Re: Microsoft shutters Windows private folders

[Peter Kosinar <goober () nuf ksp sk>]

> Weither or not you have good or evil admins they are not gods.
> Just because they administer networks and systems doesn't
> mean that should have access to the data on the systems and
> the network they administer.
>
> Either way... there's no such thing as absolute security and
> using EFS, Private Folders, other data encryption mechanisms
> makes it much harder to compromise data confidentiality.

Right but it has already been pointed out that it's virtually impossible 
to protect the data from the evil admin (yes, proper infrastructure -can- 
help a lot but, as you've said, there is no such thing as absolute 
security).

Moreover, the C*O's are very often a bit strange people -- WHEN they 
forget/delete their password/passphrase/secret key/..., they EXPECT help 
from the very admin they were trying to protect their data from and even 
BLAME him/her for their own mistake if (s)he can't help.

> If I use the same logic about bypassing protection mechanisms
> than I can say that a safe in a secret bunker with an army of guards
> can't protect CEO's data either... All I have to do is inject him with
> a poison that activates within 2 hours if an antidote is not given...

Right. It's the weakest link that matters, not the strongest one. If it is 
the machine, it'll get attacked. If it is the CEO, (s)he'll get attacked.

Peter

--
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.