Microsoft Adds Risky System-Wide Undelete to Vista 365
douder writes "Windows Vista will have a new 'previous versions' feature when it ships next year. According to Ars Technica, the
feature is built off of the volume shadow copy technology from Windows XP and Windows Server 2003. Now turned on by default, the service stores the modified versions of a user's documents, even after they are deleted. They also report that you can browse folders from within Explorer to see snapshots of what they contained over time. It can be disabled, but this seems like a privacy concern." From the article: "Some users will find the feature objectionable because it could give the bossman a new way to check up on employees, or perhaps it could be exploited in some nefarious way by some nefarious person. Previous versions of Windows were still susceptible to undelete utilities, of course, but this new functionality makes browsing quite, quite simple. On the other hand, it should be noted that 'Previous Versions' does not store its data in the files themselves. That is, unlike Microsoft Office's 'track changes,' files protected with 'Previous Versions' will not carry their documentary history with them."
It can be disabled, right? (Score:4, Insightful)
i dont get it... (Score:5, Insightful)
Um, your work computer is the property of your employer. If you want to do something that would get you in trouble with your boss - put it on your own computer. Plus all this does is back up files that you have made, how is this a privacy concern? Even if this was happening and you never knew it and uploading all your files to a central server, it's still an option of your employer, and not an invasion of privacy, it's crappy, but the option of your boss and his/her company. Just like the fact that they can read your business email. No different, and to me even less intrusive than that since you can't control incoming mail.
This is only a good thing (Score:5, Insightful)
Keep in mind that the goal and justification of a desktop is productivity, not some vaguely defined "monitoring" issue.
Just more overhead (Score:5, Insightful)
As with System Restore, Windows Firewall, Remote Assistance, etc... just disable, delete and install better applications to provide the same functionality. MS should just focus on security, stability, and releasing the damn thing.
http://religiousfreaks.com/ [religiousfreaks.com]Looks cool (Score:5, Insightful)
I don't get the privacy concern. If someone gains physical access to your machine, then the contents are vulnerable unless you take active steps to prevent it. People have known forever that stuff may not be lost forever just because it's deleted. This feature doesn't change that.
The issue is that this makes it "easier" but I can't help but see that as a neat feature.
The really silly part is this:
If that's what keeps you up at night, then you better give up on all technology, not just this.Re:This is only a good thing (Score:3, Insightful)
It wont really affect performace since it uses 15% of the available space for the system restore including the shadow copies. That isnt too heavy (in terms of harddsik space). It shouldnt really take noticeably more time as the system doesnt really copy over the old file to a physically different location.
Anyway if I ever use Vista I'm going to turn this off (I dont like undelete like utilities). But I think this would still be very useful feature for say, my grandma.
Translation: (Score:4, Insightful)
Ok. So what? This feature has been around for awhile, and if you have privacy issues, well just disable system restore (or whatever the equivalent option will be in Vista).
Never mind that as you make new versions of a file, the old ones are still hanging around in your drives' free space for a long time (about the same amount of time the previous-versions feature would keep them). So basically you're making the distinction between being able to access the deleted files explictly, vs. having to use a drive recovery tool.
If you're security concious, you disable the old restore points, fill the drive with a big file full of random data, then delete it. This isn't going to change...
Such a great idea (Score:5, Insightful)
guess what (Score:2, Insightful)
Re:It can be disabled, right? (Score:4, Insightful)
How about MS disables the service by default. If a user right-clicks on a trackable file (I'm assuming that this won't track changes on updated game executables, my PHP/CSS templates, OpenOffice documents, etc), then have an option to start tracking. If the user selects that, then enable the appropriate services.
Same with the Firewall and FastUserSwitching. When you connect to the internet, have a well-worded dialog box that asks me to enable the firewall service. When I select Switch User from the logoff options, popup a dialog asking if I want to enable that too.
Turn off more shit by default. Don't just enable everything. Seriously, who the fuck needs Remote Registry, Portable Media Serial Number, TCP/IP NetBios, and all that other useless shit? Sure, you might need one or two things, but do you need 55 services starting on a default install?
Build in the functionality. Disable it by default. When the user triggers an event that needs the service, ask him if he really wants to do that. From that point on, leave that service enabled.
Same thing with NTFS (Score:5, Insightful)
This gives you more reliability. The files are stored and aren't messed with until the space is needed. So if you delete something and still have 500GB free, it'll keep the file since you can afford the space and it'll be marked as allocated and thus not overwritten. Also, it looks like it does version tracking too. If you overrote a file on a FAT or NTFS volume, it writes it to the same space it occupies before, makes sense to do it that way. However that means if you mess up and make a change you didn't want to, there's no undo. You replaced the bytes, it's too late. This will go and keep a copy prior to the change you can roll back to.
Basically it's similar to how NetApp units work. It provides storage that's reliable even against user faults. Things like RAID are great, but they protect only against hardware falure. You can still fuck your data up. There's a market, and MS seems to think the home desktop includes it, for systems that are resiliant against that. You decided to delete 5 paragraphs of that paper and save it, and then deleted it form the disk but now want it? Ok no problem, not only do we have the deleted version, we have the pre modificaiton version.
We use a NetApp FAS 270 at work for home directories for this reason. We aren't really concerned about disk reliability, though it's excellent for that too, and we go to tape nightly. We want to be able to save people from themselves. When they screw something up, we want to be able to get a non-screwed up copy.
MS wants to bring that to home computers. Will it be worth the performance impact? Guess that's too be seen. However it's certianly a good idea in general. What most users really need and want, even if they don't know it, is protection from their own mistakes.
Re:This is only a good thing (Score:3, Insightful)
Re:This is only a good thing (Score:3, Insightful)
This really should be off by default (doubtful), prompted for at installation, or at the very least a simple notice during the install telling you what it is and how to remove it.
As for privacy at work, your employer should have every right to make sure that you're actually working, and not goofing off. Why on earth would you expect to be able to do non-work-related stuff at work? After all, you're getting paid to do work, so your employer should be able to check up on you, even if it means viewing your deleted and edited files.
Re:Translation: (Score:3, Insightful)
I think that's a fair enough response. But nonetheless, I think it's also fair to question the design philosophy which MS is following here, and to challenge it on its merits. Personally, I think enabling extra features on the principle that they might be useful to a subset of users is a questionable practice. I'm especially leery of enabling features that make it possible for ignorant (i.e. not savvy) or careless users to do really bad things. And I'm most leery of features that actually encourage carelessness.
A lot of computerised data is important and needs to be treated carefully. This includes planning when and how to manage change. The prospect of a PHB telling staff to simply use a built-in and poorly understood versioning feature fills me with concern. For corporate data at least, I think an explicit, formalised process for change management should be required. I've consulted with very large corporations and advised such action in the past, to varying effect.
I'll be the first to agree that the sane thing to do is not to demand the feature be pulled (which, in fairness has not yet been suggested in this discussion) but to get a fuller understanding of its positive and negative attributes. I hesitate to come to a quick conclusion, but on the face of it, this feature seem to create more problems than it solves in a corporate environment:
So without throwing the baby out with the bathwater, I think it's fair and reasonable to suggest that this feature should be disabled by default, with an easy interface to enable it for those who decide they want it. I wouldn't equate this design decision with fiascos like ActiveX in IE (which IMO borders on criminal negligence), but I would suggest that its source is the same lack of focus coupled with the desire to make things easy without considering the costs of having done so.
Ahh. (Score:4, Insightful)
However I will submit the following counterpoints:
* It works across the entire file system, which creates questions about its efficiency:
A disk-wide snapshotting system will be less resource intensive that a system that has to make multiple, discrete metadata updates per write transaction. Since system restore is enabled by default on XP and I haven't heard much complaint about it performance-wise, I think this is a non-issue. (An exception might be systems that have very slow disks and limited RAM, like a palmtop).
* Its 'all or nothing' implementation does create significant liability in places like law offices, as other have already noted;
Enabling this system doesn't make you or your data more or less at risk. The reality is that old copies of files will stick around on disk for about as long as the Restore feature will keep old versioned copies. The difference between enabling and disabling the feature is whether you want to be able to _definitively_ access an old file or attempt a recovery with a tool booted from CD-ROM, which has to operate with less definitive metadata, and may only be able to give you a corrupted or incomplete copy.
Keep in mind that if you are concerned about hackers accessing your deleted files and you don't feel the need to use this service for recovery, the hacker will probably be able to resurrect enough of the files anyway for it to be moot.
That is, if you get penetrated by a hacker, the issue is moot. You are already in trouble. The real issue is whether you would like a safety net for legitimate recovery. Since the additional resources consumed are neglible, I would posit it would be foolish not to take advantage of it.
Furthermore, when deleting files, if you don't want anyone to get at them ever, then whether you use this system or not is irrelevant. Once you delete a file, you need to use a secure undelete facility to make sure all non-allocated space on your system is overwritten. Even with this undelete feature operational, such a tool will invalidate and overwrite ALL the restore points as well as free space. (That is because the facility gives up restore points when disk space gets tight, and the tool operates by attempting to fill up the entire disk with random data, thus it will demand-release all undeleted files, which will then be overwritten).
I would recommend you DISABLE the versioning feature before wiping a machine, to ensure all undeleted files are irrecoverable.
* It encourages laxness in data management; yet
* It doesn't seem to be rich enough to support proper change management processes.
That's not what this tool is for. You still need to have change management processes in place. The tool is for recovering files you didn't know were important! (Otherwise, why would a user delete it? If it were important he or she would have checked it into the Subversion repository, right?
But it would be foolish to rely on this facility alone. Just as it is foolish to rely on RAID alone for data security on the server side.
Re:This is only a good thing (Score:5, Insightful)
All the flavors of DOS in the 80's were way cool because it allowed us to control our own computer. In the 90's all went to hell as we became connected and the computer started doing more and more things no one really understood. A huge concern MS has not addressed is how to protect confidential information, and more importantly help companies not expose disruptive metadata. For instance, I do not believe they have a setting in outlook to scrub MS Office files as are mailed to external addresses. Nor have the implemented the DRM that would allow firms to track users violate border policy. MS adds features that makes systems less secure, without thought of how to compensate for the breech.
This is clearly an awesome feature. So was the command line shortcuts. But features do not exist in a vacuum. There is only so much that can be done to help careless users. If MS is to provide business class systems, and not just toys that can be used as business systems, they have to get serious about making systems that businesses need. I think that if MS would develop a core competency in business, and leave the consumer side to others, MS would be in much better shape. Imagine how wonderful Vista would be if it did not have to worry about they toys that home user need.
This story is unbelievable (Score:1, Insightful)
*scrolls up to check who story was posted by, even though I already know* yup, Zonk.
Zonk, get a job.
Both sides have a point (Score:3, Insightful)
More MS Headlines Gone Bad (Score:5, Insightful)
Windows 2010 Ships with IPv6 as Default
- becomes -
Windows 2010 Foresakes Legacy IPs
Microsoft Office 2009 Ships with Photoshop Competitor
- becomes -
Microsoft Cheats Adobe Out of Millions, Again
Microsoft Ergonomic Mouse Helps Corrects Carpal Syndrome
- becomes -
Microsoft Mouse Locks Out Porn
Asheron's Call VII Goes Alpha
- becomes -
700 Bugs Detected in Asheron's Call VII
Please add your own.
Re:This is only a good thing (Score:3, Insightful)
Because they have to care about mroe than you (Score:5, Insightful)
1) Disable it by default. This makes a few geeks who know about it and want it happy, more geeks who know aobut it but don'want it indifferent, and doesn't help normal users at all. It's almost worth just leaving out.
2) Enable it by default. This makes some geeks who don't want it a bit annoyed, but makes everyone else happy.
Gee, hard choice. Look, if you want an OS that does nothing by default, get a different OS. Run OpenBSD or something. You won't spend any less time configuring it than you will configuring Windows, you'll just spend that time turning things on rather than off.
Really I fail to see the problem. If you only do it occasionally, it's just a few more minutes of system configuration. I do a hell of a lot of customization to personal systems, it doens't bother me the time I spend turning the things I don't want off. If you do it a lot, develop a system to automate it. There's plenty of ways including customized Windows installs. Don't whine because you haven't done the research to automate tasks for you.
Because MS is an everyman based OS, they need to have the useful stuff turned on by default because normal users won't do it. It's like automatic updates. I don't like them to install on my personal system automatically because I many have something going. So I set it to wait till I give the ok. However it needs to be on by default for normal users. Why? Well otherwise they won't update it. Just today I had to update an XP system that was pre SP2 still. Why? No auto updates. Users didn't know they needed anything, just thought it should take care of itself.
Same shit here. If you don't need file version tracking because you make your own backups, you are smart enough to know how ot turn it off. If you don't know how to turn it off, it's probably a feature you should leave on.
Mostly just the story poster (Score:4, Insightful)
and a privacy concern in Vista.
Those of us who have used versioning in filesystems or elsewhere think this is a pretty nice feature, even if we prefer other OS'es. So I would say not nearly so many people are against Microsoft on this one (or at least agree with the summary).
Now if you really wanted to see a storm of negativity from Slashdot imagine what would happy if Sony announced this feature on the PS3!
Re:i dont get it... (Score:3, Insightful)
"I think not" (Score:2, Insightful)
Hum! i think a company that OWNS the computer and PAYS their employee to WORK has a god damn right to make sure people aren't wasting their time having their entire photo album on their computer or music or other personal material whatsoever and that goes for network shares too.
If a company can filter e-mails of their employees i think they can also filter the content of what they are copying unto their machines.
Keep your stuff at home if you dont want prying eyes invading your computer at work.
This is retarded. (Score:5, Insightful)
Why the hell is it suddenly bad when Microsoft does it? (Hint: it isn't.) What the hell are you doing on your PC at work that could get you fired if your boss found out?
FUD indeed.