True Image Home 11.8027 major security breach!

Discussion in 'Acronis True Image Product Line' started by Britnash, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    Dear Acronis Technical Support,

    This is the first version of TI I have purchased since the days of version 8. I am worried about one thing, and disappointed by two other issues.

    First:

    It lets me explore my .tib files without having to enter the password for them! These .tibs (My Windows XP C drive and another .tib for my My Documents partition) are created through tasks. As part of the task they have a password set for them. I can verify this by opening one of the tasks in Notepad and seeing this for example:
    <?xml version="1.0" encoding="UTF-8" ?>
    <backup uuid="038F16AB-F17D-43CC-89DA-F8645CA4F0E3" version="1.0">
    <display name="System C backup" />
    <source strid="\local\hd_sign(2B629437)\part_sn(248D365F72248D6E)start(63)" />
    <target file="F:\System C backup.tib" />
    <options backup_acronis_svc="false" compression="maximum" password="001F5wJuCD4o4vk" />
    </backup>


    As you can see, there is the password (encrypted). But if I choose Open or Explore the .tib in Windows Explorer I can view all the files and copy them. Therefore, any malicious person can use this build of TI to get past the purpose of a password. Please let me know if I've missed something. Otherwise, I urge you to quickly release a build that will create .tibs that 11.8027 can't open.

    Secondly: Unlike TI 8, I can't start a task (.tis) by double clicking the task or opening it in TI. I now have to launch TI and find the task which takes 5 clicks, since the tasks are no longer on the TI home screen. I prefer tasks that I run manually, so this is a major step backward.

    Thirdly, and finally: although I can view my .tibs in Windows Explorer (as we well know from the above!), I can't Mount them. Despite them being simple backups of whole partitions, TI gives me the message: Specified archive cannot be mounted since it contains no partitions.

    Although TI 11 has some great points, I am really disappointed on the whole. Can you assure me these are known issues (or otherwise) which are being fixed, or should I ask for my money back and stick with TI 8?

    Many thanks.

    Edit: if it's any help, the archive password used is the same as my Windows XP User Account password. But I don't see how TI would "know" that and think "okay they're the same, we'll skip asking you a password."
     
    Last edited: Oct 28, 2007
  2. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    YOu should be able to mount any backup of a disk/partition. If you did a file backup, even if you selected all the files in a partition, you can't mount those. Are you saying the Mount feature doesn't work in ATI 11?
     
    Last edited: Oct 29, 2007
  3. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    You're quite right and thanks for the reply, the task is set to save files rather than the partitions. I will change that.

    My more important issue I will wait a bit longer for a reply; however, if I don't get one I will be publicising it like crazy all over the internet if I am correct, because Acronis need to take security breaches seriously.
     
  4. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    I think the password might be for altering the task, not for actually exploring it.

    Though it might be worth checking by logging on as a different user and seeing if it allows you to explore your other log on's tib files.

    Did you install this for all users or current user?

    I recall locking myself out of editing a task by forgetting a password.

    Colin
     
  5. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    Thanks bodgy for your response, no, the password function is to preserve the anonymity of the archive as the manual mentions. TI 8 doesn't let you explore or restore it until you enter the password; and the password is only asked partway through editing the task; and finally it would be strange to need a password to edit the task when it's already kept in the User Account's own folder anyway so that would make it unnecessary.
     
  6. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello all,

    Thank you for choosing Acronis Disk Backup software

    Britnash,



    We'd like to inform you that generally the program should ask for a password if trying to mount/explore password-protected archive. We have double-checked this and were unable to reproduce this issue. Could you please provide us with the screenshot of the step when you are assigning a password for the archive in Scheduled Task Wizard? Please submit a request for technical support with the attached screenshot and the link to this thread. We will do our best to help you as soon as possible.

    We are sorry, but this feature was implemented by design and therefore can't be changed back to the way it worked in Acronis True Image 8. You can also submit a request for technical support and express any suggestions about the program and what you think should be added/removed/modified to make the program suit your needs flawlessly. Please also provide the link to this thread. We will do our best to help you as soon as possible.

    As it was correctly mentioned by Shieber, only partition backups can be mounted.

    If you have any further questions concerning our software, please submit a request for technical support or post any of them on this forum. We will do our best to help you as soon as possible.

    Thank you

    --
    Eugene Bogdanov
     
Thread Status:
Not open for further replies.