Slashdot Mirror
Windows Vista To Make Dual-Boot A Challenge?
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.
It's not a big deal that they're doing this, afterall I won't be using Vista when it's released. Me and a lot of people I know will be migrating to Linux entirely and not looking back. Nobody I know wants to pay an arm and a leg to use an operating system that isn't going to contribute to bettering their current desktop experience. Those not migrating to Linux won't be upgrading from XP.
Did I miss something? Is this disk encryption going to be compulsory?
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Encrypting a filesystem prevents arbitrary operating system from accessing it!
I mean — what the fuck?! — isn't that the whole idea?
Once again, the headline is hideously misleading.
At least, according to Wiki.
As much as we all love to bash Microsfot, I'm guessing it's an optional feature.
The only reason I was considering Vista is because Microsoft have made sure DirectX10 won't run on XP.
Now if I also can't dual-boot then that's the last straw to drive me to a linux-only system.
And before anyone suggests it, no I don't want to be running Linux under a Microsoft VM.
The usual solution is to make a FAT32 partition of a couple gigs, or use a remote SMB share or my personal favourite: just don't use windows.
Tom
Someday, I'll have a real sig.
I take it you missed the recent story on how Vista's firewall is going to be "crippled" because the default config won't block outgoing connections - just like XP's, just like Mandrake's and RedHat's the last time I set up firewalls on them, just like my hardware firewall in fact.
Slashdot has long had a strong anti-MS bias. Fine, they've never made a secret of it. Recently however, they've started to allow it to warp the facts, which is not fine.
Sure, this may well make dual-booting more difficult, in that you won't be able to get at your data. Ever tried getting at data on an NTFS partition with Fedora? ZOMG! Fedora is trying to lock out Windows!
I've been here a long time, and it's sad to see how the site has declined from a site you could trust, to one that will print almost anything as long as it bashes MS or praises FOSS.
It's official. Most of you are morons.
A company plans to include a very useful encryption tool with it's next OS.
This is good news in terms of security and privacy, and therefore /. readers will welcome it.
Oh wait, no they won't, because the company is Microsoft. Microsoft is baaad, therefore everything they do is sinister and evil. You people always manage to find the dark lining to their every silver cloud.
It's the herd-mentality at work, folks.
Yawn.
Azural - instrumentals
One slight detail.
Drive encryption is optional. It's something you may configure while setting up the system for systems carrying sensitive or important data. It's not like a standard Vista install automatically encrypts the entire drive. That would be ludicrous.
Bruce Schneier may be a brilliant security guy, but like every other person (and company) on the planet, he has an agenda. Don't automatically trust the guy telling you stuff because it's embarassing to the person he's telling you about.
Seriously. we need a "Duh" Tag on this story.
That is the entire point of Bitlocker; Encrypt the drive so only the encrypting OS can decrypt it. Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?
Even if you move the bitlocked disk to another Vista machine, that machine wouldn't be able to read the disk without the decryption key, which I severly hoped you backed up.
We're dreading this feature in Vista becuase if its anything like XP encryption and it's easy to turn on, there's going to be a lot of unhappy students when we tell them "Your hard drive crashed and all of your files are unecoverable becuase you encryped the drive"
In Soviet Russia, Trojan exploits YOU!
the filesystems used in linux are free and open. MS is more than welcome to implement support for them in windows without having to pay a dime. The same is not true of the reverse situation.
MS does not support reading and writing to linux filesystems by choice to stifle interoperability. They keep their filesystems closed to the same end.
"You could look at BitLocker as anti-Linux. . . "
No, just anti-dual-boot. Microsoft makes their product more secure
Sorry, but since when does dual-boot mean "less secure"?
How many viruses are going to be stopped by preventing dual-booting? How many trojans?
Yeah, that's what I thought.
Or maybe they just don't see any value in spending money developing a feature only 0.0001% of customers are interested in, something better handled by a third party.
Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?
If any OS could read the encrypted drive given the key, then there would be no problem. The problem comes when Microsoft does not specify how to turn the ciphertext plus the key into the cleartext.
No, just anti-dual-boot.
Please explain to me how this is going to prevent you from dual-booting
Will it be possible to mount non-encrypted disks in Vista?
You're missing the point.
Even if the user is given a choice in the matter, are they going to understand that they're signing away their data to Microsoft?
That nice boy down the street that helped them recover their data with a reinstall so easily- are these fictional users going to understand that checkbox means their next screwup means their data is gone for good?
Linux disk encryption makes it just as hard for linux to dualboot windows.
No it doesn't. The bootsector and partition tables are most certainly NOT encrypted because then the system wouldn't boot.
In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.
I've got a better idea. Instead of trying to convince all those distributions that you're right and their wrong, why don't you just try and convince ONE distribution- say Microsoft- that they should support ext3 and cryptoloop out of the box.
They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.
You're missing something fundemental: The data is being secured from the user instead of from the bad guys.
That's not security- that's trusting Microsoft to keep your data safe.
If Microsoft were really as interested in security as they claim to be (and as you seem to believe), then they would publish the materials necessary to decrypt these volumes on other systems- especially for rescue circumstances.
The users that don't understand aren't going to be the ones dual-booting. Even if they do get the dual-boot bug, turning off the encryption is (most likely) just an annoying-but-managable reinstall away.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
In ten years you'll be saying exactly the same thing about replacing cocoa so you don't need a machine made by Apple ever again.
Way to go there, migrating to a locked in proprietary platform. Oh, and on top of that, one that's crippled to only run on mandated hardware.
But Apple are hip at the moment, so it doesn't matter.
Malike Bamiyi wanted my assistance.
Who dual-boots? A small subsection of the "geek crowd" who have some kind of moral objection with owning more than one PC ("but, I run Linux, I don't need a hundred servers to do the job of one!") or are too poor to do so. True geeks have more than one PC and find dual-booting to be annoying. That leaves the bulk majority of PC users: home owners and corporations. How many of them dual boot? Exactly. So, you've been shut out. Who cares as long as everyone else (the ones who really NEED to be protected automatically) are protected from not only harming themselves, but others. For a group so concerned with security, and bashing on endusers inability to grasp even the simplest technical knowledge, it never ceases to amaze me how quickly the complain when someone makes it easy on the people most needing of someone to lock their system down for them. Yeah, it's a runon. That's what you get when you read this far down in the comments section. Nosebleeds of comments, baby.
Which is more painful? Going to work or gouging your eye out with a spoon? Find out!
http://www.workorspoon.com
and an ext3 drive mounted by a hostile system will ignore security settings as well. the point of filesystem permissions is not to defeat a hostile system, but rather to allow admins to keep contorl of the machine and users to protect their files from other users.
Snowden and Manning are heroes.
Seems to me as if you're all talking about making it hard for yourselves. Why not simply take the opportunity to ditch Windows altogether?
What will likely happen is that when you a buy a computer, it will already be enabled.
Well it would be pretty hard to enable, unless they magically know who is buying the computer ahead of time,
The whole point is the END USER has to create their own key and pin/biometric at the TIME the drive is Encrypted.
So unless you see Dell becoming 1800 Ms Cleo, or see Gateway flying people to their factory just so they can enable the feature for that person, I think your tinfoil hat may be leading you down the wrong path...