Hi everyone,
I’m developing an encryption minifilter for MS Office Suite.
I’ve already known that Office uses temp files for saving.
I’ve done that in MS Word.
But in MS Excel, I cannot get the name of the temp files it created.
I did see it in FileSpy, something like: E:\A0265400 and the return value is OBJECT_FILE_NAME_NOT_FOUND.
But I cannot catch it in my minifilter.
I’ve searched the list and found that a lot people have the same problem with me, but I’ve not found the answer.
Can any one give me the solution please? Thanks a lot.
Given that Office already has encryption available, how will yours be an improvement? I won’t even ask if you intend to take your product through the same QA and Beta process as Office has already gone through.
Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
On Mar 26, 2012, at 5:13 AM, xxxxx@gmail.com wrote:
Hi everyone,
I’m developing an encryption minifilter for MS Office Suite.
I’ve already known that Office uses temp files for saving.
I’ve done that in MS Word.
But in MS Excel, I cannot get the name of the temp files it created.
I did see it in FileSpy, something like: E:\A0265400 and the return value is OBJECT_FILE_NAME_NOT_FOUND.
But I cannot catch it in my minifilter.
I’ve searched the list and found that a lot people have the same problem with me, but I’ve not found the answer.
Can any one give me the solution please? Thanks a lot.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Sorry, I’ve just started with minifilter, and the applications I chose are
ms office suite after finishing with notepad. And now, I have a problem
with Excel. This is the third times someone answers to me like this. I
wonder if were I wrong when posting that question here?
On Mon, Mar 26, 2012 at 7:17 PM, Gary Little wrote:
> Given that Office already has encryption available, how will yours be an
> improvement? I won’t even ask if you intend to take your product through
> the same QA and Beta process as Office has already gone through.
>
> Gary Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
> On Mar 26, 2012, at 5:13 AM, xxxxx@gmail.com wrote:
>
> Hi everyone,
> I’m developing an encryption minifilter for MS Office Suite.
> I’ve already known that Office uses temp files for saving.
> I’ve done that in MS Word.
> But in MS Excel, I cannot get the name of the temp files it created.
> I did see it in FileSpy, something like: E:\A0265400 and the return value
> is OBJECT_FILE_NAME_NOT_FOUND.
> But I cannot catch it in my minifilter.
> I’ve searched the list and found that a lot people have the same problem
> with me, but I’ve not found the answer.
> Can any one give me the solution please? Thanks a lot.
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Regards,
Nhat
Hoang Xuan Quang Nhat
Faculty of Information Technology
University of Science - Vietnam National University HCM
You still did not answer the question. Why are you trying to do something that has already been accomplished? Is your idea going to produce better encryption than already provided? If you do manage to provide something better, and I really find that unlikely, how do you intend to accomplish an equivalent QA and Beta program that existing software, namely Microsoft Office, has already passed? There tends to be an arrogance associated with this industry that states “WE CAN ALWAYS DO IT BETTER THAN YOU”. After a decade or two you finally realize you’ve wasted a hell of a lot time just being an arrogant asshole, and seldom if ever improved anything. Most of your time is spent in getting what you’re working on to work, hopefully within some defined scope, and hopefully as close to the original intent as possible.
So again I restate the question: Why are you re-inventing the encryption already existing in MS Office? How will you make it better?
will it be as stable and reliable? (Note, I’m not stating MS Office is stable or reliable. But will your product provide better stability and reliability?)
Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
On Mar 26, 2012, at 7:23 AM, Nhat Hoang wrote:
Sorry, I’ve just started with minifilter, and the applications I chose are ms office suite after finishing with notepad. And now, I have a problem with Excel. This is the third times someone answers to me like this. I wonder if were I wrong when posting that question here?
On Mon, Mar 26, 2012 at 7:17 PM, Gary Little wrote:
> Given that Office already has encryption available, how will yours be an improvement? I won’t even ask if you intend to take your product through the same QA and Beta process as Office has already gone through.
>
> Gary Little
> H (952) 223-1349
> C (952) 454-4629
> xxxxx@comcast.net
>
>
> On Mar 26, 2012, at 5:13 AM, xxxxx@gmail.com wrote:
>
>> Hi everyone,
>> I’m developing an encryption minifilter for MS Office Suite.
>> I’ve already known that Office uses temp files for saving.
>> I’ve done that in MS Word.
>> But in MS Excel, I cannot get the name of the temp files it created.
>> I did see it in FileSpy, something like: E:\A0265400 and the return value is OBJECT_FILE_NAME_NOT_FOUND.
>> But I cannot catch it in my minifilter.
>> I’ve searched the list and found that a lot people have the same problem with me, but I’ve not found the answer.
>> Can any one give me the solution please? Thanks a lot.
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> –
> Regards,
> Nhat
>
> Hoang Xuan Quang Nhat
> Faculty of Information Technology
> University of Science - Vietnam National University HCM
>
> — NTFSD is sponsored by OSR For our schedule of debugging and file system seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
OK … sorry but why is this always the same response that comes up when
someone is trying to implement an encryption filter? If they had
indicated they are implementing it for ONLY Office then these answers
are warranted but in every case it is not the case.
As I have said several times in the past, and several other people have
said, the MS Office Suite is a GREAT testing tool to ensure that your
encryption filter is working correctly. As the OP indicated they started
with Notepad and have now moved onto the Office apps … they are not
trying to reinvent the wheel here, just trying to ensure they’re filter
is working.
Now to answer the OP’s question, for testing purposes you could try to
isolate it based on a single directory and encrypt everything within
that directory. If you isolate based this then you will see the temp
files being created by the Office apps.
Pete
On 3/26/2012 7:18 AM, Gary Little wrote:
You still did not answer the question. Why are you trying to do
something that has already been accomplished? Is your idea going to
produce better encryption than already provided? If you do manage to
provide something better, and I really find that unlikely, how do you
intend to accomplish an equivalent QA and Beta program that existing
software, namely Microsoft Office, has already passed? There tends to be
an arrogance associated with this industry that states “WE CAN ALWAYS DO
IT BETTER THAN YOU”. After a decade or two you finally realize you’ve
wasted a hell of a lot time just being an arrogant asshole, and seldom
if ever improved anything. Most of your time is spent in getting what
you’re working on to work, hopefully within some defined scope, and
hopefully as close to the original intent as possible.So again I restate the question: Why are you re-inventing the encryption
already existing in MS Office? How will you make it better?
will it be as stable and reliable? (Note, I’m not stating MS Office is
stable or reliable. But will your product provide better stability and
reliability?)Gary Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net mailto:xxxxx
>
>
> On Mar 26, 2012, at 7:23 AM, Nhat Hoang wrote:
>
>> Sorry, I’ve just started with minifilter, and the applications I chose
>> are ms office suite after finishing with notepad. And now, I have a
>> problem with Excel. This is the third times someone answers to me like
>> this. I wonder if were I wrong when posting that question here?
>>
>> On Mon, Mar 26, 2012 at 7:17 PM, Gary Little >> mailto:xxxxx> wrote:
>>
>> Given that Office already has encryption available, how will yours
>> be an improvement? I won’t even ask if you intend to take your
>> product through the same QA and Beta process as Office has already
>> gone through.
>>
>> Gary Little
>> H (952) 223-1349
>> C (952) 454-4629
>> xxxxx@comcast.net mailto:xxxxx
>>
>>
>> On Mar 26, 2012, at 5:13 AM, xxxxx@gmail.com
>> mailto:xxxxx wrote:
>>
>>> Hi everyone,
>>> I’m developing an encryption minifilter for MS Office Suite.
>>> I’ve already known that Office uses temp files for saving.
>>> I’ve done that in MS Word.
>>> But in MS Excel, I cannot get the name of the temp files it created.
>>> I did see it in FileSpy, something like: E:\A0265400 and the
>>> return value is OBJECT_FILE_NAME_NOT_FOUND.
>>> But I cannot catch it in my minifilter.
>>> I’ve searched the list and found that a lot people have the same
>>> problem with me, but I’ve not found the answer.
>>> Can any one give me the solution please? Thanks a lot.
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule of debugging and file system seminars visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>>
>> –
>> Regards,
>> Nhat
>> *
>> *
>> Hoang Xuan Quang Nhat
>> Faculty of Information Technology
>> University of Science - Vietnam National University HCM
>>
>> — NTFSD is sponsored by OSR For our schedule of debugging and file
>> system seminars visit: http://www.osr.com/seminars To unsubscribe,
>> visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
–
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
866.263.9295</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>
Mr Gary Little,
>Given that Office already has encryption available, how will yours be an
improvement? I won’t even ask if you intend to take your product through the
same QA and Beta process as Office has already gone through.
If you are selling a encryption solution; are you going to tell your client that we do not support office as it already have its own encryption.
Plus I do not understand what is the point of abusing an individual. This is not what this list is known for. You do not have any thing TECHNICAL to add or perhaps do not like a particular post; please do not reply. But kindly maintain the healthy environment here.
Now I am no admin or mod here; just a member like you. But at times you care for things you don’t really own…
>>If you are selling a encryption solution; are you going to tell your client that we do not support office as it already have its own encryption.
To further add; we once created a encryption solution for DELL; it used to go with every DELL (enterprise/individual) machine out there; the software job was to present a virtual drive and encrypt what ever user dumps into it. (so it could be anything/any format).
Now this is just not possible to test as their always be some more application/formats available. So what we did was to test our application with most popular applications. Your filter working with most popular and complex application ensures that when it goes in wild; chances of failure are far less.
Perhaps Gary’s statement was a little strong, but he expressed some fairly
common sentiments. If you are going to encrypt files, the you encrypt
files. Temp files are just files, and will be encrypted. Your encryption
has to support random-access read and write. If you have to magically
detect “Office Temp Files” as some weird special case, you will have to
worry about files created by other programs that might accidentally match
the files you are looking for, and you can’t couple it to Excel or Word;
third-party programs exist that use the automation interface (I even have
one I wrote for PowerPoint). You have to support encryption/decryption
universally, not just in some special cases you think you understand. So
this goes back to the original question…why would I buy a third-party
product that duplicates functionality I already have? And if the answer
is “You can install it on everyone’s machine so the encryption is
enforced” how does this have value-added compared to BitBlocker, which is
already installed?
And, are you encrypting the spelling dictionary? I can learn a lot about
your product plans from that! And are you encrypting the spooling file
when the document is printed? Thank you, I now have your complete
business plan for the next year, as well as the design document for your
next product.
You have to encrypt everything. If I steal your laptop, if I see the .doc
files are encrypted, I’ll see what I can find in the paging file and
search for deallocated disk blocks holding the last spooled listing.
It seems I’ve poked several large holes in the idea here; what I see is a
product that does not offer anything I do not already have (Office
encryption and BitBlocker). So why should I waste time reading about your
product, or any part of my budget buying it? And will it continue to work
perfectly with Office 2013?
joe
Mr Gary Little,
>>Given that Office already has encryption available, how will yours be an
improvement? I won’t even ask if you intend to take your product through
the
same QA and Beta process as Office has already gone through.If you are selling a encryption solution; are you going to tell your
client that we do not support office as it already have its own
encryption.Plus I do not understand what is the point of abusing an individual. This
is not what this list is known for. You do not have any thing TECHNICAL to
add or perhaps do not like a particular post; please do not reply. But
kindly maintain the healthy environment here.Now I am no admin or mod here; just a member like you. But at times you
care for things you don’t really own…
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
What year was this? For example, was it pre-BitBlocker? And there
should be no concern about files, application, or formats. Encryption
sees the file as a stream of bits, period. The caller might position the
seek point at any arbitrary offset in the file, and write an arbitrary
number of bytes to the file. If your encryption requires fixed block
sizes, you have to make sure the logical view the user sees is of N
sequential bytes, and you interpret SetFiePosition in terms of that
logical byte stream, not the physical representation. Support that, and
you don’t care what program is creating the file. If, at any instant in
time, you think of the file as having a particular structure, you have
lost.
Next week’s hotfix will invalidate that assumption.
joe
>>If you are selling a encryption solution; are you going to tell your
>> client that we do not support office as it already have its own
>> encryption.To further add; we once created a encryption solution for DELL; it used to
go with every DELL (enterprise/individual) machine out there; the software
job was to present a virtual drive and encrypt what ever user dumps into
it. (so it could be anything/any format).Now this is just not possible to test as their always be some more
application/formats available. So what we did was to test our application
with most popular applications. Your filter working with most popular and
complex application ensures that when it goes in wild; chances of failure
are far less.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>>What year was this? For example, was it pre-BitBlocker?
It was that XP to Vista transition time; so yes. The software could use finger print for authorization and used to save crypto keys in the TPM chip. I guess its still around (though can not comment for sure as I am no longer associated with the same organizaition).
>And there should be no concern about files, application, or formats. Encryption sees the file as a stream of bits
Exactly, that is what should have been told to the OP; that temp file is just a file; why does a filter bothers about a file name or extension.
Now to answer it from my project experience; we did not bother about formats; but as I said different application doing different interops need to be supported. For example.
User can copy paste a file to our drive with explorer and cmd (Just handle create, read , write correctly and it will work)
User wants to see and query attributes with explorer and cmd ( handle Directory control and query information for this, and yes cmd directory control params are different than explorer)
May use an Application to directly save a file; like office (Add set_info for rename to the architecture)
Bring recycle bin into picture (add set_info to delete and undelete).
So these applications are essential part of delivering a encryption filter; No matter how strong your driver is in theory; it has to work when a user is trying to save a file with his favorite app. And using your driver with such application is the way to ensure; it does. But I am sure you know all this, and i know what you said, so no idea where are we going with this discussion.
What you seem to be posting is a question of the form “My driver doesn’t
work, what did I do wrong?” There are an infinite number of answers to
that.
The issue we are all taking exception with is that you seem unduly
concerned about file names and Office products. An encryption minifilter
should encrypt everything, while still maintaining the proper file system
abstractions (such as seek and write or seek and read). It should not
care about the nature of the application, or the name of the file. If it
does, there is probably something seriously wrong in your approach. Yes,
it is true that apps like Word and Excel are pretty good stressors, and
anything which doesn’t support them has no future, but why, and you have
never said why, should a minifilter care in the slightest about the nature
of the app it is servicing? There is one abstraction: randomly-accessible
stream of bytes. If you can’t support that, it doesn’t matter what the
app is, you will have problems.
By the way, why are you not talking about supporting DreamWeaver-produced
HTML files, Flash files, PDF files, etc.? These are other interesting
apps. What about encrypting my C/C++ source files? Will your encryption
integrate well with version management systems, Visual Studio N (for any
value of N), OpenOffice, WordPerfect, the vi editor, Paint, PhotoShop,
audio files, multimedia files, and on and on and on. There is absolutely
nothing interesting about Office files except that Office can be a good
test case. So I fail to understand why you need to know the names of temp
files, or the format of Office files, or whatever. Either you are
encrypting or you are not, and the application should not care that the
files are being encrypted, and the encryptor should not care who is
creating the file.
But if you think only Office files need to be protected, IP thieves and
corporate espionage spies everywhere thank you. That live-video of the
CEO addressing the geographically-distributed Board of Directors on the
new company strategy is just what they were looking for. Not to mention
that AutoCad drawing of the product. And they aren’t encrypted because you
only encrypt Office files.
Go back to the basics. What are you doing and why are you doing it? You
have asked us about how to detect WHAT brand of superglue was used to hold
the wings on the successful pig (read Peter’s essay on how to ask
questions in a forum). Or, more specifically, you are asking us why your
gas chromatograph of unspecified brand cannot tell you what the brand of
superglue is because it doesn’t recognize certain kinds of polymers.
What we see is that you are focused on precisely the WRONG problem. And
nothing we seem to say appears to convince you otherwise. Expending time
and effort to duplicate capabilities that already exist is pointless. As
a buyer, I am not going to buy any solution that costs money, adds
complexity to my system, and has no guarantee of future support, when
Microsoft already has products that are fully supported and I already have
them, and they were installed with Windows or Office. You have to have a
serious value-added component to make this product interesting. And what
I (and I think others are seeing) is that you are trying to solve a
problem using about the worst-possible approach, and we are telling you
This Is Not A Good Idea. So you ask the same question over and over, and
get the same answer over and over. The project seems to be redundant with
free software. I once worked for a company that tried to compete with a
free product. That company no longer exists (big surprise!). I learned
the hard way that there is no future in building products no one wants to
pay for when they already have a free alternative; being 30% better is not
good enough (we were not 30% better, and it wouldn’t have mattered if we
had been; we more more like 10% better. I know. I did the metrics).
joe
Sorry, I’ve just started with minifilter, and the applications I chose are
ms office suite after finishing with notepad. And now, I have a problem
with Excel. This is the third times someone answers to me like this. I
wonder if were I wrong when posting that question here?On Mon, Mar 26, 2012 at 7:17 PM, Gary Little wrote:
>
>> Given that Office already has encryption available, how will yours be an
>> improvement? I won’t even ask if you intend to take your product through
>> the same QA and Beta process as Office has already gone through.
>>
>> Gary Little
>> H (952) 223-1349
>> C (952) 454-4629
>> xxxxx@comcast.net
>>
>>
>> On Mar 26, 2012, at 5:13 AM, xxxxx@gmail.com wrote:
>>
>> Hi everyone,
>> I’m developing an encryption minifilter for MS Office Suite.
>> I’ve already known that Office uses temp files for saving.
>> I’ve done that in MS Word.
>> But in MS Excel, I cannot get the name of the temp files it created.
>> I did see it in FileSpy, something like: E:\A0265400 and the return
>> value
>> is OBJECT_FILE_NAME_NOT_FOUND.
>> But I cannot catch it in my minifilter.
>> I’ve searched the list and found that a lot people have the same problem
>> with me, but I’ve not found the answer.
>> Can any one give me the solution please? Thanks a lot.
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
>
> –
> Regards,
> Nhat
> *
> *
> Hoang Xuan Quang Nhat
> Faculty of Information Technology
> University of Science - Vietnam National University HCM
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
Why do you presume the AUTHOR of the document is the one who wants to protect the document? This is where Office
encryption stops, and non-agnostic filters come in.
It seems I’ve poked several large holes in the idea here; what I see is a
product that does not offer anything I do not already have (Office
encryption and BitBlocker). So why should I waste time reading about your
product, or any part of my budget buying it? And will it continue to work
perfectly with Office 2013?
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
Peter was right. I did minifilter just for testing purpose. I’m not going
to implement a product to compete with MS Office. By the way, I am a
beginner, so I cannot handle all kinds of files now.
Anyway, thanks for all the replies.
Thanks Peter, I’ll dig into your solution.
On Tue, Mar 27, 2012 at 7:39 PM, Dejan Maksimovic wrote:
>
> Why do you presume the AUTHOR of the document is the one who wants to
> protect the document? This is where Office
> encryption stops, and non-agnostic filters come in.
>
> > It seems I’ve poked several large holes in the idea here; what I see is a
> > product that does not offer anything I do not already have (Office
> > encryption and BitBlocker). So why should I waste time reading about
> your
> > product, or any part of my budget buying it? And will it continue to
> work
> > perfectly with Office 2013?
>
> –
> Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
> http://www.alfasp.com
> File system audit, security and encryption kits.
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Regards,
Quangnhat
I did not imply you are making a competitive product, nor did the
thought ever occur, before Gary mentioned it. The question was meant for
Gary L.
Nhat Hoang wrote:
Peter was right. I did minifilter just for testing purpose. I’m not
going
to implement a product to compete with MS Office. By the way, I am a
beginner, so I cannot handle all kinds of files now.
Anyway, thanks for all the replies.
Thanks Peter, I’ll dig into your solution.
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
Thanks Dejan, that answer is for Gary L and Mr Newcomer.
On Wed, Mar 28, 2012 at 4:42 AM, Dejan Maksimovic wrote:
>
> I did not imply you are making a competitive product, nor did the
> thought ever occur, before Gary mentioned it. The question was meant for
> Gary L.
>
> Nhat Hoang wrote:
>
> > Peter was right. I did minifilter just for testing purpose. I’m not
> > going
> > to implement a product to compete with MS Office. By the way, I am a
> > beginner, so I cannot handle all kinds of files now.
> > Anyway, thanks for all the replies.
> > Thanks Peter, I’ll dig into your solution.
>
> –
> Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
> http://www.alfasp.com
> File system audit, security and encryption kits.
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Regards,
Nhat
Hoang Xuan Quang Nhat
Faculty of Information Technology
University of Science - Vietnam National University HCM
Hence my reference to BitBlocker, which takes the decision away from the
author and puts it in the hands of the system administrator who is
configuring the corporate desktops/laptops.
I have never asked if filters believe in any deity, so the difference
between an agnostic and non-agnostic filter has never concerned me.
But the idea of a filter encrypting ONLY Office documents seems remarkably
silly. But then, I’ve had to worry about corporate security in my career,
so I’m bound to be biased by realities of security. Most of the value on
my laptop, which would have made it a desirable target a decade ago, was
in non-Office files. I solved the problem by NEVER putting important
files on my laptop, so today, if someone were to steal my laptop, the only
value is the machine itself, and I never would have to call anyone and say
“remember that secure data I was supposed to protect…” which is not a
conversation I would ever want to have. There is no longer any DATA with
financial value on my laptop. And I am not going to discuss how I
implement solution(s) to this problem
Why do you presume the AUTHOR of the document is the one who wants to
protect the document? This is where Office
encryption stops, and non-agnostic filters come in.> It seems I’ve poked several large holes in the idea here; what I see is
> a
> product that does not offer anything I do not already have (Office
> encryption and BitBlocker). So why should I waste time reading about
> your
> product, or any part of my budget buying it? And will it continue to
> work
> perfectly with Office 2013?–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Again, why do you presume that is what a corporation needs? That only protects stolen hardware - something a
corporation is raaaarely concerned with, internally, since they have security guards to check whoever goes in/out.
What is not secure is the author - literally, filters are there to protect what the AUTHOR made FROM THE AUTHOR.
xxxxx@flounder.com wrote:
Hence my reference to BitBlocker, which takes the decision away from the
author and puts it in the hands of the system administrator who is
configuring the corporate desktops/laptops.
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
I guess you haven’t done much in the security domain. First, the
assumption that desktop machines are physically secure is almost always
false; I get a job as a janitor, I have free run of the place, I just
steal the hard drive. If the IT security people are too stupid to have
turned on disk encryption, I have everything I need in a small package I
can put anywhere and retrieve at leisure. And you have some real
fantasies about security guards, so I hope you never have to rely on them.
Second, one of most desirable targets for industrial espionage is the
laptop computer. End of discussion.
I do not “presume” what a corporation needs; I have been on several sides
of this, including designing physical security implementations that had to
“pass muster” with a huge multinational firm we we contracting with to
develop software for their unannounced and top-secret product. I had to
read their corporate security manual, cover to cover. I have carried my
laptop into and out of SERIOUSLY secure sites (the kind where a visitor
has to pass through three security checkpoints, where they have my name
and an FBI background check on file, and that was just to get to the
UNSECURED part of the building!) I went to one site where I had to send
the serial number of my laptop to their security people six weeks in
advance, and as it turned out the FBI contacted the manufacturer to make
sure the laptop of that serial number was registered to me. “Evidence
Tape” was placed over the USB, network, and modem ports, and getting out
at night required careful inspection to see that I had not tampered with
the tape (it was removed, and the whole process was repeated the next day,
for five days I was there). I once signed an NDA that was not “I could
tell you, but then I’d have to kill you”; this was more along the lines
that if I was thinking of telling you, I was contractually obliged to kill
myself. I’ve taught courses on how to attack Windows to DoD security
teams who need to know how to prevent the attacks. I’ve taught how to
build security auditing software, and the details of how it can be
defeated by rootkit attacks. And I’ve talked to other security
consultants who have walked out the front door with the corporate file
server on a dolly, with nary a question asked (one says it is fun to wheel
it into the CEO’s office four hours later). I’ve created hacking
scenarios guaranteed to not only get your competitor for the
executive-vice-president’s job not only fired, but put into prison. So
don’t try to explain the importance of internal and physical security to
me. For that matter, don’t try to explain security to me; been there,
done that. Been doing it since 1965, when I was 18, explaining to an
auditor how I could pretty much do anything I felt like to the banking
software, and by the time they caught up with me, I’d be a wealthy
resident of a country with no extradition treaty.
Now, please explain how encrypting Office files protects me from myself.
I’m missing something here. Maybe it’s because I know that it is
next-to-impossible to protect a logged in user from him/herself. Hence the
prevalence of ActiveX and JavaScript and email-attachment attacks.
joe
Again, why do you presume that is what a corporation needs? That only
protects stolen hardware - something a
corporation is raaaarely concerned with, internally, since they have
security guards to check whoever goes in/out.
What is not secure is the author - literally, filters are there to
protect what the AUTHOR made FROM THE AUTHOR.xxxxx@flounder.com wrote:
> Hence my reference to BitBlocker, which takes the decision away from the
> author and puts it in the hands of the system administrator who is
> configuring the corporate desktops/laptops.–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
You totally misunderstood me… (and part of it is my fault :))
Corporations have FED disks, whether hardware locked, TrueCrypt, BitLocker, whatever… they have some sort of
it (well… those corporations that survive)
The “security” you mention is something I had to go through in any Korean company just to get to the
presentation office, which had nothing interesting near it.
And Office security can, at best, protect the author’s work from other people. The point is to protect the
author’s work FROM THE AUTHOR. A corporation is not the author of the work, the worker is. A worker is not trusted.
Office encryption will not prevent the worker, who wrote the document, from tampering with it, copying it, seeing
it, etc. The entire idea of FS filters in this area is to make sure the worker does not copy the data outside of
that corporation’s “comfort zone”. They cannot, legally, stop him from revealing what he knows in his head (legally,
they can only sue him if he DOES do it already), but such things take time. Copying document data where it is not
supposed to be takes a second.
Dejan.
xxxxx@flounder.com wrote:
I guess you haven’t done much in the security domain. First, the
assumption that desktop machines are physically secure is almost always
false; I get a job as a janitor, I have free run of the place, I just
steal the hard drive. If the IT security people are too stupid to have
turned on disk encryption, I have everything I need in a small package I
can put anywhere and retrieve at leisure. And you have some real
fantasies about security guards, so I hope you never have to rely on them.Second, one of most desirable targets for industrial espionage is the
laptop computer. End of discussion.
I do not “presume” what a corporation needs; I have been on several sides
of this, including designing physical security implementations that had to
“pass muster” with a huge multinational firm we we contracting with to
develop software for their unannounced and top-secret product. I had to
read their corporate security manual, cover to cover. I have carried my
laptop into and out of SERIOUSLY secure sites (the kind where a visitor
has to pass through three security checkpoints, where they have my name
and an FBI background check on file, and that was just to get to the
UNSECURED part of the building!) I went to one site where I had to send
the serial number of my laptop to their security people six weeks in
advance, and as it turned out the FBI contacted the manufacturer to make
sure the laptop of that serial number was registered to me. “Evidence
Tape” was placed over the USB, network, and modem ports, and getting out
at night required careful inspection to see that I had not tampered with
the tape (it was removed, and the whole process was repeated the next day,
for five days I was there). I once signed an NDA that was not “I could
tell you, but then I’d have to kill you”; this was more along the lines
that if I was thinking of telling you, I was contractually obliged to kill
myself. I’ve taught courses on how to attack Windows to DoD security
teams who need to know how to prevent the attacks. I’ve taught how to
build security auditing software, and the details of how it can be
defeated by rootkit attacks. And I’ve talked to other security
consultants who have walked out the front door with the corporate file
server on a dolly, with nary a question asked (one says it is fun to wheel
it into the CEO’s office four hours later). I’ve created hacking
scenarios guaranteed to not only get your competitor for the
executive-vice-president’s job not only fired, but put into prison. So
don’t try to explain the importance of internal and physical security to
me. For that matter, don’t try to explain security to me; been there,
done that. Been doing it since 1965, when I was 18, explaining to an
auditor how I could pretty much do anything I felt like to the banking
software, and by the time they caught up with me, I’d be a wealthy
resident of a country with no extradition treaty.Now, please explain how encrypting Office files protects me from myself.
I’m missing something here. Maybe it’s because I know that it is
next-to-impossible to protect a logged in user from him/herself. Hence the
prevalence of ActiveX and JavaScript and email-attachment attacks.
joe>
> Again, why do you presume that is what a corporation needs? That only
> protects stolen hardware - something a
> corporation is raaaarely concerned with, internally, since they have
> security guards to check whoever goes in/out.
> What is not secure is the author - literally, filters are there to
> protect what the AUTHOR made FROM THE AUTHOR.
>
> xxxxx@flounder.com wrote:
>
>> Hence my reference to BitBlocker, which takes the decision away from the
>> author and puts it in the hands of the system administrator who is
>> configuring the corporate desktops/laptops
–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
I still don’t get it. The stated purpose is not to protect the author
from the author, but to encrypt the materials so the author cannot read
them after creation. Or that’s that I think I see here. The purpose is
to protect the nominal “owner” of the materials from having those
materials copied by or disseminated by the author. So how does the author
edit them? Because clearly the author needs read access, and as soon as
read access exists, copying is trivial. Even if you try to limit the
access to the original creating program (e.g. Word) I can still
print-to-file, and if that file is not encrypted, I have a document I can
disseminate. Or, I can ask that it be printed to a PDF formatter, in
which case I have a beautiful document that is easily copied. And you
absolutely must support multimedia files, AutoCad drawings, fifty
different printed-circuit-board layout programs, my FPGA CAD system, the
output from that FORTRAN program that lets me design new planar
transistors, the VHDL compiler files, including all intermediate files,
etc. How can the C compiler read files created by Visual Studio? How do
you distinguish a “dangerous” copy of some intelectual property from
checking it into the company’s secure version management system? How do I
send a copy of my sales analysis to the VP-sales? Especially when he’s in
Silicon Valley and I’m in Portland? (The answer is, I encrypt it using
his public key…but how does your program tell PGP is reading it and not
a copy comnand? How does it know that putting the encrypted copy on my
flash drive is OK, because I’m flying down tomorrow morning to make my
presentation to the CEO?)
Ultimately, it sounds like you are trying to implement a solution that
cannot ever be made to work “correctly” across a broad spectrum of usages.
By focusing on a couple trivial special cases (which I just gave a couple
workarounds for) you are thinking you have a general solution.
There are ways this is handled in the real world. I once had a raffle in
which the winner got a 2GB (at that time, a very large) flash drive. The
winner turned it down, because she had to go directly to work from where
we were, and posession of removable memory devices, including flash drives
and magnetic media, was not just a firable offense, but a criminal offense
as well. Epoxy in USB connectors works well. Presumably you could create
a filter driver that refused to allow removable media mounts in the file
system, or one that would log every byte wriiten to the removable media to
a security repository, and some poor individual would have to verify all
these transactions (the officemate of a friend went to the head of
security at their place of employment, and got permission to stage a
security violation. The next day, he brought his 18’ glass pole and
pole-vaulted over the electric fence, and the pole simply fell down
outside the fence. That night, he signed out, picked up the pole, and
left. Three days later, he is confronted by the head of security. “How
did you do that?” was the question. So, officemate looks innocent and
says “Do what?” HoS says “Don’t screw around. I’ve already fired two
people over this, and the only reason I still have a job is because I had
that letter authorizing you to attempt a Red Team attack on our security”.
The question was, how did he sign out when he had never signed in? The
two people lost their jobs not because he managed this, but because it
took them three days to discover it. So having people validate removable
media transactions can be made to work, but it costs).
The problem is that the proposed solution is so much of a hack that it can
be trivially defeated, and it is also not strong enough to support the
general problem of security, but furthermore, now that it is explained,
seems to simpy make it impossible to do ordinary work.
You have to uderstand that I once consulted for several years with a
security company, and we did design reviews in which several of us found
similar problems with far more sophisticated schemes. It has taken far
longer to type the answers than it took me to see the problems, which was
at most a few seconds. I’ve even proposed far more sophisticated schemes
that our PhD cryptologist had completely demolished in less time than I
had taken on the first slide (we skipped the rest of my presentation, but
I had the excuse that I had only been on board a couple weeks. After two
years, the flaws in my first proposal were glaring, even to me).
joe
You totally misunderstood me… (and part of it is my fault :))
Corporations have FED disks, whether hardware locked, TrueCrypt,
BitLocker, whatever… they have some sort of
it (well… those corporations that survive)
The “security” you mention is something I had to go through in any
Korean company just to get to the
presentation office, which had nothing interesting near it.
And Office security can, at best, protect the author’s work from other
people. The point is to protect the
author’s work FROM THE AUTHOR. A corporation is not the author of the
work, the worker is. A worker is not trusted.
Office encryption will not prevent the worker, who wrote the document,
from tampering with it, copying it, seeing
it, etc. The entire idea of FS filters in this area is to make sure the
worker does not copy the data outside of
that corporation’s “comfort zone”. They cannot, legally, stop him from
revealing what he knows in his head (legally,
they can only sue him if he DOES do it already), but such things take
time. Copying document data where it is not
supposed to be takes a second.Dejan.
xxxxx@flounder.com wrote:
> I guess you haven’t done much in the security domain. First, the
> assumption that desktop machines are physically secure is almost always
> false; I get a job as a janitor, I have free run of the place, I just
> steal the hard drive. If the IT security people are too stupid to have
> turned on disk encryption, I have everything I need in a small package I
> can put anywhere and retrieve at leisure. And you have some real
> fantasies about security guards, so I hope you never have to rely on
> them.
>
> Second, one of most desirable targets for industrial espionage is the
> laptop computer. End of discussion.
> I do not “presume” what a corporation needs; I have been on several
> sides
> of this, including designing physical security implementations that had
> to
> “pass muster” with a huge multinational firm we we contracting with to
> develop software for their unannounced and top-secret product. I had to
> read their corporate security manual, cover to cover. I have carried my
> laptop into and out of SERIOUSLY secure sites (the kind where a visitor
> has to pass through three security checkpoints, where they have my name
> and an FBI background check on file, and that was just to get to the
> UNSECURED part of the building!) I went to one site where I had to send
> the serial number of my laptop to their security people six weeks in
> advance, and as it turned out the FBI contacted the manufacturer to make
> sure the laptop of that serial number was registered to me. “Evidence
> Tape” was placed over the USB, network, and modem ports, and getting out
> at night required careful inspection to see that I had not tampered with
> the tape (it was removed, and the whole process was repeated the next
> day,
> for five days I was there). I once signed an NDA that was not “I could
> tell you, but then I’d have to kill you”; this was more along the lines
> that if I was thinking of telling you, I was contractually obliged to
> kill
> myself. I’ve taught courses on how to attack Windows to DoD security
> teams who need to know how to prevent the attacks. I’ve taught how to
> build security auditing software, and the details of how it can be
> defeated by rootkit attacks. And I’ve talked to other security
> consultants who have walked out the front door with the corporate file
> server on a dolly, with nary a question asked (one says it is fun to
> wheel
> it into the CEO’s office four hours later). I’ve created hacking
> scenarios guaranteed to not only get your competitor for the
> executive-vice-president’s job not only fired, but put into prison. So
> don’t try to explain the importance of internal and physical security to
> me. For that matter, don’t try to explain security to me; been there,
> done that. Been doing it since 1965, when I was 18, explaining to an
> auditor how I could pretty much do anything I felt like to the banking
> software, and by the time they caught up with me, I’d be a wealthy
> resident of a country with no extradition treaty.
>
> Now, please explain how encrypting Office files protects me from myself.
> I’m missing something here. Maybe it’s because I know that it is
> next-to-impossible to protect a logged in user from him/herself. Hence
> the
> prevalence of ActiveX and JavaScript and email-attachment attacks.
> joe
>
> >
> > Again, why do you presume that is what a corporation needs? That
> only
> > protects stolen hardware - something a
> > corporation is raaaarely concerned with, internally, since they have
> > security guards to check whoever goes in/out.
> > What is not secure is the author - literally, filters are there to
> > protect what the AUTHOR made FROM THE AUTHOR.
> >
> > xxxxx@flounder.com wrote:
> >
> >> Hence my reference to BitBlocker, which takes the decision away from
> the
> >> author and puts it in the hands of the system administrator who is
> >> configuring the corporate desktops/laptops–
Kind regards, Dejan (MSN support: xxxxx@alfasp.com)
http://www.alfasp.com
File system audit, security and encryption kits.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer