And Just like that

  • And Just like that

    Private Folders are gone after complaints from users. Mostly corporate users and as an administrator that was more into the control area, I agree with the decision and the complaints.

    It's not that we don't need better security, or even that our user's shouldn't be able to protect resources from access by administrators. I can see the need for that and I hope Microsoft continues to work on this.

    My problem is the same one that I see over and over. Users forget passwords or the phrase, or whatever their method of gaining access and come find the administrator. And usually it's for some critical document that will be used in a sales meeting in an hour and they don't have a backup, and somehow we have to recover it.

    And the user is the CEO.

    I know the centralized escrow of keys is frowned upon, but there needs to be a way for users to easily escrow their keys. Not that they might not forget those as well, but there should be a way to do this.

    Most people aren't careful or knowledgeable enough to use a feature like this. They just can't handle the responsibility of encrpytion and ensuring they can recover documents. However there are still many that can and something that allows them to protect information should be available.

    I'm still looking forward to Private Folders 3.0, which should have most of the bugs worked out.

    Steve Jones

  • Oh man!  First the Fat Boys break up, then Microsoft Bob goes away... and now this!!!  Arrrgghh!!!

  • While the logic of the argument for pulling Private Folders makes sense from an administrative point of view, the problem the release had wasn't related to bugs. It was related to the fact that the utility was actually secure, without a known back door for administrators. Even unintentionally calling its encryption/recovery issue a bug is wrong, which means the release 3.0 joke falls somewhat flat.

    What I find endlessly amusing about this experience is that MS gets bashed almost daily, if not hourly, for "security issues." The first thing they release that seems to actually be secure, they get bashed. The same crowd who does the bashing is essentially now asking them to punch a hole a truck could drive through into a utility that is, at least in its intent, supposed to be fully secure.

    And, yes, I know the issue isn't identical to the O/S security issues, or Office issues, etc. But the point remains that they just proved how difficult it actually is to navigate security in the computer realm. Not secure enough...get a smack; too secure...get a smack. For a nanosecond I actually felt sorry for them.

  • Shoot. One thing MS does RIGHT and it gets PULLED!

    Giving people the option to actually protect their data and there is all this whining about what happens to users who forget passwords. Sheesh. It would finally have brought privacy into the mainstream. Why are people so afraid of security?

    The sad thing is that a perceived problem in the corporate world has removed a critical tool from the private user's arsenal.

    Doesn't directly affect me, I use Truecrypt, but it would have been tempting.

     

    I know the centralized escrow of keys is frowned upon, but there needs to be a way for users to easily escrow their keys

    Yes, it's called 'write it down and put it in a safe place or give it to a trusted friend'. Alas if someone can't be trusted to do this, then don't give them install rights. In cases where there are corporate or legal reasons for access to company computers, installing a security package provided by IT and a policy against unapproved installs would address the issue. Making true security unavailable for the general population because of this concern is disgraceful.

     

    ...

    -- FORTRAN manual for Xerox Computers --

  • <rant>The points made in this editorial reflect the ignorance I see a lot in the Microsoft fan crowd. There are a lot of people out there that are completely ignorant of software that doesn't come from Microsoft. If Microsoft doesn't make it, it's either invisible, or it's not real software.

    There are a LOT of free encryption programs out there, offering everything from providing secure folders to securely storing passwords. The world isn't going to end for personal security because Microsoft pulled their solution.</rant>

    Sorry for the harsh reply...please return to your normally scheduled programming.

  • I don't think I was implying only Microsoft can or should make security software. I use Password Safe myself and have written about it many times.

    The issue is often that most user's want something integrated, for better or worse. I have pushed many friend to choose something to secure data, but they don't want to "install" something new, despite the fact that many utilties like Password Safe don't even need an install.

    Have any of you dealt with lots of users out there? They can't remember where they wrote down the codes. Or they tape them to the monitor/desk/keyboard something.

    Security is hard. And it's a pain for most users. Corporate administrators need a way to help protect users from themselves and this wasn't it. I admit I haven't used Private Folders, but I don't think it's been out long enough to see if there are bugs.

  • "The issue is often that most user's want something integrated, for better or worse."

    And is Microsoft the only company in the world that knows how to make 'integrated' software? Yes, yes, I know that since Microsoft makes their OS, the belief is that their software is somehow more 'integrated' than 3rd party products (this is also the basis of many lawsuits in which Microsoft has been the defendant). But, this is just more of the same ignorance I was complaining about. But I like to complain a lot, sorry for taking my frustrations out on you.

    I totally agree with you though, Steve, that security is very hard. When you want to add more security, you also remove simplicity and ease of use. Someone is always going to be unhappy about your decision.

  • The problem is that Microsoft makes the OS, so they have to "integrate" the software.

    I see your point and it's valid, but not practical. For some reason, most users that wouldn't think twice about installing the wonderful new Pirates of the Carribean toolbar or new wallpaper by clicking an email won't install security software.

  • "The problem is that Microsoft makes the OS, so they have to 'integrate' the software."

    I can't fault Microsoft for wanting to own software in every market (although I do disagree with this goal), and I can't fault them for integrating such software with their OS; but I do fault ignorant IT people for thinking that Microsoft's solution is the only solution.

  • The problem is, though that while this might be a problem in a corporate environment, it is valuable in the personal computer world. The whining of administrators (instead of working on policy) caused this to be pulled, eventually to be replaced, perhaps with something with a global back door.

    ...

    -- FORTRAN manual for Xerox Computers --

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply