« Microsoft to allow ActiveX installs for non-admin users in Vista
Security is not the CISO or CIO’s job… »

Again, Microsoft sacrifices security under pressure

In Sans NewsBites from 17 July:

Microsoft has “pulled” Private Folder 1.0, a Windows add-on. The free software allowed users to protect folders with passwords; the purpose of the software is to help people who share PCs protect their data from others who use the same computer. The software was available to users participating in Microsoft’s Windows Genuine Advantage software verification program. Corporate users complained the software could create situations in which company data would be inaccessible to those who need it.

As I pointed out previously, I think this will be a trend going forward. (As it has been in the past).

Microsoft delivers “their most secure operating system, ever,” but when business users complain about the features, the feature is removed, or disabled.

Security must be simple, or users will find ways of circumventing it.

Microsoft EFS is not overly challenging to set up, and allows decryption by a pre-specified authorized agent.

Instead of removing a feature good for home users who may not care about data recovery agents, Microsoft opts to yank the whole feature.

I’d have liked to see a different approach.

Bill

This entry was posted on Sunday, July 23rd, 2006 at 11:34 am and is filed under Microsoft, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Again, Microsoft sacrifices security under pressure”

  1. David Says:
    August 23rd, 2006 at 9:01 am

    Hey Bill,

    Kristy told me you had a blog. I thought I would see if I could recapture the JMU magic ;-}

    >Microsoft delivers “their most
    >secure operating system, ever,”
    >but when business users complain >about the features, the feature
    >is removed, or disabled.

    Ahhh, but is not data availability also a goal of security? What if the employee was hiding kiddie porn in that encrypted folder. Is the company not responsible for the misuse of that system?

    >Microsoft EFS is not overly >challenging to set up, and allows >decryption by a pre-specified >authorized agent.

    I agree with this whole heartedly and an home users that use XP Professional can set up EFS to encrypt the folders they need to keep private already.

    >Instead of removing a feature good >for home users who may not care >about data recovery agents, >Microsoft opts to yank the whole >feature.

    I agree that it an interesting move, but given that it was an additional download and that there are other “additional downloads” that do the same thing, I am not convinced it is really a huge deal.

    David

Leave a Reply