Linked by Thom Holwerda on Tue 18th Jul 2006 11:46 UTC, submitted by Troy Drossi
Microsoft Microsoft's effort to provide a little privacy for Windows users has instead turned into a very public black eye. There was a near-immediate outcry saying that, without proper safeguards, what was intended as a benefit could turn into a big headache for businesses. The software could make it harder for companies to meet compliance regulations as well as to handle users who forget their password, critics said.
Order by: Score:
Group Policy?
by nighty5 on Tue 18th Jul 2006 12:11 UTC
nighty5
Member since:
2005-12-18

Is there a group policy setting for this to be disabled and therefore enforced on domains that care about this?

If not, then I guess businesses do have a valid point. If there is a GP object for this to restrict the use of said function, business need to implement that and stop whinging.

I'm not sure which way it is because the article doesn't mention group policy anywhere in the article.

Reply Score: 2

RE: Group Policy?
by sphere on Tue 18th Jul 2006 14:37 UTC in reply to "Group Policy?"
sphere Member since:
2006-04-10

I'm not sure if there is a group policy setting for Private Folders, but since its installation requires administrative rights I can't see a problem. If a company's regular staff works with admin rights, Private Folders really is the smallest problem.

Reply Score: 2

RE[2]: Group Policy?
by kaiwai on Tue 18th Jul 2006 18:36 UTC in reply to "RE: Group Policy?"
kaiwai Member since:
2005-07-06

That was my thought as well; if the company network is properly locked down, the individuals there shouldn't even be able to install software on the computer, let a tweak anything on their computer.

Ultimately, if the end user can install that said software on computer, not only would it be a violation of the companies computer use policy, which could possibly result in a written warning/final warning, it also is a damning indictment upon the company about its lax security when it comes to computers and what end users can do with it.

Reply Score: 1

People wants security!.....?
by Dias on Tue 18th Jul 2006 12:41 UTC
Dias
Member since:
2006-02-20

Ops, people don't want security, they want blame MS at any cost.

Reply Score: 3

Private Folders
by TaterSalad on Tue 18th Jul 2006 13:11 UTC
TaterSalad
Member since:
2005-07-06

I must be one of the few who thought that private folders was a good idea but only for home users. Its not something I would want to support at work, but at home on my own personal PC I can see it having a lot of value. Encrypt those Money or Quicken files.

Reply Score: 1

RE: Private Folders
by n4cer on Tue 18th Jul 2006 14:32 UTC in reply to "Private Folders"
n4cer Member since:
2005-07-06

I must be one of the few who thought that private folders was a good idea but only for home users. Its not something I would want to support at work, but at home on my own personal PC I can see it having a lot of value. Encrypt those Money or Quicken files.

I don't think Private Folders encrypted files. It just password-protected them. If you want to encrypt files, just use Encrypting File System (EFS - included since Win 2k, but not in XP Home Edition IIRC).

Reply Score: 1

RE[2]: Private Folders
by Earl Colby pottinger on Tue 18th Jul 2006 18:12 UTC in reply to "RE: Private Folders"
Earl Colby pottinger Member since:
2005-07-06

>I don't think Private Folders encrypted files. It just password-protected them.

If you are right then any system admin who can't figure out how to read the files if the user forgets his password should be fired. Any disk probe tool should let him recover the file.

As for forgetting the password, I thought users got into trouble from doing that if they were not upper management? Or is it still always the IT deparments fault?

Reply Score: 1

Privacy
by GrapeGraphics on Tue 18th Jul 2006 13:49 UTC
GrapeGraphics
Member since:
2005-07-07

This is a privacy issue (obviously) and I would like to believe that we're all morally responsible enough but let's face it we're not. I believe there has to be some offering of privacy at work. We'd like to believe we're not living in a police state (some would argue) and by not facilitating measures to protect our privacy, we're opening the doors to allowing policing and censurship.

Once I was taught how important it is to have free speech and not be persecuted for beliefs but that's all gone down the WC. Let's face it we're a commodity to 'the man' and just another resource of money to inflate the wealthy's already overflowing pockets.

We really need to think this whole thing through...

"In the name of freedom, we do what we're told."

IMHO

Jb

Reply Score: 2

RE: Privacy
by vimh on Tue 18th Jul 2006 17:26 UTC in reply to "Privacy"
vimh Member since:
2006-02-04

Policing and censorship? What does this software have to do with the government at your current location or anywhere else for that matter?

Privacy is important, that I can agree with. I take my privacy very seriously. The complaints here are by IT staff and are logistical in nature. This isn't about being beaten down by "the man" be it big business or government.

Sure there are businesses who may 'spy' on their employees and those emplyees may feel the need to hide some of their personal files. But I don't beleive that people need to be spending much time on personal tasks at work. Rather they should be doing some actual working. Hey I know, I should go try to encrypt the logs showing how much time I spend making comments at OSNews. That's private information.

If there is something that I want to be kept private, you can be sure it will not end up on a computer at work, encrypted or not.

Police state? Again, what does that have to do with this software? If it was different governments making a lot of noise about this software, you would have a point. But that's not who the article is talking about.

Besides, if I want to encrypt my data, you can be damn sure I'm not going to trust Microsoft to do it.

Reply Score: 1

Good thing
by Soulbender on Tue 18th Jul 2006 13:55 UTC
Soulbender
Member since:
2005-08-18

it's not already possible to easily encrypt files on a Windows PC. Come on now, I'm hardly pro-MS but this is just stupid.
If you run a corporate network and you are already not preventing users from installing whatever the hell they want you have bigger problems than the public folders add-on.

"without proper safeguards, what was intended as a benefit could turn into a big headache for businesses."
Uh, what safeguards? making it possible to decrypt the content without having the key? Then wtf is the point in the first place?

"Oh great, have they even thought about the impact this could have on enterprises."
Guess what? It doesn't say "for enterprise users".

"I'm already trying to frantically find information on this product so that A) I can block to all our desktops and B) figure out how we then support it when users inevitably lose files."
Oh my, having to do the job you're paid to do is such a chore. What kind of lazy a$$ excuse is this? And why aren't you already blocking every app by default?
Why are you even allowing users to install programs if this is such a big issue?

"I can see the benefit in this product for home users, but it's a bit of a sloppy release by Microsoft," Stuart Graham"
Here's some news for you, Mr Graham, there are a LOT of programs that aren't suitable for an enterprise desktop, some of them even made by MS.
Are you complaining every time a company releases a new app that isn't suitable for the enterprise?

Reply Score: 4

RE: Good thing
by kadymae on Tue 18th Jul 2006 14:16 UTC in reply to "Good thing"
kadymae Member since:
2005-08-02

If you run a corporate network and you are already not preventing users from installing whatever the hell they want you have bigger problems than the public folders add-on.

I don't know about corporations, but in the Academic world some institutions allow users to install whatever the hell they want because they're sick and tired of being called out (while in the middle of other projects) to download and install a new version of WMP/Flash/QT because a student/faculty member needs to watch a streaming video Right. Now.

(And if you're wondering what constitutes a Right. Now. emergency, I'd say logging in to start a required state proficency exam [a timed test] qualifies.)

I know a lot of people view things like WMP/Flash/QT as time wasting foibles and unneeded eye-candy, but in the Academic world they are leveraged all the time for multi-media distance learning.

Reply Score: 1

RE[2]: Good thing
by kaiwai on Tue 18th Jul 2006 18:43 UTC in reply to "RE: Good thing"
kaiwai Member since:
2005-07-06

I don't know about corporations, but in the Academic world some institutions allow users to install whatever the hell they want because they're sick and tired of being called out (while in the middle of other projects) to download and install a new version of WMP/Flash/QT because a student/faculty member needs to watch a streaming video Right. Now.

Then obviously the school installed software is terribly designed, because at the beginning of the year, all departments should know exactly what software they require for the said course; engineering will say that they need matlab, solidworks, and maple; the arts/humanities will say that they'll need internet access and Microsoft Office.

If these so-called 'tests' are part of the provided course, then the said applications would have already been installed on the computer for the end user to use, at the beginning of the year. If it isn't installed on the computer by default, by the university, then the end user obviously doesn't require it.

If that said user is so desperate to using the said feature, tell him or her to purchase a laptop of their own, then they can have the freedom to put on what ever the hell they want.

When I was at Caterbury, all computers were locked down, if the software wasn't available, the university had deened it not to be necessary for you to complete your course work.

Reply Score: 2

RE[3]: Good thing
by kadymae on Tue 18th Jul 2006 21:01 UTC in reply to "RE[2]: Good thing"
kadymae Member since:
2005-08-02

Then obviously the school installed software is terribly designed, because at the beginning of the year, all departments should know exactly what software they require for the said course; engineering will say that they need matlab, solidworks, and maple; the arts/humanities will say that they'll need internet access and Microsoft Office.

Oh, all departments should know, but often they don't, or they neglect to inform other departments of version changes. Or many times, vendors don't inform them until very late in the process.

Or you could get a situation where when the purchase order goes through only an a newer version is avalible and that's what gets sent. That's how you get half a campus with Office 2000 and the other with Office 2003. (And there's no money for the other departments to upgrade.)

Or, in terms of various purchase cycles and budget alotments, one department could be on W98 and others on W2k or XP.

Or, say a few departments use Macs ....

Or, say another is locked into using Sun and Solaris because the software vendor doesn't offer a Linux version ....

Or say a professor, at home, on their machine, creates a Flash file or WMP file and they have a newer version of the software than the U.

If these so-called 'tests' are part of the provided course,

Nope. Tests from various state and other regulatory agencies. The U has no say over them.

(Kinda sucks to try and view a Windows Media 9 video when the lab you're in only has WMP8.)


then the said applications would have already been installed on the computer for the end user to use, at the beginning of the year. If it isn't installed on the computer by default, by the university, then the end user obviously doesn't require it.

Well, what about when the U contracts out to a third party vendor for some on-line multimedia training. Once again problems are created when the vendor has the latest and greatest and the U doesn't.

If that said user is so desperate to using the said feature, tell him or her to purchase a laptop of their own, then they can have the freedom to put on what ever the hell they want.

And at home, I have done that.

Not practical at all for the student who is attending U on work-study or finanical aid.

When I was at Caterbury, all computers were locked down, if the software wasn't available, the university had deened it not to be necessary for you to complete your course work.

So, what do you do when you're taking an entry level digital photography class (bring your own camera) and you need to take the photos off of it so you can complete the Photoshop portion of the assignment, but none of the Lab's computers happen to have the driver for your model? Should the U be trying to find and download every possible driver for every possible camera in the market?

And years ago, that may have been practical, but with so much on-line multimedia distance ed going on involving content-creation that my particular department has no control over ...

... it has become necessary for students to install software to complete their course work.

---
And the IT department has found some extremely creative ways to cripple those admin accounts. Being Admin does not give a user a run of the computer or the network. ;)

Reply Score: 1

RE[4]: Good thing
by bytecoder on Tue 18th Jul 2006 22:32 UTC in reply to "RE[3]: Good thing"
bytecoder Member since:
2005-11-27

I think you're overexaggerating enormously. First of all, if you leave your system open like that, encrypted files are the least of your problems. It's a compromise: if you want a secure network, lock it down. Too much strain on your staff? Unlikely, but fine, just don't complain about it. Secondly, it seems as though software is needed on a single course basis, in that any computer for that course will need the software. It seems like you should just be doing batch installs when a newer version comes, or if the course needs some other type of software installed. If you can't manage that, then you're IT department is undermanned, and you should be complaining about your university rather than this.

Reply Score: 1

Wow
by eggs on Tue 18th Jul 2006 14:01 UTC
eggs
Member since:
2006-01-23

Look at the size of that mole hill! It's like a mountain!

Reply Score: 0

Doesn't Apple already offer this?
by iskios on Tue 18th Jul 2006 14:02 UTC
iskios
Member since:
2005-07-06

Doesn't Apple already offer this? And Linux must already have this capacity. I don't quite get how the MS offering is different.

I can chose to encrypt my home folder on my mac, and it is a feature of the OS, so why was there no complaint about this from businesses running Mac systems?

Not sure i get all the hubub here

Reply Score: 1

ThanhLy Member since:
2006-03-14

Yes, it's called File Vault (http://www.apple.com/macosx/features/filevault/) and there have been complaints about it as well. IIRC when it was first released there was a bug that lead to data loss in encrypted folders.

http://www.theregister.co.uk/2003/11/04/panther_bitten_by_second_da...
http://www.macfixit.com/staticpages/index.php?page=2003111009341728...

Reply Score: 1

tpaws Member since:
2006-06-02

The difference between MS 'Private Folders' and OS X 'Filevault' is that system administrators can reset 'Filevault' passwords, but cannot reset 'Private Folders' passwords.

Reply Score: 2

Stupid is as stupid does.
by SpasmaticSeacow on Tue 18th Jul 2006 14:15 UTC
SpasmaticSeacow
Member since:
2006-02-17

The outcry is the collective wail of a bevy of morons.

Yes, a "private folder" could be a headache, but encrypting data is pretty straight forward, and anyone that cared to was able to do so prior and can still do so without MS' tool. You can't even claim that MS makes it so easy that it'll rope people in because TrueCrypt is already much easier and doesn't need to be "installed" -- and it's also harder to crack.

If those joining the "outcry" weren't already aware of this, shame on them. It ought to be enough for them to ask people not to encrypt company information on company computers.

MS is simply trying to keep up with the Jones' with Public Folder so they say that they have a feature comparable with that of Mac OS/X without having to point to a superior open-source product that does the same thing but easier and more securely.

Reply Score: 3

Clueless Admins
by Googlesaurus on Tue 18th Jul 2006 15:50 UTC
Googlesaurus
Member since:
2005-10-19

An admin allowing a user to download and install software on a system under his/her control just doesn't make sense to me. Perhaps I am missing something, but I sure as hell don't permit such.

Sounds like something a 21 year old tech school whiz kid armed with a fresh MCSE would do.

Reply Score: 3

RE: Clueless Admins
by kadymae on Tue 18th Jul 2006 16:53 UTC in reply to "Clueless Admins"
kadymae Member since:
2005-08-02

An admin allowing a user to download and install software on a system under his/her control just doesn't make sense to me. Perhaps I am missing something, but I sure as hell don't permit such.

But how many users in your building? And how large is your IT staff?

Because, like I said in an earlier post, where I work (academic environment) IT just doesn't have the staff to run across several hundred thousand square feet of floor space (I'm not kidding about the size of the building) to install drivers for flash drives or digital cameras, or to do "I need it right now to complete a project/assignment" installs of QT/Flash/WMP.

It is essential where I work that people be able to install what they need whenever they want.

And, without going into details, the IT staff has found a way (involving 3rd party software) to make this happen without allowing for the massive spreading of malware or compromising the integrity of the network.

---

And why doesn't the IT staff just use the network to push software updates across the building? It's one thing to have a software conflict on one machine. It's quite another if a conflict borks up over 300 machines.

Other than vital security patches, software updates are not propagated via the network until they are completely tested for conflicts, and then all the machines are re-imaged.

Edited 2006-07-18 16:58

Reply Score: 1

RE[2]: Clueless Admins
by Googlesaurus on Wed 19th Jul 2006 07:25 UTC in reply to "RE: Clueless Admins"
Googlesaurus Member since:
2005-10-19

"It is essential where I work that people be able to install what they need whenever they want."

No, it's not. You are either working for a ship of fools, or steering the Titanic. If you actually allow users to behave in this manner, you need to find another job. (essential is b.s.) Who the hell convinced you of this?

There are 245 workstations on our network with a support staff or four.(just cuz ya asked) Four with all their stuff in one sack, I might add. I'm the only one with any certs. (woo-hoo) LMAO

Reply Score: 1

Encryption?
by elzurawka on Tue 18th Jul 2006 16:06 UTC
elzurawka
Member since:
2005-07-08

Encryption is not nessissarly needed. On a linux system, using permisssions, you can set it up such that no one else has any access to edit, or view your files or their contents. Sure if they have physical acecess to the drive, they could steal it and then mount it and get the date. But we all know there i no perfect encryption, so if they steal it, they will eventually get at your Data anyway. There is no real reason for a need to encrypt your files, unless they are being moves offsite. While they are on a cental server, there should be no need to encrypt anything that is not classified a Confidential, and then there are programs that can be used to do this is. Encryption is good, but if its over used, then it becomes bad.

Like i said, as long as you have permissions on folder, there should not be a need for encryption for the average corporate user, only for things that are taken off site.

Reply Score: 1

RE: Encryption?
by bedo on Tue 18th Jul 2006 16:59 UTC in reply to "Encryption?"
bedo Member since:
2006-01-03

not totally true; administrators can access your files, regardless of your permissions set. and sometimes you don't want anyone to access your files. like future products or road maps; which you don't want adminitstrator who may leave the company the next day to access it.

your remarks about "there's no perfect encryption" are not true. If you use modern encryption algorithms, no one can break it.

Reply Score: 2

RE[2]: Good thing
by Soulbender on Wed 19th Jul 2006 04:39 UTC
Soulbender
Member since:
2005-08-18

"I don't know about corporations, but in the Academic world some institutions allow users to install whatever the hell they want because they're sick and tired of being called out (while in the middle of other projects) to download and install a new version of WMP/Flash/QT because a student/faculty member needs to watch a streaming video Right. Now."

It's not Microsoft's problem that your academic institution is run by incompetent people.

Reply Score: 1

RE[2]: Doesn't Apple already offer this?
by Soulbender on Wed 19th Jul 2006 04:42 UTC
Soulbender
Member since:
2005-08-18

"that system administrators can reset 'Filevault' passwords, but cannot reset 'Private Folders' passwords."

That's a design flaw in Filevault then.

Reply Score: 1

RE[2]: Encryption?
by Soulbender on Wed 19th Jul 2006 04:46 UTC
Soulbender
Member since:
2005-08-18

"If you use modern encryption algorithms, no one can break it."

Not true. All encryption algorithms can be brute-forced, the trick is to make it prohibitively expensive in terms of time and resources to do so.

Reply Score: 1

Ah I can dream.
by Quag7 on Wed 19th Jul 2006 18:28 UTC
Quag7
Member since:
2005-07-28

Man I wish I had jobs like so many here on osnews.com apparently do where I could set sane restrictive IT policies rather than have to simply abide by what's already in place.

Wish I had the budgets to overhaul our systems, bring all of our systems into some kind of common configuration, and training budgets to make sure that everyone is not "incompetent" or underpaid. Wish I had the big budget to replace and standardize on hardware, add appropriate redundancy/fallover to our servers, and have a crack staff of geniuses.

Wish I had the foresight to determine exactly what people would need for the coming year in a constantly changing environment of revolving-door staff, projects that get started and die a few months later, mass layoffs, mass hires, and changing needs.

Wish I had supervisors who didn't see me as an impediment to business when I said "no" to some whim of a manager who knows little to nothing about computers even though what they're asking for opens up gaping security holes. Wish users didn't have a "me too!" attitude when an exception is made for one that now needs, apparently, to be made for everyone else.

I wish that experienced people who have used computers for a decade or more would stop installing spyware, opening anything that comes into their mailbox, and stop changing their passwords to "12345678." I wish I could implement policies forcing this behavior without being told that I'm being unreasonable by people who outrank me hierarchically, that people can't remember complex passwords even though I keep track of 40 or so not including user accounts.

Wish I didn't receive draconian security directives from one organization, and libertine fly-hanging-open demands from another, both to be implemented fully and immediately.

And what with all of those thousands and thousands of well-paying jobs here in my job market, I really ought to just quit and get a job where I am lord and master of everything.

Well, I can dream. I truly admire those who run crackshot IT staffs, can lock everything down, administer everything from one place, and say no to personnel who make questionable requests.

Unfortunately it seems, we play the cards we are dealt. Some of us anyway, who can't simply march into a company or institution that runs things the way we'd want them run, and name our salary.

Reply Score: 1

RE: Ah I can dream.
by hairyneanderthal on Thu 20th Jul 2006 14:26 UTC in reply to "Ah I can dream."
hairyneanderthal Member since:
2006-07-20

Well said, I was begining to think I was in some sort of "Stepford wives" version of the IT world reading some of the posts here.
Things like this can quickly turn into an administrative nightmare and you often have little control over policy sometimes. Fine if you know what you're doing and are in complete control, but does this really applies to "all" of those of of the posters here saying this isn't a problem?

Reply Score: 1