Windows has security?

Perhaps you are mistaking this for some of the ridiculous DRM schemes that have recently become fashionable. I don't think that's what the original poster intended. I read it as being about a way that the *programmer* could specify how his data could be used, as an additional safety-net in case he tried to do something dumb like spew a credit card number into the error logs. Which seems jolly sensible to me.

And encryption does not automagically provide security. Your naivety here is touching, but dangerous.

And Dr. Hyde mused:

And encryption does not automagically provide security. Your naivety here is touching, but dangerous.

What? Encryption does not provide security? Maybe not "automagically", but neither would some security method that he is describing, it would be nothing more than "flock", unless it used encryption.

As far as the windows scheme to do it, I'm only hazarding a guess from memeory, because I don't even boot windows anymore. It's been years. But I remember hacking some registery entries, trying to find some software key, and windows had some sort of "encryption ring" in the registery, where software writers could put id's and keys ( and who knows what else) to prevent people from running programs without authorization. It could( and probably is) used to hide data from unauthorized access.

But considering how easy the crackers come out with patches to bypass all this "security", I would say it's worthless, except to keep the "honest guy honest". It won't stop the person with bad intent.

But proper PGP encryption of data is about as good as you will get, as long as you don't consider Tempest style snooping. (Which is probably more widespread than people want to admit.)

Encryption can form part of a secure system, but regardless of how good your encryption is you still need to manage your data safely, and if you don't manage your data safely your encryption becomes irrelevant. Consider that you need to decrypt your data if you are to use it. You now have plain text, in a variable, in memory, which you are going to pass around a few method/function calls. Plus you have your key, as plain text, in a variable, in memory. You're probably going to pass the data to some code that you didn't write. At this point, you wish that you could somehow set a flag on your data to prevent it being written to a file, for instance - even if you audit all the code, including all its dependencies, are you sufficiently sure you didn't miss anything? Security audits are Hard.

Three years ago there was a tax evasion case in Denmark where the police "broke" the encryption on some files on computers they'd seized. Turns out that they didn't break the encryption at all, they retrieved the data and keys from plain text left on the disks.