Forgot your password?
typodupeerror

Windows Vista To Make Dual-Boot A Challenge? 442

Posted by Zonk
from the have-to-raise-a-fuss dept.
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
This discussion has been archived. No new comments can be posted.

Windows Vista To Make Dual-Boot A Challenge?

Comments Filter:
  • by jZnat (793348) * on Thursday April 27, 2006 @06:50PM (#15216679) Homepage Journal
    Does Microsoft even realise they're being charged with illegal monopoly practises at the moment? Do they know that the EUC isn't going to let them get away with any illegal bundling while they're charging them? Sheesh...
  • by cp.tar (871488) <cp.tar.bz2@gmail.com> on Thursday April 27, 2006 @06:53PM (#15216703) Journal

    Yes... and what extra limitations on FAT32 can we expect in Vista?

  • No Sign Yet (Score:5, Interesting)

    by the linux geek (799780) on Thursday April 27, 2006 @06:55PM (#15216717)
    I've used every build of Vista or Longhorn ever released/leaked, and so far I have seen absolutely no extra "anti-Linux" default-disk-encryption thing. The bootloader also still works fine with chainloader +1. Since Vista has supposedly been "feature-complete" since build 5308 (now is on 5365), I'm not convinced this is anything but FUD.
  • by MindStalker (22827) <mindstalker@NOSPAM.gmail.com> on Thursday April 27, 2006 @06:57PM (#15216733) Journal
    Exactly, hell NTFS presents identical challenges, especially if its encrypted. Does Vista encrypt by default?
  • FileVault Anyone? (Score:4, Interesting)

    by jtshaw (398319) on Thursday April 27, 2006 @06:57PM (#15216734) Homepage
    I don't know exactly how this encrypted FS works in Vista but I imagine it won't be much more different then cryptfs in Linux or FileVault in OSX. When I boot into Linux on my Mac I can't get into the home directories for any of my users but I can certainly still share files....

    Anyway, most dual booters that go between Windows and Linux already have dealt with these issues due to the unfriendly nature of NTFS.
  • by PixieDust (971386) on Thursday April 27, 2006 @07:07PM (#15216814)
    And darn those pesky motherboard manufacturers for using a BIOS that includes the ability to put a boot up password. Thereby preventing us innocent and proud computer users from installing an OS onto our machine! This means war! Seriously. Since when is this: A. A new issue (NTFS, translating differences in file structure between OSes, etc) B. A "REAL" issue. It's not like there is a software bomb that will melt your hard drive if you type in an open source url in your web browser. C. Anything but another jolly "Hey let's hate on Microsoft because it's cool!" You are ENCRYPTING THE DISK. What do you expect to happen? I'm reminded of fools that set BIOS passwords, then scream at me beacuse suddenly there is a passworde on their computer and theyt can't access it. *Pixie tosses two red American pennies on the nearest table, and quietly walks out of the room.*
  • by PsychicX (866028) on Thursday April 27, 2006 @07:27PM (#15216963)
    Ah, I almost forgot. This document is the Microsoft whitepaper on setting up and using drive encryption for Vista. [microsoft.com] Skim through it. Notice that it's freaking huge. The setup procedure is involved and low level. This isn't the sort of thing that will automatically be put on by a ignorant user blindly clicking "Next".
  • by biendamon (723952) on Thursday April 27, 2006 @07:28PM (#15216972)
    I got off Microsoft entirely myself a few years ago. Believe me, you don't look back. There certainly are headaches with Linux, mind you; anyone who has struggled with dependancy hell knows that. But the pain of clearing up the latest spyware/adware/scumware/crapware or virus/trojan/worm/malware every damn day makes figuring out which dependancy you're missing seem like a breeze in comparison.

    I still use Windows XP at work because I have to, but recently several of our tools have migrated to platform-independent web apps we can access through any browser. I'm guessing our IT department took one look at Vista and decided to start making a transition to Linux easy.
  • I dream of the day (Score:3, Interesting)

    by Weaselmancer (533834) on Thursday April 27, 2006 @07:29PM (#15216980)

    I really do. If it was me in charge, first thing I'd do - day one - would be to either hire people currently working on the Wine project, or hire a bunch of other qualified people and have them contribute to it. Get Wine working, then get it working well. Get a contract with Transgaming too - have them help. Imagine a Mac that played all the Win32/DirectX games! You wouldn't have an excuse then, right? Then, I'd dump all that work back into the FOSS community so others could benefit, and have a brilliant super-compatible easy to use Wine built into the next Mac OS.

    Ahhh...how great it would be. And it's the best kind of dream. It's possible.

  • I see another problem here that'll be a pain in my neck even though I don't at all intend to use Vista myself. I fix other people's computers, and when somebody has an issue that keeps Windows from even booting a good way to fix it is to boot into another OS, like Knoppix. At very least using Knoppix is a good way to backup their data before a reinstall or something. This will prevent that from working.

    Also, on the note of using FAT32 so both OS'es can deal with each other's file systems; there is a native Windows driver for full read/write to Ext2/3 partitions that works pretty well. What I usually do is make three partitions; two small ones and one big one. Each OS goes on a small one and then I use Ext2 on the large one since it doesn't have the file size and naming restrictions FAT32 does.
  • by ergo98 (9391) on Thursday April 27, 2006 @10:31PM (#15218123) Homepage Journal
    For all of your criticism of FAT, NTFS provides -zero- security when the host Windows operating system isn't in charge (e.g. when you've dual booted, or even booted with a Knoppix disc, and that Linux install happily disregards NTFS ACLs). It's functionally no better than FAT32 in that very common scenario. Encrypted File System, really a more granular, earlier version of BitLocker, does offer data exposure protection, however it's really an application layer above NTFS, much like PGPDisk.

    1) BitLocker will ONLY work with NTFS.

    Given that BitLocker exists transparently under the file system, automatically encrypting/decrypting transparently, there is no technical reason for them to limit it to this. In fact, given the wide number of FAT32 removable storage devices, which people will likely want to encrypt, it seems very likely that BitLocker will support non-NTFS devices.
  • by Deathlizard (115856) on Thursday April 27, 2006 @10:38PM (#15218153) Homepage Journal
    Yes. I agree that this should be documented and standarized. It would make recovery a lot easier, but you and I know MS is not going to do that.

    Frankly, I don't see this being a big problem for Linux because MS encryption never goes to far in any company. NTFS encryption has been around since 2000 and I've yet to see a company swear by this system. This is going to be used by people who are paranoid about what's on their drives over recovering that said data and thats basicially it, and frankly this group will sleep easier knowing nothing else (including other windows versions) can access the drive.

    Also, keep in mind that BitLocker is not on by default, and Linux should have no problem reading FAT32 and Unencrypted NTFS partitions. If you want to read the drive in linux, don't encrypt it.
  • Re:Not in Vista 64 (Score:3, Interesting)

    by Sigma 7 (266129) on Thursday April 27, 2006 @10:45PM (#15218183)
    If the author can't afford $500 per year to get a driver signed, then it won't work in Vista 64.


    Which is moot to everyone who does not require fancy-userfriendlyness.

    WinZip and WinRAR can display the contents of an archive. It's not much of a jump to manually read the partition and display the contents in the same fashion - the only difference is that you write the code to work at the user level rather than a Kernel Level.

    BTW, drivers need to be debugged somehow. From the site you linked to:
    .
      Q. Why doesn't Microsoft allow digital-signature enforcement to be turned off by using group policy or by allowing users to choose whether signing should be enforced on their systems?
    A. The mechanism for disabling the check requires interaction with the user and machine in a manner that cannot be circumvented easily or programmatically bypassed. For example, if a group policy registry flag were provided, malware could simply turn off the enforcement flag. In answer to questions about allowing automated forms of "opting out" without signing: Windows does not currently have convenient opt-out mechanisms that cannot be easily exploited by malware. Microsoft is considering additional enhancements in order to provide secure opt-out mechanisms that are not easily exploitable by malware. We are also exploring mechanisms that will make it easier for test labs to test a kernel mode component during the development cycle.
     


    Feel free to call it BS, but drivers will need to be debugged and tested before they can be accepted by Microsoft for the WHQL stamp. If drivers are not signed, then you'd either have to trust all your developers not to leak the keys, or do a time consuming development process.
  • by TheNetAvenger (624455) on Friday April 28, 2006 @07:34AM (#15219754)
    Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

    Or, maybe we could actually put on a thinking cap and just not turn on BitLocker? Wow, what a concept...

    Does anyone get this? It is NOT TURNED ON UNLESS YOU TURN IT ON?

    So if you are Dual Booting, simply don't turn on BitLocker, because you would have NO reason to. Makes perfect sense to me, and I don't see any motive in this technology, and yes I have used it on test systems.

    Suggesting that people need to now go back to using FAT32 has nothing to do with BitLocker in this context.

    The article was VERY misleading to bait everyone here, and guess what, fools it did make. Go to www.microsoft.com or even wikipedia.com and read about what it is and why there should be no dual-booting tinfoil hat theories about it.

    Why argue about a security technology that will only be used by a few people with laptops or truly have secure data that they are only accessing from a Vista Machine.

    The article saying MS being anti-Linux because of this technology is the STUPIDEST thing I have read in a while.

    Does this mean MS is anti-WindowsXP because it sure as hell CANNOT read the data on a Vista Volume that has Bitlocker enabled either.

    I know it was the register, but how could someone be so stupid?

    In summary, Bitlocker is
    1) Optional
    2) Drive Level 128 or 256bit Security
    3) Not EVER turned on by default or EVER required to use Vista.
    4) Something that requires administrator access to Enable
    5) Not recommended for the 'average' user, per MS's instructions because a lost PIN literally means the data is lost.
    6) MS also explains not to use it on ANY Volume you would want to gain access to from another OS, including WindowsXP, as it is not able to read a BitLocker secured drive either.

    So, if you are dual-booting, JUST DON'T USE IT, OK?
  • by TheNetAvenger (624455) on Friday April 28, 2006 @07:58AM (#15219831)
    One slight detail: Vista isn't out yet.

    Actually this feature is pretty much as set in stone as you can get. The guy writing the article knows little to nothing about bitlocker, especially baiting people into believing it has any anti-Linux intentions.

    As for it being a real feature and as the person above posted, they are correct and it is.

    I am truly looking at the help file for Bitlocker in Vista as I type this. (We have also tested BitLocker on several systems, it does what it is supposed to do, and it has to be enabled by the END USER, as their key/pin is used to encrypt the drive.

    And lets say as a goof Dell did enable this feature, and assigned a key and pin to the person buying the computer, all you do is type in your pin for access and then turn BitLocker off. (It can be turned on and off for the entire drive quite easily once it has been enabled.)

    It is 100% optional, and not something recommended for the average person, it also is not recommended for volumes that need to be access from another OS in a multi-boot environment, so just don't use it.

    You do realize it even locks out WindowsXP if you are dual booting WindowsXP and Vista and you use BitLocker to encrypt your Vista partiion?

    This is NOT an evil plan against other OSes.

White dwarf seeks red giant for binary relationship.

Working...