MediaDirect is scary! Scarily insecure!

So yesterday I booted into MediaDirect directly from Power off for the first time. It booted up with a little delay, but it seems that it will get faster from next time. I clicked on Pictures, and I was shocked to see all my photos available for anyone to see without a password. These are photos I have put in My Pictures that I don't allow anyone access to, and MediaDirect just showed them in a slideshow like it ain't no thang.

Same with Videos. In fact, thinking about it now, I didn't check Instant Office to see if it would display all the Excel spreadsheets I have in My Documents.

How do I fix this? I don't want people getting access to my entire hard drive's contents, including personal photos etc using MediaDirect.

 

MediaDirect has password protection. Change the settings while in Windows

 

OK i did it. There was an option for a numerical password. But still, the default setting is very insecure.

Now is there any way to make Mediadirect play a Divx/Xvid AVI?

 

Like any OS, it is only as secure as the user makes it.

 

If you really want to secure your documents, encrypt them.

 

Spare me the sanctimonious BS.

 

I always find it funny how people who are faced with the truth call it "sanctimonious." Sure, it's easier to yell about how Dell sucks because MediaDirect is so unsecured despite the fact that it can be configured to be secure ...it's always easier to blame someone else than yourself for being ignorant and not looking into the problem. You're like the guy who tries to make millions when you receive one of those Nigerian scam e-mails and then goes crazy about how "the government isn't protecting you." Winner!

 

Agreed.
I used to work at a grocery store....and its funny how people take that saying.."customers are always right" to heart.

 

People who use that line are 99% of the time trying to do something underhanded.

 

Since we're speaking about Mediadirect, is it possible to change they lay-out of the music folders in MD? I want, for instance, all my Foo Fighters albums under one folder and not separated into several folders.

Is this possible? How?

 

It's the truth. Media Direct is a tool to launch things like media and office presentations quickly. Think of it like a webserver. It can display what you want with ease, but things you don't want displayed to the public you should keep them off of it. If I throw a text file of my SSN number and other important information on a website I'm just asking for trouble.

 

You are an annoyance.

Ever heard of "secure by default"? That is exactly why MS took such a drubbing with its OSes and improved security in XP, 2003 and Vista. There is no easily visible setting that allows you to set a password. I don't even know why you're being such a fanboy about this.

When you're setting up any OS, it asks you to set up a user account and password. There is no reason why MediaDirect shouldn't do the same, or inherit the settings from the Windows install since it obviously has some sort of credentials verification. If I have a password in Vista, I get the same password by default in MediaDirect. There. Not so insecure now, is it?

If I hadn't posed this question here I probably wouldn't have found out about the password option, being that it is buried under the Settings menu.

The fact is that you can go without setting up Mediadirect, and someone who knows about this hole can go up to any machine, press the MediaDirect button, and instantly have access to all your personal files. That is a security hole, like it or not.

 

Access to all your personal files? All they can do is look at it. If your documents are sensative, I highly doubt you would keep them unencrypted and without a password on your laptop. In fact, highly sensitive documents at my workplace aren't even allowed to leave the office. You need proprietary software to access them over a remote connection. And the only people that use the remote connection is geeks like me. Stuff like that doesn't even have the option to leave the office.

It's hard to call it a hole or exploit when the option to secure MediaDirect is available in plain text.

Beside, MediaDirect is only available on COMSUMER laptops, where ease of use is the big picture. This isn't even an issue on the business line.

 

Anyone interested in security and privacy of their documents really ought not to complain about a defaultly insecure configuration of a laptop which itself was never advertised as being secure, or suitable for use in a secure manner.

It is obvious to any reasonable person that the security of personal data is, by no coincidence, their personal responsibility.

The security 'hole' you posit is one of many ways of accessing a (Vista) user's documents without expressley entering that user's login credentials. Various 3rd-party recovery utilities can do so. I understand that Vista's own recovery console can also do the same. You can even boot from a USB drive or even a CD and copy users data across a network.

Such routes to data are well known. MediaDirect should hardly be 'exposed' as a security threat. It's a tool of convenience, not one of security. You cannot have both.

Anyone interested in securing their laptop will, minimally, have a BIOS password, encrypted data partition (to which they have moved their Documents folder) and a secure USB thumbdrive (e.g. an IronKey) to which they save their most sensitive documents.

Anyone who merely has a passing interest in privacy would do better to explore any aspects of a new machine which they have not fully used. A brief evaluation is just common-sense.

 

I'm not sure what all this "Secure by Default" nonsense is. I have recently re-installed my O.S. twice in two weeks and both times the first time I launched media direct in windows it ASKED if I wanted to set a password without me looking for ANYTHING. Maybe you expected a password to be set for you so that you had to guess what it was to be able to use the product? Or maybe you think it should have had a default password like that linksys or dlink or whoever router you bought that anyone can find out in about 30 seconds thus negating its security.

Cmon guy, take your medicine. You griped about something without doing the research and now your lashing out at everyone who says you were wrong.

P.S. The customer IS always right..... until they are wrong

 

So unless I buy something expressly marketed as "OMG Secure" I shouldn't have any expectation of even a modicum of security?

I guess we just won't see eye to eye on this. My view is supported by the fact that the market has dictated that even home OSes like Vista Basic are expected to be secure, even basic routers have 128-bit WPA encryption, and so on. I'm not saying that a cracker with a full set of tools could have been able to get into my documents, but rather that anyone passing by could, even after I've set a password, which sets a reasonable expectation of privacy and security.

 

i think Media direct created as a quick way to open your files....
so if only its created like Sony AV MODE its gonna alot better...
just in term of the locations of files it plays (just public users files)
IMHO MD is so much better than Sonys AV MODE (from visual, pointing device useable, etc....)

The main question is can i change my folders location?


thanks and sorry for my bad english

 

Mark,

It is secure if you choose for it to be secure. RTFM next time I guess.

 

Hey...I don't use MediaDirect..it was a problem for me from day one.
If it works for you though, that's great.

 

Does that not happen if you access Media Direct for the first time by booting directly into it?

 

Chelet,

I don't know I ran it while under windows first both times.

My above statement stands though, RTFM. I do know that I was able to add a password to my original dell install well after the fact.

Perhaps the thread author should write the memory stick companies and complain that if he/she looses a memory stick anyone can read the files on it because it wasnt encrypted or password protected by default. Maybe throw in those "market demands" facts too... That is a more likely scenario than the laptop falling in to the wrong hands.

Since I am on a roll here... Why are you complaining about someone's ability to view your files in the first place? If your laptop is stolen then forget about medi-direct... someone OWNS your machine. Encryption is the only way to go to protect against that. Just who are we trying to secure the machine from?

 

Read my post next time I guess, especially the Font Size 5 part. There's a difference between a reasonable person's expectations of security in a thumbdrive vs. a computer.

 

Come on people. It's an Inspiron, which is the consumer line.

Routers are by default unsecure. WPA is something you setup.

Your BIOS is by default, unsecure, unpassworded. Seriously. Goes to show consumer products are ease of use first, security second.

 

Dunno about most of you guys but media direct is wiped clean from the system when I do a full format and re-install of windows upon opening up a new dell machine.

I've never used it, I never plan on using it and from what I've seen from other owners it was a good choice to make as it's totally pointless.

 

I have a question, would a bios password prevent anyone from accessing mediadirect?

 

Lay off him, guys. It's a well-known fact that, like the female bear and her cubs, a man will rise up to the defense of his pornography in a terrifying manner.

P.S. At some point, you'll realize that you were the only person who didn't put two seconds of effort into figuring out how to do something and then complained about it. You know what I hate? I hate how Vista BY DEFAULT (and, yes, I know how to change it) asks you to confirm anything you do ...because of people like you, who have been downloading viruses and deleting their registries for years. Thanks. You guys are awesome.

 

I would assume so, since Media direct is just like any other OS. It get loaded after the BIOS. But I have no idea how it will protect your computer from resumes from sleep.

I was more irate by the sheer lack of rational in the title and post. Just because it doesn't lock automatically, mean it isn't secure?? Come on. Try making a post like that on the Apple forum. You'll need to call in some fire trucks.

 

While it SHOULD be common knowledge on how to secure your computer, it's not (as the OP has shown us).

It doesn't take an idiot to NOT know how to do something on a laptop like secure MediaDirect. It's not like he's asking what a mouse is or why it has a left AND a right button.

It may be a beginner/amateur problem to many, but obviously he didn't know how to solve the issue.

While it's good that the community here can help him fix that problem, it's very very bad that every single issue has to turn into a multi-page debate. This thread should've ended after post 3.

 

Yeah well, post 1 was a tech support question. We are past that. We are standing up to bad rational and protecting a company's product that does not deserve such a poorly supported statement against it.

 

The point is that this guy didn't know something. Which is fine. But then, after he finds out the answer, instead of just going, "OK, thanks, now I know," he goes off on how Dell sucks because THEY should have anticipated that HE SPECIFICALLY wanted it more secure (and is way more important than other people, who don't care). It's like if someone doesn't know how to turn on a faucet and then figures it out and then is like, "YOU HAVE TO TURN IT?! WHO DOES THAT?!?!?"

 

Are you serious? This a computer forum not a philosophical debate center. You're not staying on topic by the simple fact you added nothing to this discussion whatsoever, you just criticized the OP. Way to go.

Again, what was the point in this post? A double post for that matter. Next time write something worthwhile. The OP is clearly writing in larger font because he his frustrated how everyone is being so blunt and critical of his situation, and you are just adding fuel to the fire.

Back to the main discussion: Ease of use first = false. Vista? Right. Good one. Let's go through fifteen menus before we get to what we want.

MediaDirect does not ask for a password on first boot on my system, nor is there a clear easy way to find how to set one, perhaps it is different on other's? Only someone keen enough to go through various menus could do it, and most consumers are very computer illiterate. An older gentleman is going to save personal files on his computer assuming they are safe, he's not going to encrypt them because he won't know how. He isn't going to buy a business brand laptop because he's NOT IN A BUSINESS, and yes certain files of his will be available to anyone who presses the MediaDirect button. End of story. That's it. Clear and simple.

 

It's true. I'm constantly hitting the MediaDirect buttons on Dell computers owned by "older gentlemen" (what?) in attempts to find out secret media files they store. You have no idea of the gold I've seen. GOLD!!!! Grannie panties all over the place and he couldn't stop me.

 

Lol. It was just an example. Most people I know are computer illiterate and all have trouble with Vista doing simple tasks. Oh well.

 

Don't mind him. He likes to troll.

 

short of encrypting everything on your laptop, ur laptop is insecure:

laptop = portable, data can be stolen... BIOS password can be reset by removing mobo battery.... windows password can be bypassed by booting linux.... only an encrypted partition on ur hard drive..... can be decypted by brute force.... everything's just a temporary barrier to someone who wants to find out something

 

Juggernautica, some pople are only interested in trolling. I wouldn't be surprised if this PerfectPeach identity was created by kamehame to buttress his position. Just look at what kamehame is claiming I said versus what I actually said.

Put simply, kamehame is an annoyance and a troll and has been reported. I guess having his post deleted wasn't enough of a hint for him.

 

Shall we try to get back on track?

I would imagine many users have some expectation of security when using a laptop with Vista installed. That expectation may just be to prevent unauthorised casual use of their laptop, which is something Vista and XP manage quite well through the simple act of a login password.

It would be reasonable to surmise the further security measures, such as encrypting Documents / My Documents, could be learned by most users after some Googling under e.g. "vista security" or "vista encryption".

Any steps above this, such as encrypting whole HD's, or partitions, would only be needed by a small number of users, most of them being in the corporate sector. Such users generally have a professional IT department who would be able to secure a laptop to a reasonable standard.

The very few remaining home users who want absolute security are not largely going to be catered for by Dell, nor any other laptop OEM.

 

After reading this entire thread, the only suggestion I have is for the OP to pack up his computer and return it. You obviously do not have the proper mental capacity to handle the responsibilities of owning a computer and demands that come with it.

 

yes, I've read this entire thread too. If you want somebody to dictate your entire experience, get a mac (joking!).
Mark, seriously, people told you how to make it more secure, and you turned it into a rant. If you have files you don't want people to see, it's your responsibility for stopping them seeing it.
No "thanks for the help" or anything, just a blind, mindless rant into how dell is useless. Maybe you should have saved the rant, had it mentally, perhaps, and just let people give helpful suggestions, like they are here for!

 

Let it die already.

The guy has his answer and people being dicks by antagonizing him further isn't constructive in any way, despite whether he answered properly in his so called "rant."

 

I guess that means the majority of the U.S. should do the same, considering a very small percentage actually know how to secure their computers. Not everyone is like the people on this message board, who actually know a decent amount about what they are doing, perhaps you should widen your perception on reality?

http://www.harrisinteractive.com/NEWS/newsletters/clientnews/2006_AnchorFree.pdf

Just one study there, I could find more but I'm in a class right now. Peace.

 

I completely agree....there are a lot of people who shouldn't be behind a computer because they have absolutely no idea what they're doing.

 

I disagree. THe computer started out as a business machine. It is now a full fledged consumer electronics item, like the boombox and mp3 player. It will be THE most complex machine in the consumer electronics market. It is a simple fact that practically every family that can afford a computer is gonna get one, because it is an immensely useful tool. But people are gonna realize, they have to learn to maintain a computer just like a car (probably the next most complex item in their consumer lives).

People are willing to pay big bucks to get a car fixed, why not a computer? Well eventually, they are gonna learn to either get more literate or hire someone and quit doggy paddling. Live and learn. Or you can curl up and cry. Computers are either gonna get simpler by taking out features, or more advanced. More than likely, they are gonna get more advanced. And people are gonna eventually learn.

My little 12 year old cousin can figure out how to make tables and wordart on WinWord. It can't be THAT hard to dig through a menu. If you can memorize what's in your cursed file cabinet, then a second level menu item isn't out of your range.

 

I wonder if even encrypting the documents will make them secure in this case. Does anyone have encryption tools they want to try? I don't really know how encryption stuff works because I've never had to deal with it aside from using a SecurID for work.

MediaDirect obviously has some sort of authentication going on to have Vista let it into the users' folders. From what I remember, you can't boot from a Linux CD and access your documents, same with taking out the hard drive and adding it as a slave to an existing Windows install. You need the proper authentication for that.

 

BTW, Media Direct does NOT have some sort of authentication going on to have access to Vista's user folders. They are stored in plain ol text(unencrypted).

What encryption tools do you need? Have you tried the built in encryption tools? Right click a file/folder, select properties. Under the general tab, click advanced and check the encrypt box.

This prevents Media Direct from reading the files. It will also stop any mid level hacker from booting into Linux and seeing your files, although it won't stop them from copying them.

The encryption, in general, is strong enough that even if they get a copy of your encrypted file, that brute force tactics are useless against it.


In all, I suggest you just password your computer through BIOS. That probably takes the most effort to override, short of stealing your laptop.

 

I'm on the receiving end of this quite often. People approach me to 'fix their laptop' or to ask 'can you just reinstall Windows for me?', not realising how damn long the process takes (when done correctly). I tell them I charge £17.50 per hour and the job will take a minimum of 3 hours (for a reinstall). So many people are shocked because they think I'm just going to do it for free because I like 'messing with computers'.

I've been messing with computers for 23 years, at a great deal of cost to my social life

People also don't assign value to the tedium, frustration and monotony of doing even a basic Windows reinstall (even with all the drivers handy). They also fail to accept that it takes a genius-level of understanding in some cases to get a machine back up and running after a fatal hardware error.

Despite the fact that people consider a Windows reinstall to be a no-brainer, and therefore should be done for free during my leisure time, it never ceases to amase me when they stammer and stutter when I politely ask "if it's so easy, why aren't you doing it?".

The spluttered answer usually ends up being "I did, but it didn't work right".

 

Welll........

 

Vista Version?

 

This is like when people get viruses by opening file attachments from unknown senders and then go off on some rant about how Windows is so insecure and sucks. It's like you're announcing to the world that you don't know what you're doing and being proud of it.

 

hmm, yes. I think I see the problem. Oh wait, you noticed as well.
It's greyed out.
You know what, I have no idea why it would do that. Strange.