Comments on: Again, Microsoft sacrifices security under pressure http://www.wrgross.com/blogs/security/2006/07/23/again-microsoft-sacrifices-security-under-pressure/ All manner of goodness respecting the secure operation of digital systems. Sun, 20 May 2012 01:39:49 +0000 http://wordpress.org/?v=2.6.1 By: David http://www.wrgross.com/blogs/security/2006/07/23/again-microsoft-sacrifices-security-under-pressure/#comment-3 David Wed, 23 Aug 2006 13:01:00 +0000 http://www.wrgross.com/blogs/security/2006/07/23/again-microsoft-sacrifices-security-under-pressure/#comment-3 Hey Bill, Kristy told me you had a blog. I thought I would see if I could recapture the JMU magic ;-} >Microsoft delivers “their most >secure operating system, ever,” >but when business users complain >about the features, the feature >is removed, or disabled. Ahhh, but is not data availability also a goal of security? What if the employee was hiding kiddie porn in that encrypted folder. Is the company not responsible for the misuse of that system? >Microsoft EFS is not overly >challenging to set up, and allows >decryption by a pre-specified >authorized agent. I agree with this whole heartedly and an home users that use XP Professional can set up EFS to encrypt the folders they need to keep private already. >Instead of removing a feature good >for home users who may not care >about data recovery agents, >Microsoft opts to yank the whole >feature. I agree that it an interesting move, but given that it was an additional download and that there are other "additional downloads" that do the same thing, I am not convinced it is really a huge deal. David Hey Bill,

Kristy told me you had a blog. I thought I would see if I could recapture the JMU magic ;-}

>Microsoft delivers “their most
>secure operating system, ever,”
>but when business users complain >about the features, the feature
>is removed, or disabled.

Ahhh, but is not data availability also a goal of security? What if the employee was hiding kiddie porn in that encrypted folder. Is the company not responsible for the misuse of that system?

>Microsoft EFS is not overly >challenging to set up, and allows >decryption by a pre-specified >authorized agent.

I agree with this whole heartedly and an home users that use XP Professional can set up EFS to encrypt the folders they need to keep private already.

>Instead of removing a feature good >for home users who may not care >about data recovery agents, >Microsoft opts to yank the whole >feature.

I agree that it an interesting move, but given that it was an additional download and that there are other “additional downloads” that do the same thing, I am not convinced it is really a huge deal.

David

]]>