Slashdot Mirror
Windows Vista To Make Dual-Boot A Challenge?
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
http://www.microsoft.com/technet/windowsvista/sec
Does it really matter? If you're going to format a drive as FAT32, it's already in your best interest to use Linux's version of fdisk rather than Windows XP's. Window's current fdisk limits FAT32 partitions to 32GB; this is entirely a software limitation, FAT32 allows for volumes up to 2TB. So unless Vista does something that prevents mounting a non-Windows formatted FAT32 drive, we should be fine.
Sadly, PS/2 was yet another victim of USB, which doesn't care what you plug into it, the electrical slut.
I appreciate that it's popular to bash MS (I'm just as guilty) but isn't this getting to be a step too far? They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.
Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/lib
People that believe in their opinions don't post AC.
Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?
The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.
Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.
Ok... I've been a linux fan for 10 years or so now. Haven't run anything but linux in about 7 years. But c'mon guys this is FUD.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:
http://www.microsoft.com/technet/windowsvista/lib
And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.
This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!
http://lwn.net/Articles/144681/
BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.
You may remove the tinfoil hat.
--David
Shocking.
Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.
Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.
I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.
Geez.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
This article appears to be completely uninformed. Bitlocker works on a volume basis, not on an entire harddrive (unless the harddrive only has one volume). In fact, in order to get Bitlocker to work for Vista you MUST have two volumes, one being the OS volume that is encrypted with Bitlocker, and the other is the system volume which cannot be encrypted with bitlocker. Nothing prevents you from having multiple volumes and only enabling Bitlocker for some of the Windows Vista volumes. You can have other volumes/partitions with Linux or any other OS you want. The only issue is that you will not be able to read the Bitlocker protected partitions from Linux. Isn't that kind of obvious? You can still have a unencrypted FAT32 partition for sharing data between Linux and Windows, or an unencrypted NTFS partition for one way sharing between Windows and Linux (write support for NTFS on Linux is still not reliable). As far as recovery, you will not be able to do that with Linux, you will have to do that with Windows. I guess I'm not seeing a real issue here.
Windows 2000 hoses the partition table and so does Windows XP. It would be pathetic to complain that vista beta is only doing this because its not complete yet. Honestly there's no reason to release a beta unless you get the partition table handling right.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.
Bitlocker is a whole-volume, hardware based encryption system (as opposed to file-specific techologies, such as Encrypted File System, which have overhead that requires a specific filesystem like NTFS. There is no filesystem specific overhead because it's transparent to the filesystem, and to the applications for that matter) -- there is no reason I am aware of for it to be tied to any specific filesystem, and it should encrypt FAT32 just as capably as NTFS.
Not only is this functionality optional, and requiring special hardware support, but it is a bonafide feature. The data of the world would be much safer if every laptop swiped, hard drive sold on ebay, and incident of unwanted physical access of machines couldn't give absolute access to every file on the machine.
Okay, first off, the article headline is HORRIBLY misleading. BitLocker will NOT ENCRYPT THE ENTIRE DRIVE. It is required that you have a ~100MB partition in order to boot off of, which will then in turn load the needed software into RAM and *then and only then* decrypt the encrypted partition.
r ary/plan/5025760b-0433-4ba1-a2f4-9338915fdb4b.mspx - Beta1 won't install on FAT32, but according to offical MS docs, it will (eventually, most likely))
Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.
FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:
1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 vs. http://www.microsoft.com/technet/windowsvista/lib
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.
FAT32 is nice for removable media. That's about it.
(</troll>)
Sorry, but since when does dual-boot mean "less secure"?
How many viruses are going to be stopped by preventing dual-booting? How many trojans?
Yeah, that's what I thought.
On the other hand, if you can convince a locked down Windows XP box to boot a Knoppix CD, you now own that box.
I think that is what they mean by "more secure".
Put this on your Windows install and make your common data-storage area ext2 or ext3 instead. If you start slinging around large (>2GB) files on a regular basis like I do, you won't have to worry about splitting/combining files.
20 January 2017: the End of an Error.