The Strange, Short Life and Death of ‘My Private Folder’

Microsoft has introduced a new application for Windows XP users, and even more quickly, killed it off. The app was free, but what was the company thinking?

A piece by Mark Hachman and Natali T. Del Conte at PCMag on Friday says that “If you’ve heard of Microsoft Private Folder 1.0, forget it. As of 2:30 p.m. Pacific Time on Friday, it no longer exists. Microsoft quietly added the free encryption utility earlier this month, and then just as quietly deleted it. The utility allowed users to encrypt and store files inside a private folder.” Cute, and according to Microsoft designed as a benefit (read: inducement) to customers who allow their computers to be verified as running an unpirated copy of Windows.

The trouble is, the program doesn’t work. Or as a Microsoft spokesperson puts it: “we received feedback about concerns around manageability, data recovery and encryption, and based on that feedback we are removing the application.” The problem, according to Microsoft is that if you forget the password there’s no way back into the files you’ve encrypted (such services usually use a key management system called EFS that allows system administrators to retrieve files if necessary.)

But actually the problem was more serious than that. According to a note posted to the bottom of the story, the application runs a service in the background to allow encryption/decryption, which slowed the system to a crawl by apparently using more than 90% of the CPU. And while some network administrators have worried that they would be inundated with users’ pleas for help after forgetting their passwords actually the problem seems to lie more in the poor software itself — users reporting losing files, spontaneously rebooting and corrupting the encrypted files

Maybe the biggest blow, however, is that the files aren’t really hidden. For one, the folder installs itself onto the desktop, a big bright shining “My Private Folder” visible to everyone (this can be deleted). For another, Humphrey Cheung at TG Daily reports that by booting into Safe Mode a user is able to see all the files in My Private Folder. (This could also be done by simply uninstalling the application.) They remain encrypted but if someone really wanted to, they could examine the files with a hex editor to pluck out any interesting looking stuff. Even the file names might be revealing enough.

So the spokesperson was right in saying “around manageability, data recovery and encryption”. But why did Microsoft release something, however small and toylike, that was so fraught with problems, bugs and silliness?

16. July 2006 by jeremy
Categories: Security, Software, apps | Tags: , , , , , , , , , , | Comments Off on The Strange, Short Life and Death of ‘My Private Folder’