Microsoft Retracts Private Folder Option 336
An anonymous reader writes "Just recently, an update to Windows added the option to password-encrypt a personal folder. The intent was to allow users who share PCs to have a measure of privacy, but C|Net reports the company is now removing that functionality with a patch. IT managers hit the roof when the option was added, complaining of the possibility of lost passwords and inaccessible data." From the article: "'Oh great, have they even thought about the impact this could have on enterprises. I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files. I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft,' Stuart Graham said in a posting on Windows Server-related site MSBlog."
That could've been a good feature! (Score:5, Insightful)
Why didn't MS see this coming? (Score:2, Insightful)
I always find it amusing when you have IT people developing features for Windows that really don't understand IT in the real world. Then they release something and are shocked when IT managers are furious over it. One would think MS would have a real good understanding of the IT environment and what is and is not a good idea. Good stuff :)
http://religiousfreaks.com/ [religiousfreaks.com]Sigh.. (Score:3, Insightful)
This sort of kneejerk reaction, removing a useful feature, is excedingly irritating. It's not users aren't aware of the fact that if you password something, you'll then need to REMEMBER the password...
incompetent? (Score:5, Insightful)
It reminds me of the idiotic microsoft security fix cycle. Every user in the world has to wait for MS patch day because some whiney admins wanted to be able to schedule their vacation time. Hey jackasses - if you don't want to update on a given day, don't update on that day. Why should the rest of us be waiting for a fix to fit someone else's schedule?
i tried this out... (Score:2, Insightful)
There are far better third party folder encrypters out there than MPF.
Re:Why didn't MS see this coming? (Score:2, Insightful)
"this looks good, let's release it." "oh noez i can't keep my users from installing this and then forgetting their passwords! arrrrrrgh m$ is teh evils!" "damn, these idiots managed to mess up a good thing once again, pull it back until the clowns managing networks can catch up to the rest of us or get fired and replaced with people who didn't go to Burger King Tech Institute."
WPF was released with good intentions (Score:5, Insightful)
First, document how it stores/encrypts files. Does it sit on a front-end of an archiver or is it a pass-through encryption similar to what CFS does? What encryption algorithms does it use? WPF needs a lot more documentation.
Second, release a group policy add-on that domain admins can use to restrict or block its use. MS should have released a domain policy add-on a couple weeks before the utility is available, so companies can push out a policy denying use of this utility on their network, or specifying a "master" password using a password or an EFS key for recovery reasons. This utility is good, but on computers owned by a business, this utility can create major liability and regulation issues.
Third, it needs to be written with security in mind. How is the password stored? Is the password hashed, or is the password stored by decrypting part of the file similar to what TrueCrypt does so a hash algorithm failure doesn't compromise security? What mode (ECB, CBC) is the encryption running in? Is the decrypted password stored in secure memory, or can it be swapped to disk?
Windows Private Folders isn't a bad utility, and I wish MS would release a version 2.0 of it that addresses concerns of business domains and some more documentation on how it works -- it is made for an easy to use place for home users to stick files in they don't want others to read. WPF just needed a little more planning behind its release.
Fsck IT (Score:4, Insightful)
Re:Why do i get the feeling its about lost control (Score:2, Insightful)
Erh.. could this lead to MORE inaccessable data? (Score:3, Insightful)
1. Patch for data encryption feature.
2. User using data encryption.
3. Patch for removial of data encryption.
4. User accessing his encrypted data
why are enterprise end users installing software (Score:2, Insightful)
Why are you frantically trying to block something you dont know about - why dont you solve that problem by only allowing the software that has been approved? Why are there people that still dont understand that if a user can install appX, they can install virusX too? I mean really, you do understand this right?
This was a home user product. IT wasnt intended for businesses.
IT Managers should try doing their jobs instead (Score:5, Insightful)
Is it really easier to shout at Microsoft than restrict users? Because shouting at Microsoft won't prevent users from using the dozens of equivalent apps available for download from other companies unless you also restrict users appropriately.
Re:Who's threatened? (Score:4, Insightful)
Key escrow? (Score:3, Insightful)
Unless all decryption keys are registered on the domain controller.
Re:Who's threatened? (Score:3, Insightful)
You already have a level of trust with your users. Why doesn't that trust extend to a new techology with the same level of associated potential concequences (data loss)?
The only possible answers to that question are that you don't really trust your users at all (in which case you're a moron for giving them any access before giving them training), or that you don't understand the new technology. Which is it?
Re:That could've been a good feature! (Score:3, Insightful)
Actually we do allow PGP, under the premise 'if you hose it, your data is gone'.
Re:incompetent? (Score:5, Insightful)
Ah, who says Microsoft doesn't know how to do PR? "Patch Tuesday" was indeed sold to us as being schedule friendly; but the actual intent was to improve Microsoft's security image. Microsoft realized that releasing patch after patch every few days was making people think (rightly) that their OS was riddled with bugs and holes - even the non-IT press was talking about it.
It seems to have largely worked. What with the "express install" option and such, most folks don't even realize they're installing 18 separate patches for a given month. We even get people on here, who should know better, mouthing untruths like "Oh, no one even knew about those holes until Microsoft patched them - so it's the user's fault if they get hacked".
Re:Fsck IT (Score:5, Insightful)
I need to be able to access the data, if only for backup purposes. The person in the company with the password might be run over by a bus tommorow. Or if you prefer something less dramatic, they may regularly change their password (good!), forget their old one (who cares?) and then need to restore from an old backup to prove what was on the system 6 months ago (Ah....).
But at the same time, with that power comes responsibility. If I was found to be accessing the data for any purpose other than "to provide a copy to give people who have a legitimate need to access it", I'd be sacked so fast....
Re:Sigh.. (Score:4, Insightful)
Just my humble opinion,
Chris
Re:Key escrow? (Score:5, Insightful)
Re:Why didn't MS see this coming? (Score:3, Insightful)
IMO, most of the "But we need to be able to stop the admin seeing stuff" comments are probably from kids still in school, who would rather the affected data was lost than be readable by the admin in the event of something bad happening. (They generally give themselves away when they say "My school blocked this...")
It would be interesting to see how many of them retain this view the first time they lose data in a work environment.
Re:Customer, ease of use, security (Score:3, Insightful)
Dell, the RIAA and the DVD Forum.
KFG
Re:Fsck IT (Score:5, Insightful)
In any large company, there is a lot of information floating around that you are probably better off not having access to.
While it doesn't make sense to have every secretary and general low-level peon be able to encrypt stuff in such a way that nobody can ever recover them, I would not want to have automatic access to extremely sensitive high-level stuff stored on the executive's systems. Why? Because if somehow it gets leaked, and you have the root password, you have zero plausible deniability. In other words, you become quite easy to scapegoat.
If you work someplace where there isn't any internal backstabbing, and nobody above you would ever consider hanging their poor sysadmin out to dry in order to save their own pillowtalking ass, then great. Let me know where to send my resume.
Generally speaking, while I would want to be sure that I had admin/override rights to all the people below me in a chain of command, I wouldn't want to have those rights to people above me in the chain of command. Not because I'd find the idea of reading my boss' email particularly tempting, but because when something Bad Happens, I want to be able to say with absolute candor, not only didn't I do anything, but I couldn't possibly have done anything.
It's like having the keys to a file cabinet which contains information way above your security clearance level. I wouldn't want to have them, because I don't want to be the guy in the hot seat when somebody way above my pay grade fucks up and decides to find someone expendable to take the blame.
Let the executives have their personal encrypted folders, with a nice big warning sign that says "If you forget your password, NOBODY ELSE WILL BE ABLE TO ACCESS THIS." If they forget their passwords, then it's their problem, or if they maliciously encrypt things as they're tendering their resignation, then it's Legal's problem. The last thing I'd want to do is make it my problem.
Re:That could've been a good feature! (Score:5, Insightful)
Of course, we're talking about the enterprise here, so XP Home is an exception. In an Active Directory domain, using Group Policy I can pretty much lockdown whatever I need to. I could make your start menu have only a couple items, make your account use a predefined user profile (and a read-only profile at that so, that any changes you make are gone at next login). I can even set domain-wide everyone's home page in Internet Explorer (and I can change pretty much every other setting in IE as well). The point being here, is that as the original poster said, you can lock Windows down to disallow users installing updates from Microsoft.
Re:Sigh.. (Score:4, Insightful)
Private Folders, harsh admins, and common sense (Score:4, Insightful)
Many IT administrators are barely-in-the-closet fascists. They enjoy making sure that their user bases have no privacy, cannot use their organizations phones or computers for anything that isn't "strictly business", are constantly under surveillance at the workplace, etc. These admins are usually on power trips -- they are usually hated by the users of the systems they (supposedly) support and those users often take pleasure in working against them in subtle (or at least anonymous) ways. These "Users versus IT Gestapo" situations are often entertaining to observe, as long as one isn't part of the problem.
At the other extreme are the system and network administrators who allow (even encourage) users to do (or install) whatever they damn well please on their workstations (unless the action is obviously malicious or illegal). These admins must be masochistic -- the more computer illiterate the user base, the more likely it will figure out ways to create problems which require a week's worth of IT's time to correct, on a daily or even hourly basis. These nearly anarchistic computing environments are a lot of fun while they last -- which is rarely for longer than it takes for an oh-so-clever user to crash a server, delete someone else's files, sell organizational secrets, buy a drop-in pr0n site package and run it on the facilities at the workplace, make (what she thinks are) anonymous death threats, etc.
Somewhere in the middle are the administrators who can usually leave their work at the office at the end of the day but who don't mind if users want to access and maybe save personal email messages or other files from work (where the spiffy color laser printer sometimes gets used to print pictures of a worker's newborn baby or a photo that an employee wants to hand in his cube), and realize that most sane people don't truly compartmentalize their work and personal lives; that overlap is normal and natural, usually inevitable, and often beneficial -- that most folks want/expect some personal privacy in the workplace and to be cut a little slack when using office resources for personal reasons.
As someone who has tried to fall into that third, loosely defined group of IT administrators/managers when I've held such positions, I find it to be worth the effort to do the balancing/juggling act. Then again, I'm a practical libertarian and not a compulsively anal authoritarian by nature.
Re:That could've been a good feature! (Score:4, Insightful)
Suuuure. That will work when the CEO comes a-knockin' on the door... "uh, Nurb, I had my speech to the local Chamber of Commerce in this folder, I sweated bullets on it for six weeks, the speech is in three hours, and [I forgot the password|the password doesn't work]."
we do allow PGP
My point exactly. It's doubtful the CEO will know enough to PGP encrypt a file, but they do know how to get to that context menu quickly enough...
Not that I'm espousing deleting the functionality, mind you; it's pretty cool. But the premise of "making the user responsible" seems credible in inverse proportion to the level at which the person is in the company.
Re:incompetent? (Score:2, Insightful)
Re:Key escrow? (Score:5, Insightful)
This is like saying the Postal Service is responsible if a letter I write in Sanskrit arrives at its destination in Sanskrit instead of English.
The sysadmin should preserve the data just fine, the encrypted data. If employees keep losing their work to encryption, treat the employees the same way you would treat them if they keep inadvertantly shredding important documents. You wouldn't complain to the shredder company because the shredder doesn't have an undo button.
Re:That could've been a good feature! (Score:5, Insightful)
The problems you cited are problems in Windows, not in Firefox. In fact, Firefox has a built-in auto-update feature. On Linux systems, it is included in in the distribution's auto-updates.
The problem is that MS Windows does nothing to provide a centralized auto-update feature. If anything, your argument is to mean that Windows has no place in the corporate world yet.. which, is true, but not in practice.
Re:Who cares... (Score:3, Insightful)
You know, I see this a lot on
I don't know if you people have no gfs or wives, or if you live in the US, or what. If you can't tell your gf/wife what porn you like you have a bigger problem than how to encrypt it. How the fuck do you think you can have a satisfying relationship if you can't reveal intimate desires?
Get out into the real world or, respectively, move to a place where the christian idiots didn't brainwash everyone, where females are into porn and all kinds of other fun things.
I replied to that guy (Score:2, Insightful)
I replied to him on that site. If he's not running a decent group policy to stop non-admin users from installing any old crap on their machines, he deserves all the extra work he gets. If he's any kind of enterprise sysadmin, he wouldn't even bat an eyelid at this piece of software.
Re:That could've been a good feature! (Score:4, Insightful)
Windows has nothing to do with this. Program files go into, well, Program Files. That's a strictly read-only directory for the Users group. And that's why, to update Firefox, you have to run it as administrator. The same holds for all other software - except that MS software gets updated through WSUS, and to some extent, can be centrally controlled through AD group policies - something that's unavailable in Firefox.
What is your point?
Of course not [windowsupdate.com]. Oh, you were talking about The One True Repository; well, you're out of context here.
It's true in your delusional mind - hundreds of millions of corporate workstations running Windows without problems and hundreds of millions of users refute your insane claims.
Re:Why didn't MS see this coming? (Score:5, Insightful)
Companies with "Big Brother" policies also come to mind. Things like your personal resume (which we should always keep up to date), or contact lists might be construed as someone job-shopping and lead to retribution. Seen it happen.
Lastly, there is the legitimate issue of controlling data access at a more granular level. All kinds of HR information need to be eyes-only, and not subject to the SysAdmin's probing eyes. One old job, the system administrator found the spreadsheet with everyone in the company's salary, coming bonus (2 months), and raise (3 months out) information. This led to several people jumping ship or demanding more money, and created a lack of trust of management. Personnel disciplinary letters should also be protected in some organizations.
Without the facility, many of these documents become "sneaker-netted", which doesn't help the organization any.
Re:That could've been a good feature! (Score:3, Insightful)
> Be knowledgeable before criticizing. You make open source advocates look like ignorant, frothing
> zealots when you blow up into a clueless rant. Google for Software Update Services (or SUS). It is
> exactly what you claim does not exist, and it works for all of the mainline MS products (Windows,
> Office, IE, and their server products).
Last I checked, "Windows Update" and "SUS" will not look into a central repository on the internet to locate and apply updates to Firefox, OpenOffice, Norton AntiVirus, Photoshop, Winamp, iTunes, or any other application that isn't made by Microsoft.
I'll go so far as to claim that Microsoft unfairly leverages their monopoly to apply easy, integrated updates to their products without providing facilities for 3rd-party products. To say that Firefox isn't ready for the enterprise because it isn't included in Windows Update is to blame Firefox for Microsoft's actions.
Re:That could've been a good feature! (Score:3, Insightful)
>> auto-update feature. On Linux systems, it is included in in the distribution's auto-updates.
> So are you suggesting that regular users get write access to Firefox' directory? That's a no-no. Do you
> give all users on your Linux/UN*X boxen write access to
> that users on Linux get to update the one and only copy of Firefox on the system, sans sudo?
First, I never claimed that regular users should be applying updates. The argument is the the grandparent complained that Firefox isn't ready for the enterprise because there aren't any updates, but IE gets updates. The counter-argument is that Firefox provides an update feature, while IE doesn't. If you are to claim that the user shouldn't have rights to upgrade firefox, then the same argument should apply that they shouldn't be allowed to update IE. If a secure installation of a Windows machine won't let a user install updates, why would you think that a linux system allow it?
Secondly, in practice, a lot of companies give their users administrative access to their Windows computers, esspecially to traveling laptop-warriors. I think that giving users an Ubuntu installation, which includes graphical sudo for all basic administrative tasks has significant advantages over an "always run as administrator" setup on Windows. While some versions of Windows have "Run As", this feature is poorly implemented and must be manually, not automatically invoked.
If you have a controlled network environment, it would not be difficult to install SSH and a public key to every Linux desktop and execute apt-get on each machine (there are plenty of utilities available to facilitate this). If you do not have a controlled network environment, then you could give your users access to apt-get, or an apt-get frontend, via sudo. If you run Red Hat Enterprise Workstation, you can manage this all from a web-frontend.
Re:That could've been a good feature! (Score:3, Insightful)
Though Mac OSX has some great features, and is a fine operating system, it does not support some of the niche software and does not have the capabilities to be deployed in a company of hundreds, or thousands of computers. There could very well been issues with the filevault had it been deployed in corporate environments en-mass. Tools like Active Directory is absolutely crucial to running most IT infrastructures, as is controlling user access to the server and their own computer.
One of the key goals of an IT department is to make it impossible for the user to screw up their system, not to say "nope. we don't support that" when someone makes an error, which is inevitable.
I find your post somewhat naive. What you're suggesting isn't practical or realistic. It just isn't how departments of any sizable company work. To allow "Joe to crack his thumb with the hammer" might very well leave systems vulnerable to outside attack, or allow precious company data to be lost. Just because Joe was stupid doesn't mean that the consequences of his actions will be acceptable.
Instead, it would make more sense to have such a feature off by default (in Corporate versions), and easily controlled through GPOs in the Active Directory. Another option is when it's enabled, an additional key is created and stored by the IT department, preferably on a backed-up drive inaccessible to everyone.
in otherwords (Score:3, Insightful)
People, stop being fucking elite about the computers. I have worked with people who are scared to do anything with the computers becasuse of IT's attitude.
Here is a clur, tell the people if they use it and loose the password the data is gone. Most people will get that. If they don't and they loose valuable data too bad. They'll catch on, or they will be shown the door.
Re:Who cares... (Score:3, Insightful)
If you have an Empornium account, this this [empornium.us] is it.