[LINK] Stolen Laptop [was Re: Consumer computer security]

Rick Welykochy rick at praxis.com.au
Mon Jan 29 00:09:02 AEDT 2007

Johann Kruse wrote:

> You could upgrade to Windows Vista and use Bitlocker -
> http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx

Some quotes from that writeup:

"Recent government regulations have emerged that focus on data protection and
  the requirement for privacy. This legislation has a strong impact on organizational
  storage policies, especially for PC devices that have a relatively short lifespan
  and are often either portable or easily lost or stolen."

So, unless all Windows systems are replaced by Vista and employ the new
Bitlocker tecchnology, they will be in violation of this "strong impact
legislation"? Gwon, pull the other one. Windows systems will continue to
offer vague or no data and privacy protection as it always has done, with
out any worries as to what might be legislated.

"Q. Will BitLocker add any performance impact to a Windows Vista machine?
  A. It is too early to determine performance impact on the Windows Vista
     operating system; however, BitLocker is expected to have a negligible
     affect on day-to-day PC performance."

Heh? AES encryption and decryption cost CPU cycles. Copying data from one
AES encrypted file to another will be measureably slower than the equivalent
non-enrypted copy. Microsoft would know this already. We Mac and Linux
users know this. Even if the AES functions are performed on the chip,
DMA to/from the chip will take extra time. Why the spin?

"Unauthorized changing of the BIOS, master boot record (MBR), boot sector,
  boot manager, or other early boot components would cause a failure in the
  integrity checks and keep the TPM-protected key from being released."

You can kiss multi-boot systems goodbye. You can probably kiss running
Windows on an Intel Mac goodbye as well if you want to use this data protection
scheme .. well, would the Mac have the required chip? Doubt it.

Howard Lowndes wrote:

 >> "BitLocker leverages the 1.2 specification TPM chip"
 > Has anyone seen one of these on a mobo yet?
 > Or are they doing the right thing by avoiding them.

My guess is that MS will provide a software-based encryption scheme for
disks on Vista as well as that supported by the chip.


Rick Welykochy || Praxis Services

If you think good architecture is expensive, try bad architecture.
      -- Brian Foote and Joseph Yoder

More information about the Link mailing list