I wouldn't call NTFS permissions a "bad security joke".
That is more than adequate for most situations.
You will not be able to use the stunt you suggest on my computer so
NTFS permissions is adequate and works very well.
You need to control access to the computer.
If you lose access to the computer you have violated one of The Ten
Immutable Laws of Security.
This is nothing new, I knew of this almost 30 years ago when I first
really worked with computers.
If more security than NTFS permissions is needed, you should be using
EFS.
Different strengths of security for different jobs.
Both work very well for their intended purpose and neither is a "bad
security joke".
Lastly your own EFS plan seems to have a major weakness.
--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar/
Malke said in
... Just delete them and move on. Restore
the files from backups.
Only if the backups were made BEFORE the user applied EFS to the
folders and files. If EFS was already applied then the backups will
also have the encrypted copies. You can probably restore the files
but they will still be encrypted. I once lost about 300MB of files
due to EFS for a fresh reinstall when I forgot to export the EFS
certificate to a floppy, and restoring them from backups didn't help.
They were still encrypted, I still had no copy of the EFS certificate,
so the files were still unusable.
You also have to be careful when making disk images and using EFS. If
the image program does a logical image by reading the files through
the file system then you won't be able to restore those files. Why?
Because the image restore will also go through the file system to
write the files but you won't have the EFS certificate yet in place.
Norton's Ghost, by default, does logical images because it reads the
contents of the files. You have to use its /IA command-line switch to
force it to read sectors instead (so you never use the file system to
get anything from that partition). DriveImage does sector reading (I
don't think it could even read through the file system if you wanted
it to).
So there are some hazards when using EFS. However, NTFS permissions
are something of a bad security joke for regulating who can read
files. All you have to do is move the hard drive to a different
system or do a parallel install of Windows. The SIDs used under the
old instance of Windows won't be defined under the other instance of
Windows so they don't get obeyed regarding permissions. How do you
enforce a permission for an account that isn't defined within that
instance of Windows? Permissions are only enforced under the instance
of Windows in which they were defined. So you have to use EFS to
protect your sensitive data to prevent someone from simply using a
different instance of Windows to get at your files. But be damn sure
to export your EFS certificate so you can do a restore later. Not
only do I export it to a floppy but I upload it to online storage. In
case the floppy gets lost or damaged, I still have the online copy.