Slashdot Mirror
Windows Vista To Make Dual-Boot A Challenge?
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
Which is it, data sharing between two OSs or dual booting? Because I can dual boot just fine with current products and still not be able to share data. Not until NTFS for linux makes some more progress, anyway.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
http://www.microsoft.com/technet/windowsvista/sec
Does it really matter? If you're going to format a drive as FAT32, it's already in your best interest to use Linux's version of fdisk rather than Windows XP's. Window's current fdisk limits FAT32 partitions to 32GB; this is entirely a software limitation, FAT32 allows for volumes up to 2TB. So unless Vista does something that prevents mounting a non-Windows formatted FAT32 drive, we should be fine.
Sadly, PS/2 was yet another victim of USB, which doesn't care what you plug into it, the electrical slut.
I appreciate that it's popular to bash MS (I'm just as guilty) but isn't this getting to be a step too far? They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.
Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/lib
People that believe in their opinions don't post AC.
Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?
The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.
Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.
Ok... I've been a linux fan for 10 years or so now. Haven't run anything but linux in about 7 years. But c'mon guys this is FUD.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:
http://www.microsoft.com/technet/windowsvista/lib
And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.
This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!
http://lwn.net/Articles/144681/
BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.
You may remove the tinfoil hat.
--David
What happens is that none of those USB flash drives that have become so popular will work anymore -- not to mention iPods, which (I think) can't play music if they're formatted with something other than FAT32 or HFS+.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Shocking.
Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.
Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.
I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.
Geez.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
This article appears to be completely uninformed. Bitlocker works on a volume basis, not on an entire harddrive (unless the harddrive only has one volume). In fact, in order to get Bitlocker to work for Vista you MUST have two volumes, one being the OS volume that is encrypted with Bitlocker, and the other is the system volume which cannot be encrypted with bitlocker. Nothing prevents you from having multiple volumes and only enabling Bitlocker for some of the Windows Vista volumes. You can have other volumes/partitions with Linux or any other OS you want. The only issue is that you will not be able to read the Bitlocker protected partitions from Linux. Isn't that kind of obvious? You can still have a unencrypted FAT32 partition for sharing data between Linux and Windows, or an unencrypted NTFS partition for one way sharing between Windows and Linux (write support for NTFS on Linux is still not reliable). As far as recovery, you will not be able to do that with Linux, you will have to do that with Windows. I guess I'm not seeing a real issue here.
Windows 2000 hoses the partition table and so does Windows XP. It would be pathetic to complain that vista beta is only doing this because its not complete yet. Honestly there's no reason to release a beta unless you get the partition table handling right.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.
Bitlocker is a whole-volume, hardware based encryption system (as opposed to file-specific techologies, such as Encrypted File System, which have overhead that requires a specific filesystem like NTFS. There is no filesystem specific overhead because it's transparent to the filesystem, and to the applications for that matter) -- there is no reason I am aware of for it to be tied to any specific filesystem, and it should encrypt FAT32 just as capably as NTFS.
Not only is this functionality optional, and requiring special hardware support, but it is a bonafide feature. The data of the world would be much safer if every laptop swiped, hard drive sold on ebay, and incident of unwanted physical access of machines couldn't give absolute access to every file on the machine.
I'm sorry, but this seems to be a bit of a non-story
... I give it less than a month after release untill somebody has been able to figure out how to pull the data from there.
Mickeysoft can't stop anybody from boting anything. THe boot process is handled by the bios and the boot sectors on the disk, which can't be encrypted unless the bios cooperates.
If the bios cooperates, it still has to be able to read said boot sectors, and if it can read windows boot info, it can read linux boot info, or anything ELSE you want to put in there.
So "difficult to dual-boot" is as far as I can tell, CRAP.
As for sharing data between the two systems
i don't know if this is a troll or an actual problem, but how about you try -t vfat -o rw?
Stop Computers/Cars Analogies on S
Well, instead of moaning about the non-existence of something that you've clearly not checked for, you could always try this site, followed by this one, this one, this one, this one, this one, and this one, plus many others.
Okay, first off, the article headline is HORRIBLY misleading. BitLocker will NOT ENCRYPT THE ENTIRE DRIVE. It is required that you have a ~100MB partition in order to boot off of, which will then in turn load the needed software into RAM and *then and only then* decrypt the encrypted partition.
r ary/plan/5025760b-0433-4ba1-a2f4-9338915fdb4b.mspx - Beta1 won't install on FAT32, but according to offical MS docs, it will (eventually, most likely))
Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.
FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:
1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 vs. http://www.microsoft.com/technet/windowsvista/lib
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.
FAT32 is nice for removable media. That's about it.
(</troll>)
Another way to avoid encrypted file loss is to designate a recovery agent.
See also How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP
To add a recovery agent for the local computer
2. There is not a problem here. Bitkeeper (EFS with a name created by the marketing department) will not be enabled by default unless your company enables the policy. If your company does enable the policy, you should also create a Data Recovery Agent. This can also be done on a standalone workstation.
Bitkeeper is not "EFS with a name created by the Marketing Dept" but rather a very different sort of encryption scheme. EFS uses an encryption key stored within the CAPI store in the OS to encrypt individual files and folders. It is not at all good for full disk encryption, and using it for this purpose can/will cause a multitude of problems. Bitkeeper on the other hand is a full-disk encryption scheme similar to Utimaco, Safeboot or the commercial full disk version of PGP that utilizes an encyption key that is either loaded in a hardware TPM (Trusted Plafrom Module - a hardware key repository on the motherboard) or is alternatively loaded at boot time from a USB key.
3. If you can't access your ENCRYPTED data from another OS or boot CD, the encryption worked. Encrypting data involves risks just as leaving your important data unencrypted involves risks. Pick your poison and move on.
Actually, if you cannot access your encrypted data from another OS it simply means that you short-sightedly chose an encyption method that is not cross-platform compliant. There are plenty of encryption solutions (full-disk and file/folder based) that work cross-platform, just don't look for one to be provided with your Microsoft OS.
\/\/oobie
Sorry, but since when does dual-boot mean "less secure"?
How many viruses are going to be stopped by preventing dual-booting? How many trojans?
Yeah, that's what I thought.
On the other hand, if you can convince a locked down Windows XP box to boot a Knoppix CD, you now own that box.
I think that is what they mean by "more secure".
Feel free to call it BS, but drivers will need to be debugged and tested before they can be accepted by Microsoft for the WHQL stamp.
Vista 64 already has a working opt-out, done with an F8-key startup option, but it must be repeated at each reboot and cannot be made the default. If you forget to press F8 at exactly the right time when booting back to Windows, no Ext2 for you.
True.
DRM is going to cost them their majority market share. The more they make things suck, the less people will want to use them. WMP 10 is an indicator of where things are going. Check out this satisfied customer's opinion of it:
Then Digital Restrictions Management (DRM) started harassing me and asking to connect to the internet to check for licenses where none had been needed before. The worst part of this "upgrade" is how it poisoned the whole system and crippled Media Player Classic too.
How much more can they make things suck? Firewalls you can't configure, entire volumes encrypted and media players that don't play. What do they have to offer?
Who's going to buy this shit?
Things have never looked better for free software.
Friends don't help friends install M$ junk.
Put this on your Windows install and make your common data-storage area ext2 or ext3 instead. If you start slinging around large (>2GB) files on a regular basis like I do, you won't have to worry about splitting/combining files.
20 January 2017: the End of an Error.
Nobody in their right mind would run his OS on fat32, but if you're planning on dual-booting, you probably already have made an extra FAT32 partition, in which you dump the stuff you want shared.
You can even mount it in your home directory for easy access. (And on Windows you just use X:\ as your 'my documents' folder).
And I don't get your ranting about the security of NTFS vs. FAT32. With NTFS, anybody can boot Knoppix with captive NTFS (or a Windows-based LiveCD, if those exist) and overwrite explorer.exe with anything he likes. You're screwed if somebody has physical access, no matter what the OS or Filesystem is.
Indeed. And in fact you see a lot of implementations for windows of which a lot are based on the open-source code.
This shows that :
Meanwhile, the opensource community is trying to play nice with Microsoft's OS.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You can get pretty safe write support now via ntfsmount (FAQ entry).