Slashdot Mirror
Windows Vista To Make Dual-Boot A Challenge?
mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."
Does Microsoft even realise they're being charged with illegal monopoly practises at the moment? Do they know that the EUC isn't going to let them get away with any illegal bundling while they're charging them? Sheesh...
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.
Anti-competative! Predatory! Monopoly!
Don't worry, once Leopard comes out with Apple's own implementation of the Win32 API, no one will need Windows ever again.
Mmmuh-hahaha!
Did I miss something? Is this disk encryption going to be compulsory?
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Which is it, data sharing between two OSs or dual booting? Because I can dual boot just fine with current products and still not be able to share data. Not until NTFS for linux makes some more progress, anyway.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
I've used every build of Vista or Longhorn ever released/leaked, and so far I have seen absolutely no extra "anti-Linux" default-disk-encryption thing. The bootloader also still works fine with chainloader +1. Since Vista has supposedly been "feature-complete" since build 5308 (now is on 5365), I'm not convinced this is anything but FUD.
Encrypting a filesystem prevents arbitrary operating system from accessing it!
I mean — what the fuck?! — isn't that the whole idea?
http://www.microsoft.com/technet/windowsvista/sec
I don't know exactly how this encrypted FS works in Vista but I imagine it won't be much more different then cryptfs in Linux or FileVault in OSX. When I boot into Linux on my Mac I can't get into the home directories for any of my users but I can certainly still share files....
Anyway, most dual booters that go between Windows and Linux already have dealt with these issues due to the unfriendly nature of NTFS.
At least, according to Wiki.
As much as we all love to bash Microsfot, I'm guessing it's an optional feature.
I appreciate that it's popular to bash MS (I'm just as guilty) but isn't this getting to be a step too far? They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.
Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/lib
People that believe in their opinions don't post AC.
Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?
The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.
Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.
Ok... I've been a linux fan for 10 years or so now. Haven't run anything but linux in about 7 years. But c'mon guys this is FUD.
r ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx
First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:
http://www.microsoft.com/technet/windowsvista/lib
And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.
This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!
http://lwn.net/Articles/144681/
BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.
You may remove the tinfoil hat.
--David
A company plans to include a very useful encryption tool with it's next OS.
This is good news in terms of security and privacy, and therefore /. readers will welcome it.
Oh wait, no they won't, because the company is Microsoft. Microsoft is baaad, therefore everything they do is sinister and evil. You people always manage to find the dark lining to their every silver cloud.
It's the herd-mentality at work, folks.
Yawn.
Azural - instrumentals
Shocking.
Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.
Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.
I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.
Geez.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
One slight detail.
Drive encryption is optional. It's something you may configure while setting up the system for systems carrying sensitive or important data. It's not like a standard Vista install automatically encrypts the entire drive. That would be ludicrous.
Bruce Schneier may be a brilliant security guy, but like every other person (and company) on the planet, he has an agenda. Don't automatically trust the guy telling you stuff because it's embarassing to the person he's telling you about.
Ah, I almost forgot. This document is the Microsoft whitepaper on setting up and using drive encryption for Vista. Skim through it. Notice that it's freaking huge. The setup procedure is involved and low level. This isn't the sort of thing that will automatically be put on by a ignorant user blindly clicking "Next".
This article appears to be completely uninformed. Bitlocker works on a volume basis, not on an entire harddrive (unless the harddrive only has one volume). In fact, in order to get Bitlocker to work for Vista you MUST have two volumes, one being the OS volume that is encrypted with Bitlocker, and the other is the system volume which cannot be encrypted with bitlocker. Nothing prevents you from having multiple volumes and only enabling Bitlocker for some of the Windows Vista volumes. You can have other volumes/partitions with Linux or any other OS you want. The only issue is that you will not be able to read the Bitlocker protected partitions from Linux. Isn't that kind of obvious? You can still have a unencrypted FAT32 partition for sharing data between Linux and Windows, or an unencrypted NTFS partition for one way sharing between Windows and Linux (write support for NTFS on Linux is still not reliable). As far as recovery, you will not be able to do that with Linux, you will have to do that with Windows. I guess I'm not seeing a real issue here.
Seriously. we need a "Duh" Tag on this story.
That is the entire point of Bitlocker; Encrypt the drive so only the encrypting OS can decrypt it. Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?
Even if you move the bitlocked disk to another Vista machine, that machine wouldn't be able to read the disk without the decryption key, which I severly hoped you backed up.
We're dreading this feature in Vista becuase if its anything like XP encryption and it's easy to turn on, there's going to be a lot of unhappy students when we tell them "Your hard drive crashed and all of your files are unecoverable becuase you encryped the drive"
In Soviet Russia, Trojan exploits YOU!
"You could look at BitLocker as anti-Linux. . . "
No, just anti-dual-boot. Microsoft makes their product more secure
Sorry, but since when does dual-boot mean "less secure"?
How many viruses are going to be stopped by preventing dual-booting? How many trojans?
Yeah, that's what I thought.
Okay, first off, the article headline is HORRIBLY misleading. BitLocker will NOT ENCRYPT THE ENTIRE DRIVE. It is required that you have a ~100MB partition in order to boot off of, which will then in turn load the needed software into RAM and *then and only then* decrypt the encrypted partition.
r ary/plan/5025760b-0433-4ba1-a2f4-9338915fdb4b.mspx - Beta1 won't install on FAT32, but according to offical MS docs, it will (eventually, most likely))
Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.
FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:
1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 vs. http://www.microsoft.com/technet/windowsvista/lib
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.
FAT32 is nice for removable media. That's about it.
(</troll>)
In ten years you'll be saying exactly the same thing about replacing cocoa so you don't need a machine made by Apple ever again.
Way to go there, migrating to a locked in proprietary platform. Oh, and on top of that, one that's crippled to only run on mandated hardware.
But Apple are hip at the moment, so it doesn't matter.
Malike Bamiyi wanted my assistance.
Indeed. And in fact you see a lot of implementations for windows of which a lot are based on the open-source code.
This shows that :
Meanwhile, the opensource community is trying to play nice with Microsoft's OS.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
You can get pretty safe write support now via ntfsmount (FAQ entry).
One slight detail: Vista isn't out yet.
Actually this feature is pretty much as set in stone as you can get. The guy writing the article knows little to nothing about bitlocker, especially baiting people into believing it has any anti-Linux intentions.
As for it being a real feature and as the person above posted, they are correct and it is.
I am truly looking at the help file for Bitlocker in Vista as I type this. (We have also tested BitLocker on several systems, it does what it is supposed to do, and it has to be enabled by the END USER, as their key/pin is used to encrypt the drive.
And lets say as a goof Dell did enable this feature, and assigned a key and pin to the person buying the computer, all you do is type in your pin for access and then turn BitLocker off. (It can be turned on and off for the entire drive quite easily once it has been enabled.)
It is 100% optional, and not something recommended for the average person, it also is not recommended for volumes that need to be access from another OS in a multi-boot environment, so just don't use it.
You do realize it even locks out WindowsXP if you are dual booting WindowsXP and Vista and you use BitLocker to encrypt your Vista partiion?
This is NOT an evil plan against other OSes.