News Lock down your hard drives with Vista

[WilHarris]

http://www.bit-tech.net/news/2006/04..._drives_vista/

[Bindibadgi]

So, if your motherboard fails you've lost all your data and you probably might not be able to even format the disk.

Wonderful.

Seriously: How often is data compromised by the normal user because someone physically removed the disk? Apart from the authorities wanting to get at the info inside?? If someone nicks your PC, they generally tend to take the whole thing.
And and unless this Trusted chip actually does the hardware encoding/decoding of AES then it'll be another overhead for your CPU.

One up for kiddie fiddlers and terrorists. Great.

[DarkReaper]

i think it's probably intended more for business users who dump old drives. I know I personally wouldn't want it, hopefully this is an optional feature!

[GuardianStorm]

and what happens if you upgrade your mobo? burn it all to blue ray disks and then copy it back? even at blueray capacity disks that would take a good 6 or 7 disks per HDD...

[Bindibadgi]

Quote:

Originally Posted by DarkReaper

i think it's probably intended more for business users who dump old drives. I know I personally wouldn't want it, hopefully this is an optional feature!

So it's only gonna be avaliable on Vista Business, or whatever that sku is.

[HandMadeAndroid]

I cant see any computer system existing that does not allow for the authorities to access data should they wish to.

[sadffffff]

on formatting.. this wont stop you from formatting the drive. think about it, you take any EXISTING drive and no matter what kinda crazy encryption you throw on it, you'll always be able to grab fdisk or the hdd manufacturers utility and low level format it. on new drives: http://www.dailytech.com/article.aspx?newsid=1493 there MIGHT be some worry about that but even then i doubt it. also the drive i linked wouldnt use a mobo tpm module to encrypt.

on breaking the encryption.. people always judge encryption by the speed of todays computers. firstly, computers are constantly getting better and better performance. secondly estimates of time to break such encryption seems to go by brute force methods. remember, encryptions major flaw is that in order to use your data, you must be given the key to the encryption, in this case the tmp module is the key. and if an operating system can tell it to do things like encrypt/decrypt data, whats to stop a program from using it to do the same? you MIGHT have to have that particular tpm module, but thats not really a problem for the government to sieze if they want now is it?

i predict this encryption will be useless for any real security. its only 100% secure to the extent of physically taking a drive from a computer and slapping it in another computer, then stopping at that. just another thing for the over-paranoid computer nerds to use.

[Bindibadgi]

Didnt know if it encrypted the partition/boot section as well cause it seemed silly not to do it all. Low level format is the extreme and takes forever.

[mclean007]

(1) I'm sure it won't be compulsory - after all, how many desktop boards actually have tpm chips on them? Not a whole lot.

(2) Anyone who's seriously worried about the government seizing their computers (e.g. terrorists, child porn sharers) will already be using some kind of software encryption to guard against their data being exposed. All this will do is make it easier and (assuming the tpm chip takes on hardware encryption / decryption duties) less of a resource hog, which means more business laptop users (the true potential beneficiaries) are likely to use it.

(3) As any business / government agency which has had a laptop 'mislaid' will testify, the laptop is often of trivial value compared to the sensitive commercial information / state secrets it may contain. While an NT based OS (Windows 2000 or XP, on which most business laptops run) will protect the data from being viewed on the laptop without a proper login, it is trivial to pull the drive, take ownership of it on another PC, and read all the unencrypted data without restriction. Anything which makes this more difficult is a bonus for business and government alike, and I for one welcome it.

[Bindibadgi]

Desktop boards WILL get tc chips in them soon enough. I can see this working well for a corporate environment, but not for consumer.

If you have the laptop, you have the laptop containing the harddisk. If people are going to go into the effort to rip AES they're gonna go to the effort of bypassing a login

[Naked_Dave]

It seems to me this is designed for business, not for home users. Throwing away old disks is a pretty big problem for larger businesses, and government agencies like the MOD in the UK, as there could always be someone waiting to pick them out of the bin and steal the data! Currently this means either doing a low level format, or physically destroying the disk. A technology like this could save such people a lot of money.

[valium]

Sounds to me like Microsoft is touting all this new technology within Vista that we'll probably never see or hear from in its release. If they do indeed launch Vista without these technologies you can rest assured that you will have to pay for a license to upgrade to a version of Vista with a different name and a hefty price tag just to get the functionality they were talking about before release.

[gmarappledude]

I believe when creating and partitioning ext3 (linux) partitions there is an option for partition level encryption (could be reiser can't remember) . Never tried it myself but I can see that being useful for business laptops. It wouldn't be dependant on a particular motherboard just a password (I think, again, never used it). Perhaps someone can fill in the blanks.

[ozstrike]

It honestly wouldn't surprise me if the government had a way to get past any encryption they wanted. Either a backdoor or some massively fast computer that nobody knows about. But then I have just been reading Digital Fortress.

I don't think that it will be compulsary for all PCs, it will probably be optional, or only on the business versions of Vista.

[The Bart Man]

Use TrueCrypt. And you can do the same!. Ok no hardware feature bud software. Small delay bud not so big. And you ar not depending on the motherboard. With trueCrypt you can use a password or key or both and you can store the key on a USB stick or so. Seem more ussefull option than this one.

[Kaze22]

All encryption is susceptible to decryption end of story. But definitely a nice feature for common users, I’m always paranoids of losing laptops due to work related info stored on them, now I my mind can be at peace. Unless a Nasa super hacker steals your laptop you’re data is safe, good job Vista.

[mclean007]

Quote:

Originally Posted by Bindibadgi

Desktop boards WILL get tc chips in them soon enough. I can see this working well for a corporate environment, but not for consumer.

True, but the fact that Vista will be compatible with existing motherboards which do not sport TCP chips suggests that the feature will not be compulsory for those that do.

Quote:

If you have the laptop, you have the laptop containing the harddisk. If people are going to go into the effort to rip AES they're gonna go to the effort of bypassing a login

Not quite sure I follow this. What I was saying is that if you lose an unencrypted laptop, it isn't necessary for someone to bypass the login - they just tear out the disk and put it in another system and read the data off without any problems. It may be that the Windows login is actually the weak link with an encrypted system, so breaking the AES is not necessary (just hack the login instead), but I'd still rather, if I lost a laptop full of sensitive information, that it had drive level AES encryption than not.

Of course, the cynic would suggest that the best solution is not to lose your laptop in the first place, and not to let MI6 employees out on the beers with their business laptops.

[Kaze22]

Here's thing now we gotta all go and buy new laptops with the security mobo. LOL

[Bindibadgi]

No, it's not necessary, but id imagine that bypassing windows login is pretty easy in itself although it probably wont be windows and the login will be more secure. So, sure, for business this could be good but a pain in the arse for normal consumers. Lets hope they differentiate them.

A lot of lappys already have some form of TC chips in them - apple do, IBM and Dell do iirc (looooose iirc).

[-Xp-]

Quote:

Originally Posted by mclean007

it is trivial to pull the drive, take ownership of it on another PC, and read all the unencrypted data without restriction.

Why not just do it from the stolen laptop using a live CD or another install of windows over the top of vista?