Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : AY On 6/19/05, Miroslav Florensen wrote: I mentioned this behavior already with version v3.5.18. ? mid:[EMAIL PROTECTED] BT: https://www.ritlabs.com/bt/view.php?id=4739 AY I have added a confirmation to your bt report and my own AY observation about the *irony* of having an OTFE installation of TB AY that can be uninstalled - theoretically with all of its data AY (message base, address books, etc.) - by the TB uninstaller AY without ever being prompted for the OTFE identification, in my AY case a password. If I recall, EVEN Microsoft asks for a password for their encrypted .pst files :) -- Best regards, Goncalo Farias I'll inconvienence you when it's conveinient. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : ASK Hello Goncalo Farias everyone else, ASK on 19-Jun-2005 at 12:56 you (Goncalo Farias) wrote: If I recall, EVEN Microsoft asks for a password for their encrypted .pst files :) ASK If you delete them? That would be interesting. To remove them from outlook. But I might be wrong... I'll check it later today. -- Best regards, Goncalo Farias Gravity brings me down. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
On Saturday, June 18, 2005 at 7:22:00 AM [GMT -0500], Paul Van Noord wrote: I do not respect, or use, any software that removes user data upon an uninstall. I cannot imagine a single circumstance where removing the user's data with an uninstall would be positive. This should always be a purposeful and separate action from an uninstall action. I strongly agree here! -- -= Allie Martin =- The Bat!? v3.5.29 System Specs: http://www.ac-martin.com/sysspecs.htm -=-=- Daddy, what does FORMATTING DRIVE C: mean? Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
On Saturday, June 18, 2005 at 12:58:27 PM [GMT -0500], Roelof Otten wrote: But every Windows user can have his/her own master password. On this very pc, I have installed TB once (more would be silly), but when I'm logging on with admin rights then I'm using a password protected logon, so I don't need OTFE. When I'm logging on via my restricted user account, then I've got no login password, so I'm using OTFE there. I assume then that your Mail directory is in your protected user space? -- -= Allie Martin =- The Bat!? v3.5.29 System Specs: http://www.ac-martin.com/sysspecs.htm -=-=- Oxymoron: Rush hour. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
On Saturday, June 18, 2005 at 12:19:16 PM [GMT -0500], Avi Yashar wrote: Suppose you're wanting to uninstall TB, but there are three Windows accounts on the system, two with OTFE and one with plain. Would you have the uninstall ask only for the OTFE password of the account being used for the uninstall (if that's not the one with the plain message base) or would you have the uninstall ask for both passwords? Sorry, maybe I am tired and don't follow all of this, but, yes, I would ask for the appropriate password before deleting - or declaring an intent to delete - data that is encrypted for security reasons. It's possible to have TB! installed on a single machine that several users log in to. Each could be using the same TB! installation. However, they each use separate registry keys. One is using OTFE, while the others aren't. The administrator comes along and needs to uninstall TB!. What happens then. One user is using OTFE while he's using TB!. Should the administrator be prompted for the passphrase of that user? I use a number of apps whose configuration can be passphrase protected. These are anti-virus agents, firewalls, mailservers and such. Not one have passphrase protected uninstall procedures, the reasoning being that it's an administrator's action which is already secured. -- -= Allie Martin =- The Bat!? v3.5.29 System Specs: http://www.ac-martin.com/sysspecs.htm -=-=- OS/2 is the operating system of the '90s - Bill Gates Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
6/19/2005 7:58 AM Hi Avi, On 6/19/2005 Avi Yashar wrote: AY Alexander, one of the main reasons for encrypting a data base is AY because others might get access to your computer for one reason or AY another. Realistically speaking, these things happen; and, if I were a AY betting man, I would bet that they even happen to you too. You would lose your bet with me. I have management techniques that disallow physical access to my machines without permission. I use the Bat! Private Disk and enjoy the luxury of encryption for all my sensitive stuff without dependence on NTFS or the management of any software. It works seamlessly for all programs. I suggest you try it! Living life is much more enjoyable when we seek solutions rather than carp about the things we can't control. -- Take Care, Paul The Bat! v.3.0.2.10 on Win2k SP4 Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
On Sunday, June 19, 2005 at 7:03:34 AM [GMT -0500], Avi Yashar wrote: Alexander, pardon me, but it seems like you are dancing around the point. Running the uninstall script of TB is the same as accessing TB - it is like being within TB. And so it makes no sense that TB will ask for a password to run TB, where you would have power then to delete messages and address book entries, but TB lets you do the same thing without a password if you access it via TB's uninstall script. The point Alexander is making is that the administrator can delete an entire user's space including all files and data within it. That's the administrator's privilege. Your passphrase protected GMail account could be easily deleted and all mail removed without your personal bidding. You're mixing the two security domains and I don't see how you can. -- -= Allie Martin =- The Bat!? v3.5.29 System Specs: http://www.ac-martin.com/sysspecs.htm -=-=- Black Holes were created when God divided by zero. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : ASK Hello Avi Yashar everyone else, ASK on 19-Jun-2005 at 09:43 you (Avi Yashar) wrote: So are you saying that an application that can - and does - ask for a password before opening up cannot also ask for a password before uninstalling itself? Because if you are saying that, then I will have to dig up examples of other applications that do demand a password before you can uninstall them. ASK You don't need to do that. I don't want to stretch this ASK discussion based on what if and possibly maybe scenarious any ASK further as long as our initial understanding of security seems to ASK differ so much. ASK I'll stick with my point that a working security concept includes ASK that no other person (other than an administrator) has access to ASK your computer to install or remove programs. Thats like locking ASK the inside doors of your house while not putting the keys away, ASK and leaving your front door open at the same time. Well, you may have more than one user with an administrative role in a single computer. -- Best regards, Goncalo Farias Macintosh: Computing as designed by Rube Goldberg. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re: Re[2]: OTFE Woes
On 6/19/05, Allie Martin [EMAIL PROTECTED] wrote: It's possible to have TB! installed on a single machine that several users log in to. Each could be using the same TB! installation. However, they each use separate registry keys. One is using OTFE, while the others aren't. Okay, this much I understand. What I don't understand is how the OTFE capability arose in the first place. Who installed TB with OTFE capability and chose the master password? Wouldn't that be the administrator or someone with administrator privileges? Don't you need administrator privileges to install an OTFE TB? I have a Non-OTFE installation of TB on my computer. When I set up a new account in my Non-OTFE TB, I am not given the opportunity to use OTFE for that account. The administrator comes along and needs to uninstall TB!. What happens then. One user is using OTFE while he's using TB!. Should the administrator be prompted for the passphrase of that user? No. The administrator should be prompted for the master password. My understanding - and it could be wrong - is that each account could have a different password, but there is a master password that is required just to launch TB. I use a number of apps whose configuration can be passphrase protected. These are anti-virus agents, firewalls, mailservers and such. Not one have passphrase protected uninstall procedures, the reasoning being that it's an administrator's action which is already secured. Well, I believe that I have seen the request for a password before uninstalling with other apps that I have used. But maybe I am mistaken. -- Avi Yashar Windows XP Pro SP2 and The Bat! Pro (No OTFE) 3.5.29 Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : Symantec AV has a password to uninstall ASK Thats the corporate edition, installed in full managed mode. Why ASK would the end user in a corporate environment be allowed to ASK fiddle with the AV, anyway? Maybe because the AV is interfering with non-workstation standard software needed for a specific task? ASK (you should be happy that you have a domain admin that was able to ASK configure the AV correctly and not permit end users to uninstall it:-) Well, the admin should have raise is standards and choose a better AV. Version 9 of Symantec's AV *only* detects 65K virus - BitDefender or Kaspersky's AV detect over 130K. I've seen situations where the latest Symantec signatures didn't detect a couple of know virus, acknowledge by both Kaspersky and Bitdefender. Also, Symantec AV is rather sluggish... -- Best regards, Goncalo Farias No matter what happens, someone always knew it would. Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : ASK Hello Goncalo Farias everyone else, ASK on 19-Jun-2005 at 14:19 you (Goncalo Farias) wrote: Well, you may have more than one user with an administrative role in a single computer. ASK An admin is an admin is an admin. ASK Given that there would be a scenario where you cannot trust the ASK admin (and I wonder where that would be), would you store ASK sensitive data on that computer? Sometimes you just have to. -- Best regards, Goncalo Farias OFFLINE 1.50 Chevys forever!! Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
Hello Natasha, Monday, June 20, 2005, 1:29:32, you wrote: GF IMHO, OTFE should be defined on an email account basis, independently. Supported. Is there a wish on BT for this? We can't do that, because there are global settings (related to all accounts) that we have to protect as well. -- Best regards, Maxim Masiutinmailto:[EMAIL PROTECTED] Current beta is 3.5.30 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
On Sunday, June 19, 2005 at 5:15:15 PM [GMT -0500], Natasha V Pearce wrote: Want to protect your hand-painted campaign map showing all the heroic exploits of your watermelon army from being defaced or destroyed? Your giant watermelon story is so intricate, you make me wonder... ;) -- -= Allie Martin =- The Bat!? v3.5.30 System Specs: http://www.ac-martin.com/sysspecs.htm -=-=- It is not only fine feathers that make fine birds. Current beta is 3.5.30 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re: Re[2]: OTFE Woes
On 6/20/05, Allie Martin wrote: On Sunday, June 19, 2005 at 5:15:15 PM [GMT -0500], Natasha V Pearce wrote: Want to protect your hand-painted campaign map showing all the heroic exploits of your watermelon army from being defaced or destroyed? Your giant watermelon story is so intricate, you make me wonder... ;) Yes, Natasha, and very perceptive also. I'm just wondering if you also discovered that I have planted genetically engineered squash near Adolf van Nerd's computer. Seriously, Natasha, your remarks were both illustrative and instructive. Thank you for your insight and for sharing it. -- Avi Yashar Windows XP Pro SP2 and The Bat! Pro (No OTFE) 3.5.30 Current beta is 3.5.30 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re: Re[2]: OTFE Woes
On 6/20/05, Maxim Masiutin wrote: GF IMHO, OTFE should be defined on an email account basis, independently. Supported. Is there a wish on BT for this? We can't do that, because there are global settings (related to all accounts) that we have to protect as well. Maxim, at this stage I would be content with the OTFE if the Message Finder did not hang interminably when searching my OTFE mail folders - taking much longer than it does to search the same non-OTFE mail folders. And, of course... if you ever get around to fixing the blighted Connection Centre. -- Avi Yashar Windows XP Pro SP2 and The Bat! Pro (No OTFE) 3.5.30 Current beta is 3.5.30 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
In reply to mid:[EMAIL PROTECTED] : PVN 6/18/2005 8:15 AM PVN Hi Avi, PVN On 6/18/2005 Avi Yashar wrote: AY On top of all this I have noticed one regrettable security lapse AY in OTFE. When uninstalling TB via the Control Panel, no password AY is required. In other words, anyone could conceivably come along AY and uninstall TB and wipe out the working directories, presumably AY including all of your message base... although for some puzzling AY reason the uninstall pattern seemed to leave my mail directories AY behind. PVN I do not respect, or use, any software that removes user data PVN upon an uninstall. I cannot imagine a single circumstance where PVN removing the user's data with an uninstall would be positive. PVN This should always be a purposeful and separate action from an PVN uninstall action. When it asks and the user consents? (just being a little democratic here) -- Best regards, Goncalo Farias W[h]ere know tagline as gone before Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re[2]: OTFE Woes
Hello Avi, Saturday, June 18, 2005, 12:19:16 PM, you wrote: but, yes, I would ask for the appropriate password before deleting - or declaring an intent to delete - data that is encrypted for security reasons. You are confusing uninstalling the program and deleting the data. They are totally separate operations, neither dependent on the other. -- Best regards, Dwightmailto:[EMAIL PROTECTED] Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
Re: Re[2]: OTFE Woes
On 6/19/05, Dwight A Corrin [EMAIL PROTECTED] wrote: Saturday, June 18, 2005, 12:19:16 PM, you wrote: but, yes, I would ask for the appropriate password before deleting - or declaring an intent to delete - data that is encrypted for security reasons. You are confusing uninstalling the program and deleting the data. They are totally separate operations, neither dependent on the other. Not so, Dwight. 1. When I go to the Control PanelAdd or Remove Programs and click the Change button, I get to the Setup Wizard for TBPro 3.5.26. 2. Clicking the Next button, I am presented with the option to Modify, Repair, or Remove. 3. Choosing Remove and clicking Next, I come to the Remove the Program screen, which has a checkbox at the bottom that is selected by default, but you can clear it. That checkbox option reads as follows: ~~~ Keep the working directory and all data files The Working Directorycontains all accounts, message bases and address books. Unchecking this box will delete all files from the Working Directory and all its subdirectories. ~~~ I attach a screen capture of this screen for your reference. My concern is that it makes little sense to have OTFE to maintain security of your data base on one hand and have an uninstall option that lets people uninstall that data base without the OTFE ID. I also observed that this concern is somewhat theoretical, because I believe that this uninstall option does not work as advertised. :-q -- Avi Yashar Windows XP Pro SP2 and The Bat! Pro (No OTFE) 3.5.29 Uninstall.gif Description: GIF image Current beta is 3.5.29 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/