What is it with the complete lack of internal security?

Tommy B · 13 Jun 2007 at 22:20

OK can people stop being pedantic.

I know fully well how to add a Bios password and a username password, but some of you are missing the point. Not all of us are the sole users of our PC which never leaves the bedroom. There are loads of scenarios, especially with a laptop, where other people are playing about with them. The point is there are still ways people accidentally bump into personal information.

Tommy B · 13 Jun 2007 at 22:21

alangelluk said:
just add files to be kept secret into a zip file and encrypt it????

It becomes a pain when you have to constantly read and update the file, or alternatively if the file is large.

Dano · 13 Jun 2007 at 22:22

Energize said:
Because if someone gains access to the account there will be nothing stopping them from doing anything they want. That would be like a bank having all their customers details completley unencrpyted in a notepad file on a managers pc.

I remember when I needed to get some documents from a corrupted windows installation, all I had to do was change some permissions and I was able to access the users folders and all the files in them. Shocking unsecure. If they had been in an encrpyted folder they would have been secure however.

Yet if the administrator account had been password protected you'd have been unable to do even that. It comes from a poor understanding (which I directly attribute to pc retailers, manufactorers and M$ for a lack of easy to understand information during the account creation section of an install/first switch on) of how user accounts work and what exactly an administrator account is and how it should be used.

Dano · 13 Jun 2007 at 22:27

Tommy B said:
OK can people stop being pedantic.

I know fully well how to add a Bios password and a username password, but some of you are missing the point. Not all of us are the sole users of our PC which never leaves the bedroom. There are loads of scenarios, especially with a laptop, where other people are playing about with them. The point is there are still ways people accidentally bump into personal information.

Password protect the account and turn on screensaver prompt for password.

NathanE · 13 Jun 2007 at 22:28

Tommy B said:
OK can people stop being pedantic.

I know fully well how to add a Bios password and a username password, but some of you are missing the point. Not all of us are the sole users of our PC which never leaves the bedroom. There are loads of scenarios, especially with a laptop, where other people are playing about with them. The point is there are still ways people accidentally bump into personal information.

How are we missing the point? This is *exactly* the point we are discussing.

You need to create seperate accounts for each user of the PC. You can then use NTFS security to lock down folders to certain users or groups of the PC.

I can never understand why a whole family share the same account because it means everyone has to use the same IE favourites and same desktop wallpaper etc... there is just one profile that nobody can customise to their liking.

The issue of walking away leaving the PC logged into your account can be solved by enabling a screensaver and ticking the security box. You can use WINKEY+L to lock the workstation which has the same effect.

marc2003 · 13 Jun 2007 at 22:34

separate user accounts are the way to go. i mean where do you draw the line with password protecting stuff on your own user account? i'm sure even your browser has bookmarks you don't want others to see (or is that just me

)

with fast user switching, it's just a simple key combination to let someone free on your pc with no worries over your personal data.

m4cc45 · 13 Jun 2007 at 22:35

I suggest you look at it the other way.

Imagine you could right click on any folder and add a password to it. Sooner or later some idiot would protect program files or the windows folder. Thus stopping windows accessing the files and crashing the PC and then another call to support.

There are lots of tools out there that do the functionality you require - it depends on how secure and what exactly you want to achieve. Most of the virual folder ones are free as well where as the full disk encryption (which is over the top for what you want) is a paid-for product.

M.

Energize · 13 Jun 2007 at 22:38

Dano said:
Yet if the administrator account had been password protected you'd have been unable to do even that. It comes from a poor understanding (which I directly attribute to pc retailers, manufactorers and M$ for a lack of easy to understand information during the account creation section of an install/first switch on) of how user accounts work and what exactly an administrator account is and how it should be used.

It was password protected, it was my pc.

I put the hdd with the corrupted install on into another pc, found my docs folder , changed some settings and I got complete access to it.

marc2003 · 13 Jun 2007 at 22:40

Energize said:
It was password protected, it was my pc.

to access ntfs protected files you have to

a) re-install windows
b) set the drive as a slave on another windows install

i think that's enough to stop the casual user looking at your data. if it really is top secret stuff, then encryption is what you want.

Energize · 13 Jun 2007 at 22:44

But if it was someone with basic pc knowledge all your information would be found, if windows password protected the my docs folder, the problem would be avoided. I can't actually believe how insecure it is.

Final8y · 13 Jun 2007 at 22:45

So really its not the lack of security but a certain security feature that you want but that feature could lead to a load of trouble on shared account.

You set a PW on a sub folder & then someone can set another PW on the one before locking you out.
It maybe your computer but your not the only one using it no matter how you like to slice it, no matter if its your intention to be the only one.
You have your account PW & then guest account, its really that simple.

Dano · 13 Jun 2007 at 22:46

Energize said:
It was password protected, it was my pc.

I put the hdd with the corrupted install on into another pc, found my docs folder , changed some settings and I got complete access to it.

Yes, and you logged in as administrator on the working pc I take it? Which of course enables you to take ownership of the files, unless they were not private at which point they would not have been encrypted and anybody could view them.

There are of course always ways around it but how likely is it that someone will remove your hard drive and put it in a different system just so they can access your data? If it's likely then you need to be thinking about locking the room the computer is in to be honest.

Final8y · 13 Jun 2007 at 22:48

Going way off from what the OP was asking about.

Energize · 13 Jun 2007 at 22:49

However unlikely it is, the risk shouldn't be there, it could easily be avoided, why password protection isn't optional for certain folders is beyond me. It's something I see requested time and time again.

Tommy B · 13 Jun 2007 at 22:51

No you don't get it.

I don't mind people using my PC and I let them when I'm not around and when I'm there with them. HOWEVER, I'd still like to hide specific documents without having to create separate user accounts. Jesus what is so damn hard about understanding this?

Why would I want a screensaver when you can press Winkey+L?

Dano · 13 Jun 2007 at 22:52

Energize said:
However unlikely it is, the risk shouldn't be there, it could easily be avoided, why password protection isn't optional for certain folders is beyond me.

You're making the assumption that folder level password protection is more secure than NTFS permissions, I'd almost guarantee it wouldn't be.

Dano · 13 Jun 2007 at 22:57

Tommy B said:
No you don't get it.

I don't mind people using my PC and I let them when I'm not around and when I'm there with them. HOWEVER, I'd still like to hide specific documents without having to create separate user accounts. Jesus what is so damn hard about understanding this?

The fact that it would take you about 20 seconds to create another user account and why you fail to see this as a reasonable option that already exists is what I'm having issues with, don't know about anybody else...

weringo · 13 Jun 2007 at 23:04

Although you can create seperate accounts and password them, it would just be much easier if you can set passwords to certain files a folders and you then don't need to worry about logging off/switching user when leaving your PC.

Another thing is when you make files on a user account private I don't believe you can access them from accross a network, which is just inconvenient.

Final8y · 13 Jun 2007 at 23:05

Tommy B said:
No you don't get it.

I don't mind people using my PC and I let them when I'm not around and when I'm there with them. HOWEVER, I'd still like to hide specific documents without having to create separate user accounts. Jesus what is so damn hard about understanding this?

Why would I want a screensaver when you can press Winkey+L?

I understand that but it just comes across as cant be bothered, to lazy to have just one guest account that everyone else can use.

Energize · 13 Jun 2007 at 23:08

Dano said:
You're making the assumption that folder level password protection is more secure than NTFS permissions, I'd almost guarantee it wouldn't be.

It would be far more secure as long as it used encryption, god I can't see it possibly being less secure.