Microsoft Retracts Private Folder Option 336
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
Nothing for you to see here. Please move along. (Score:5, Informative)
Oh great, they retracted the article too!
But more seriously... you can still download it here: http://fileforum.betanews.com/detail/Microsoft_Pri vate_Folder/1152200243/1 [betanews.com] (redirects to download.microsoft.com) all that was removed was the HTML download page.
On a related note, are the legions of ZIP tool companies going to retract ZIP encryption or password protection? Other archive format encryption schemes? How about general encryption programs? Oh f***, I wrote a DES implementation once, I'm screwed now aren't I?
Who cares... (Score:5, Informative)
Re:i tried this out... (Score:3, Informative)
Yo can delete the icon from your desktop. Then you can access it from explorer under Desktop... want it somewhere else? That's why we have shortcuts. :)
Or if you want to be slicker about it you can get the NTFSLink tool and make a Junction to C:\Documents and Settings\\My Private Folder.Re:Er. Uh. Uhm... (Score:3, Informative)
Log on as a user. "encrypt" a file.
Log on as an administrator. Go try and read that file.
With MS's new toy, that wouldn't happen.
I decided to try this software (Score:4, Informative)
Machine locked up when trying to change password. Apparently Symantec AntiVirus 9's AutoProtect feature was the problem. (Disabling AutoProtect lets you change the password.) Because Private Folder 1.0 is not officially supported by Microsoft, there is no way to report this isssue.
Microsoft Private Folder 1.0 has an option to export encrypted files. The files remain encrypted, but the password must somehow be embedded in the exported files since you can go to a different computer with Private Fodler 1.0 installed to decrypt the files. HOWEVER, if hard drive crashes and you need to use data recovery software (R-Stuio, GetDataBack, etc.) there is no straight forward way of decrypting the files even if you know the password. Boot a machine with BartPE to look at the "My Private Folder" directory and the encrypted files look different than exported files (which leads me to think the password is embedded in the exported files). If you copy and paste encrypted files to that directory from BartPE/WinPE, you can make the data "unrecoverable"....
Re:What an example of vocabulary outpacing functio (Score:3, Informative)
Re:That could've been a good feature! (Score:2, Informative)
Firefox is nice for home users, but it has no place in the corporate world yet.
Re:NTFS? (Score:2, Informative)
You cannot access EFS encrypted data if you mount the hard disk to a different machine; nor you can do that if you're dual booting.
So volume-based encryption tools such as Private Disk or TrueCrypt are a better idea. Not only that they give you more features, but they use more reliable encryption mechanisms. (EFS uses 3DES, and you get AES if you apply a service pack)
Re:I decided to try this software (Score:3, Informative)
Data loss can be really painful, if the data were encrypted. Normally, the decryption key is embedded into the encrypted file itself, but the encryption key (let's denote it with k_E) itself is encrypted with something, a password for example, or the password's hash. So, even though k_E resides inside the encrypted file, it doesn't make the file less secure, but it does make it more fragile. If there's a one bit change in the part of the file which holds k_E, then the data are gone forever. When k_E is obtained by decrypting it using the password (or the password's hash), it will not be correct, because of that flipped bit. So the data recovery programs you mentioned may be able to physically recover the data, but that is useless, because at the logical level - the gathered data are encrypted, and the true encryption key was lost. If something like CBC mode is used, then an error in the first decrypted block will propagate to the next, and so on.... What you will recover is a bunch of crap.
The solution is to make a backup of the area of the file which contains k_E, provided that the encryption software allows you to do that. If it doesn't, then I am afraid to use such a program (unless somebody guarantees I will never have power outages, and my hardware will never fail, and my OS is going to last forever, etc). Of course, you can always backup the encrypted file itself, but then the backup is of a much greater size that it could have been if you backed up only k_E.
Re:Who's threatened? (Score:2, Informative)
Now, IANAL, but I was a member of my company's Works Council and did all the research when my company started implimenting an Internet/E-mail policy, and have read some of the decisions made by the European Court of Human Rights, including commentary and suggestions from the semi-governmental privacy watchdog. A 'private' folder for working on a new resume, or other such personal things, most definitely would be allowed and the Administrators cannot just go into them even though the computer is company property.
Of course, there are limits as to what you can do privately, and companies can impose reasonable and justifiable restrictions (no porn, no racist content) BUT an employee can expect that system admins won't go into a folder marked PRIVATE without a very serious suspicion of something going on. If you do, the employee stands a good chance of winning a lawsuit should less intrusive methods weren't used first.
A simpler answer to this folder issue would be to either lock users out of installing software on their own (which given the number of programs that need Admin rights to run isn't always an option) or by having a policy in place that states no IT help will be given for unauthorized installations, and enforce it. Or inform the users that regular scans will be made of installed programs and sanctions will be applied to those found with unexplained programs, like this encrypted folder.
Re:That could've been a good feature! (Score:3, Informative)
I just want to clarify something. On my linux system (which is debian btw,) The Firefox (and Thunderbird) binaries are installed via Apt updates. Any themes and extentions you install are in your own profile, they _ARE_NOT_ System wide. unless you run firefox as root and install the Extention/theme as root. Only then the change is system-wide. I imagine that Debian is not the only Distro that does it this way.
Re:That could've been a good feature! (Score:1, Informative)
Re:That could've been a good feature! (Score:2, Informative)
Re:That could've been a good feature! (Score:4, Informative)