15725262)

Not on the whole network... just on the actual machines to which you have the administrator password.

Without that ability, it is very possible for a potentially malicious program to be sitting on a computer's hard drive in such a way that even an administrator could not do anything about.

Re:Fsck IT (4, Insightful)

jimicus (737525) | more than 8 years ago | (#15725300)

Being able to access the data and actually doing so are two different things.

I need to be able to access the data, if only for backup purposes. The person in the company with the password might be run over by a bus tommorow. Or if you prefer something less dramatic, they may regularly change their password (good!), forget their old one (who cares?) and then need to restore from an old backup to prove what was on the system 6 months ago (Ah....).

But at the same time, with that power comes responsibility. If I was found to be accessing the data for any purpose other than "to provide a copy to give people who have a legitimate need to access it", I'd be sacked so fast....

Re:Fsck IT (1)

Xibby (232218) | more than 8 years ago | (#15725397)

Earlier this month a user forgot the password for their PST file. It was apparently full of personal e-mails. (Lots of FW: FW: FW: FW: FW: FW: FW: FW: type subject lines).

Anyway, who gets called? IT. Our response was that she was pretty much on her own since it wasn't anything business related. So sure, the "we can't help you answer" works sometimes, but what about the case where you have an ex-employee who you have to press legal charges against? Yup, had this too not log ago.

The long and short of it is that corporate e-mail systems are not private. Deal with it and don't use them for important personal stuff. IT managers were right to ask for removal, or at least group policy control of this feature.

NTFS? (1)

TheRaven64 (641858) | more than 8 years ago | (#15725157)

I haven't used Windows in a couple of years. Could someone please enlighten me as to the difference between this and the NTFS encrypted files / folders that have been available since Windows 2000?

Re:NTFS? (1)

k3vlar (979024) | more than 8 years ago | (#15725334)

As far as I can tell, the NTFS folder permissions+encryption allow for security on a per-user basis. It still won't protect your files if you leave your computer logged in, and someone has physical access to the machine. This app would ask for a password everytime you try and access the folder, regardless of the fact that you have NTFS permissions.

Re:NTFS? (1)

Angostura (703910) | more than 8 years ago | (#15725374)

I believe the difference is that with the existing system, any encrypted folder can be accessed using an admin password. Not so with private folders. I have a certain sympathy with MS on this one. I can think of occasions where a business manager (say the CFO) would like to encrypt data without the IT staff having access to it.

No wonder the It staff kicked up a fuss.

Erh.. could this lead to MORE inaccessable data? (2, Insightful)

Opportunist (166417) | more than 8 years ago | (#15725171)

I might be no expert in this area, but ... let's see...

1. Patch for data encryption feature.
2. User using data encryption.
3. Patch for removial of data encryption.
4. User accessing his encrypted data ... how?

why are enterprise end users installing software (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15725172)

But why are enterprise end users installing software? Dont blame Microsoft for your problems.

Why are you frantically trying to block something you dont know about - why dont you solve that problem by only allowing the software that has been approved? Why are there people that still dont understand that if a user can install appX, they can install virusX too? I mean really, you do understand this right?

This was a home user product. IT wasnt intended for businesses.

IT Managers should try doing their jobs instead (4, Insightful)

petard (117521) | more than 8 years ago | (#15725174)

Instead of pitching a fit about new Microsoft software, why don't "I.T. Managers" do their jobs and manage the damn I.T.? Really. There are complex problems in I.T. for large businesses, but this is absolutely not one of them. Microsoft has given them the ability to manage software isntallations for years now. It's very simple, really. Users who cannot be trusted to install software like "Private Folder" without exposing the enterprise to increased risk of data loss should not have permission to install software. Full stop.

Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.

I can understand why IT admins bitchin' (-1, Offtopic)

jt2377 (933506) | more than 8 years ago | (#15725208)

Does anyone remeber the Coke employee trying to sell Coke's secert to Pepis but got busted by FBI. you don't want your employee to encryted your company's secert but i guess most of you don't give a shit about your company. so let the bitching continue. http://www.zeenews.com/articles.asp?aid=307516&sid =BUS&ssid=53 [zeenews.com]

Adding new features during bug-fix updates? (0)

Anonymous Coward | more than 8 years ago | (#15725230)

What's up with that?

Pr0n (1)

David Off (101038) | more than 8 years ago | (#15725231)

> IT managers hit the roof when the option was added

All you pr0n are belong to us!

Are Windows users really that stupid (0)

Anonymous Coward | more than 8 years ago | (#15725233)

...that they "inevitably" will loose files?

Ho hey for a customizable OS! (1)

Bromskloss (750445) | more than 8 years ago | (#15725253)

Poor Windows admins, someone else is in control of their computers. My updated operating system has this new feature I don't want, and now I'm having a hard time trying to make it go away! Insane.

actually a good test for managers (0)

Anonymous Coward | more than 8 years ago | (#15725287)

Let them use it, any moron loses his password or otherwise screws up with it, they go on the short list for the next outsourcing/layoff round.

Really, this is 2006, IT should be weeding out incompetents by now. As things go, this actually seemed a fairly good idea, especially for employees who have to both carry laptops around and are also forced to try and protect more-sensitive data. And for home users it also seemed a good idea.

I decided to try this software (3, Informative)

CyberSlugGump (609485) | more than 8 years ago | (#15725322)

I was not impressed.
Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.

Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....

Oh great. (1)

Zadaz (950521) | more than 8 years ago | (#15725389)

The one new Windows feature of that last 10 years that I was interested in, and it lasts all of a week.

Maybe I need to look closer at Vista Home. At this rate it will have better privacy than the Professional version.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?