[Dshield] Microsoft DRM?
Pete Cap
peteoutside at yahoo.com
Thu Nov 15 22:54:26 GMT 2007
Valdis.Kletnieks at vt.edu wrote: On Thu, 15 Nov 2007 14:37:43 EST, Mark Owen said:
> Nope, but a better idea might be to just set the encryption attribute
> on the folder/files. It is AES encryption by default and done
> transparently at the file system level.
Note that if an intruder has a "presence" on the system (i.e. the code is
running on the system, as opposed to abusing an open share or similar from
elsewhere), then the code is running as the compromised user, which means that
it will be able to transparently read any/all files readable by that user.
Having said that, encrypting the filesystem is a *great* idea if your threat
model includes "reading by people other than the user" - for instance, a
stolen laptop...
I'm not so sure.
If the user already has access to the filesystem, then encryption AFAIK is obviated.
If you encrypt on a per-file basis, which is what I wanted to use DRM for, then the existing access controls still have to be met: in this case, a password and DRM key.
There are dangers (license server hanging) but I think these also exist if any of the critical servers dies (PDC, Exchange).
Best regards,
Pete
---------------------------------
Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now.
More information about the list
mailing list