Windows Vista To Make Dual-Boot A Challenge? 442
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
Wait... (Score:4, Informative)
Non issue. (Score:5, Informative)
http://www.microsoft.com/technet/windowsvista/sec
Re:Whatever...try fat32 partition (Score:4, Informative)
Has everyone gone mad? (Score:5, Informative)
Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.
Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/lib
Re:Experience with Bitlocker (Score:5, Informative)
Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?
The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.
Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.
We're getting good at FUD too! (Score:5, Informative)
First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:
http://www.microsoft.com/technet/windowsvista/lib
And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.
This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!
http://lwn.net/Articles/144681/ [lwn.net]
BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.
You may remove the tinfoil hat.
--David
Re:Whatever...try fat32 partition (Score:3, Informative)
What you mean it could still be possible (Score:5, Informative)
Shocking.
Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.
Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.
I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.
Geez.
Bitlocker does NOT prevent dual booting (Score:5, Informative)
Re:Whatever...try fat32 partition (Score:5, Informative)
Re:Whatever...try fat32 partition (Score:5, Informative)
Bitlocker is a whole-volume, hardware based encryption system (as opposed to file-specific techologies, such as Encrypted File System, which have overhead that requires a specific filesystem like NTFS. There is no filesystem specific overhead because it's transparent to the filesystem, and to the applications for that matter) -- there is no reason I am aware of for it to be tied to any specific filesystem, and it should encrypt FAT32 just as capably as NTFS.
Not only is this functionality optional, and requiring special hardware support, but it is a bonafide feature. The data of the world would be much safer if every laptop swiped, hard drive sold on ebay, and incident of unwanted physical access of machines couldn't give absolute access to every file on the machine.
I just don't get it, Part III (Score:3, Informative)
Mickeysoft can't stop anybody from boting anything. THe boot process is handled by the bios and the boot sectors on the disk, which can't be encrypted unless the bios cooperates.
If the bios cooperates, it still has to be able to read said boot sectors, and if it can read windows boot info, it can read linux boot info, or anything ELSE you want to put in there.
So "difficult to dual-boot" is as far as I can tell, CRAP.
As for sharing data between the two systems
Re:Whatever...try fat32 partition (Score:3, Informative)
i don't know if this is a troll or an actual problem, but how about you try -t vfat -o rw [die.net]?
Re:Whatever...try fat32 partition (Score:2, Informative)
Well, instead of moaning about the non-existence of something that you've clearly not checked for, you could always try this site [fuckinggoogleit.com], followed by this one [swin.edu.au], this one [p-nand-q.com], this one [wolfsheep.com], this one [akucom.de], this one [sourceforge.net], and this one [crossmeta.com], plus many others.
Re:Whatever...try thinking right (Score:5, Informative)
Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.
FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:
1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 [theinquirer.net] vs. http://www.microsoft.com/technet/windowsvista/lib
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.
FAT32 is nice for removable media. That's about it.
(</troll>)
Re:Not only dual booting (Score:3, Informative)
Another way to avoid encrypted file loss is to designate a recovery agent.
See also How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP [microsoft.com]
To add a recovery agent for the local computer [microsoft.com]
Re:Story Title FUD... (Score:3, Informative)
2. There is not a problem here. Bitkeeper (EFS with a name created by the marketing department) will not be enabled by default unless your company enables the policy. If your company does enable the policy, you should also create a Data Recovery Agent. This can also be done on a standalone workstation.
Bitkeeper is not "EFS with a name created by the Marketing Dept" but rather a very different sort of encryption scheme. EFS uses an encryption key stored within the CAPI store in the OS to encrypt individual files and folders. It is not at all good for full disk encryption, and using it for this purpose can/will cause a multitude of problems. Bitkeeper on the other hand is a full-disk encryption scheme similar to Utimaco, Safeboot or the commercial full disk version of PGP that utilizes an encyption key that is either loaded in a hardware TPM (Trusted Plafrom Module - a hardware key repository on the motherboard) or is alternatively loaded at boot time from a USB key.
3. If you can't access your ENCRYPTED data from another OS or boot CD, the encryption worked. Encrypting data involves risks just as leaving your important data unencrypted involves risks. Pick your poison and move on.
Actually, if you cannot access your encrypted data from another OS it simply means that you short-sightedly chose an encyption method that is not cross-platform compliant. There are plenty of encryption solutions (full-disk and file/folder based) that work cross-platform, just don't look for one to be provided with your Microsoft OS.
Re:What the hell are you smoking? (Score:5, Informative)
How many viruses are going to be stopped by preventing dual-booting? How many trojans?
Yeah, that's what I thought.
On the other hand, if you can convince a locked down Windows XP box to boot a Knoppix CD, you now own that box.
I think that is what they mean by "more secure".
Re:Not in Vista 64 (Score:2, Informative)
Feel free to call it BS, but drivers will need to be debugged and tested before they can be accepted by Microsoft for the WHQL stamp.
Vista 64 already has a working opt-out, done with an F8-key startup option, but it must be repeated at each reboot and cannot be made the default. If you forget to press F8 at exactly the right time when booting back to Windows, no Ext2 for you.
DRM is going to backfire big time. (Score:3, Informative)
True.
DRM is going to cost them their majority market share. The more they make things suck, the less people will want to use them. WMP 10 is an indicator of where things are going. Check out this satisfied customer's opinion of it [advogato.org]:
Then Digital Restrictions Management (DRM) started harassing me and asking to connect to the internet to check for licenses where none had been needed before. The worst part of this "upgrade" is how it poisoned the whole system and crippled Media Player Classic too.
How much more can they make things suck? Firewalls you can't configure, entire volumes encrypted and media players that don't play. What do they have to offer?
Who's going to buy this shit?
Things have never looked better for free software.
Re:Whatever...try fat32 partition (Score:5, Informative)
Put this [fs-driver.org] on your Windows install and make your common data-storage area ext2 or ext3 instead. If you start slinging around large (>2GB) files on a regular basis like I do, you won't have to worry about splitting/combining files.
Re:Whatever...try thinking right (Score:2, Informative)
You can even mount it in your home directory for easy access. (And on Windows you just use X:\ as your 'my documents' folder).
And I don't get your ranting about the security of NTFS vs. FAT32. With NTFS, anybody can boot Knoppix with captive NTFS (or a Windows-based LiveCD, if those exist) and overwrite explorer.exe with anything he likes. You're screwed if somebody has physical access, no matter what the OS or Filesystem is.
Linux partition support under Windows (Score:4, Informative)
Indeed. And in fact you see a lot of implementations for windows of which a lot are based on the open-source code.
This shows that :
Meanwhile, the opensource community is trying [linux-ntfs.org] to play nice with Microsoft's OS.
Re:FAT32 (Score:4, Informative)