how-to block ads
|
Vig
Thread-safe since 1997
Premium
join:2004-03-23
San Diego, CA
 ·RoadRunner Cable
| reply to altermatt
Re: Windows EFS: huh?
The one case this does protect against is someone gaining physical access to the machine that is not logged in at the time. If someone can walk up to the machine and grab the hard drive or somehow take some files off of it without being able to log in, he would then have to crack the account credentials to see the encrypted files.
I guess I don't agree with the assumption that anyone gaining physical access would be able to do so with the account logged in and waiting for him. File encryption of this type would offer some protection, at least for someone conscientious enough to lock the terminal before walking away.
Whether it makes sense to have an encryption scheme without a dedicated password (rather than using the account login credentials as this does) is a different topic. Personally, I would be more comfortable with a separate password for file encryption, but I don't think it's absolutely necessary in order for the encryption to have value.
--
Visit the land of the never-setting sun | |
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
| Right. The EFS model seems to me to be protecting against theft. It implicitly assumes that while the computer is operational, the data are adequately protected by the operating system, which in this OS means usernames/passwords/permissions. But the operating system can't help when it's not running (disk placed in different machine, other OS installed on same disk as means to get at protected data, etc.) and that's what EFS is for.
EFS will protect files on your stolen laptop, but not if you have that laptop configured for automatic login.
I'm not saying that a desire for an explicit password is invalid, but that's not the situation that EFS is designed for. | |
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| said by dave  : But the operating system can't help when it's not running (disk placed in different machine, other OS installed on same disk as means to get at protected data, etc.) and that's what EFS is for. If I use permissions to let only "harry" have access to a file, I was assuming that one has to be logged in as "harry" to have access to it. But now I'm understanding that putting the disk in another machine, without harry's credentials, still givse the thief access to the file? Once the disk is on another machine, the permissions aren't enforced? So that is what EFS can do?
Still seems like a limited tool when other encryption programs, even PGP, let you encrypt a file so that in the same machine OR another machine, no one can access it without the password and key, right?
Thanks for the explanations, guys; I think I understand EFS a bit better now, though obviously I'm still not quite convinced of its value compared to most other encryption programs. I should think that the likelihood of someone removing the hard drive, especially from a laptop, to recover files is low compared to someone gaining access to the account when a worker walks away from his machine. I'd always assumed EFS used a password. Live and learn  .
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick | |
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
| said by altermatt :If I use permissions to let only "harry" have access to a file, I was assuming that one has to be logged in as "harry" to have access to it. Yes, but. Anyone who has administrator access to that machine can forcibly seize ownership of the file, and change the permission.
So your privacy is limited by the trust you place in other people who have admin access to the machine. If you're the only admin, you're safe. Others, no so much.
But now I'm understanding that putting the disk in another machine, without harry's credentials, still givse the thief access to the file? Yes, in the sense that the thief will surely have admin access on his machine. So he can take ownership of the files on the stolen disk, change the permissions, and see them.
The same thing is true if I simply reinstall the OS from scratch on a stolen computer, probably your laptop. I'm now the admin. Your files are mine. I don't need to remove the disk - the real risk is 'accessing the disk from an OS I control'.
Once the disk is on another machine, the permissions aren't enforced? Yes, they're enforced. But what you can't control is who gets administrative control.
Ultimately, an admin gets to do what he likes with file ownership, one way or another. This 'hole' in the protection system is a necessary one; otherwise there would be cases where you'd be unable to get at files because the owner couldn't be there (forgot his password, got run over by a bus, got fired, etc).
So that is what EFS can do? Yes.
Still seems like a limited tool when other encryption programs, even PGP, let you encrypt a file so that in the same machine OR another machine, no one can access it without the password and key, right? You say 'limited', I say 'well-integrated and doesn't keep bugging me for the damn password it already knows'
Especially since on my work machines I often run programs when I am not sitting at the computer. (I don't keep the disk encrypyted, but if I did, a type-the-password solution would be a serious inconvenience).
It just depends on what you're trying to achieve. You're thinking in terms of one or two files, I suppose. Imagine a file system with thousands of files encrypted, that were in frequent use. Are you going to get prompted for every file opened? | |
altermatt
Premium
join:2004-01-22
White Plains, NY
·Verizon Online DSL
| Thanks, Dave. I really didn't know you couldn't set permissions to include JUST a user and not the admin.! So learned even more than about EFS.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick | |
|
