FUD kills Windows "Private Folder" story

I recently heard about the new "Private Folder" tool for Windows - a beta release from Microsoft's downloads area. I tried it out and it was reasonably useful, in fact once I understood how it worked I was even going to recommend it to my partner who uses a shared login on her retail store PC but would like access to some private manager-only files without the bother of switching to and from a different user login.

However to my dismay I read a report that Microsoft had withdrawn the tool. Apparently parents didn't like the tool because it made it easy for their kids to hide secret files from them (can anyone say porn, bomb making, and school shoot-out plans?). Also business admins didn't like it because it didn't use the key-escrow feature that encrypted drives and folders use allowing admins to recover encrypted files after an employee forgets them or leaves.

I would say both these criticisms are weak - I don't think any kid if going to hide stuff on a computer using a shared login where there parents can see it. Any parent can just login and threaten to delete the private folder if the kid doesn't decrypt it because the folder has no special properties that prevent that. In fact it offers no more security than having a compressed ZIP file with a password set on it - a feature that is already in Windows XP and has been for a long time. Any kid can stuff their private files in such a ZIP, encrypt it and hide in on the file system somewhere their parents wont look. Arguably its even safer than a private folder because with the private folder you can still look inside at the file names, something that is not possible with an encrypted ZIP. But like I said, both ZIPs and Private Folders are easily deleted if a parent thinks there is forbidden contraband inside them.

The same argument applies to administrators of business computers - any user can create an encrypted ZIP and dump all their files into it. When the employee leaves there is no recourse to key escrow. Plus what if the employee created an encrypted folder on an external drive, used some other encryption system like PGP or the key escrow was never setup? My understanding of Windows encryption is they are still sunk. You can even install a virtual machine and use an encryption technology inside that for even more isolation.

So the message is, this little tool is just one of the many, many ways to hide data in a way that no one has control over - there is no generic Windows feature to prevent encryption of data - that's basically just not possible so I say the paranoid company or parent that doesn't want the private folder tool should set up their "kids" with an account that cannot install programs, cannot mess with regular Windows encyption (is there a way to disable ZIP support I wonder?) and that they have complete administrative control over. If anything Windows should be coming out with a specific user profile type that makes this easier, especially for parents, rather than forcing parents to deal with a hodge-podge of third party solutions.