Windows Vista To Make Dual-Boot A Challenge?

mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."

And another EU Commision lawsuit in 3... 2... 1...

[jZnat]

Does Microsoft even realise they're being charged with illegal monopoly practises at the moment? Do they know that the EUC isn't going to let them get away with any illegal bundling while they're charging them? Sheesh...

Re:And another EU Commision lawsuit in 3... 2...

[PsychicX]

One slight detail.

Drive encryption is optional. It's something you may configure while setting up the system for systems carrying sensitive or important data. It's not like a standard Vista install automatically encrypts the entire drive. That would be ludicrous.

Bruce Schneier may be a brilliant security guy, but like every other person (and company) on the planet, he has an agenda. Don't automatically trust the guy telling you stuff because it's embarassing to the person he's telling you about.

Re:And another EU Commision lawsuit in 3... 2...

[PsychicX]

Ah, I almost forgot. This document is the Microsoft whitepaper on setting up and using drive encryption for Vista. [microsoft.com] Skim through it. Notice that it's freaking huge. The setup procedure is involved and low level. This isn't the sort of thing that will automatically be put on by a ignorant user blindly clicking "Next".

Re:And another EU Commision lawsuit in 3... 2...

[TheNetAvenger]

What will likely happen is that when you a buy a computer, it will already be enabled.

Well it would be pretty hard to enable, unless they magically know who is buying the computer ahead of time,

The whole point is the END USER has to create their own key and pin/biometric at the TIME the drive is Encrypted.

So unless you see Dell becoming 1800 Ms Cleo, or see Gateway flying people to their factory just so they can enable the feature for that person, I think your tinfoil hat may be leading you down the wrong p

Re:And another EU Commision lawsuit in 3... 2...

[TheNetAvenger]

One slight detail: Vista isn't out yet.

Actually this feature is pretty much as set in stone as you can get. The guy writing the article knows little to nothing about bitlocker, especially baiting people into believing it has any anti-Linux intentions.

As for it being a real feature and as the person above posted, they are correct and it is.

I am truly looking at the help file for Bitlocker in Vista as I type this. (We have also tested BitLocker on several systems, it does what it is supposed to do, and it has to be enabled by the END USER, as their key/pin is used to encrypt the drive.

And lets say as a goof Dell did enable this feature, and assigned a key and pin to the person buying the computer, all you do is type in your pin for access and then turn BitLocker off. (It can be turned on and off for the entire drive quite easily once it has been enabled.)

It is 100% optional, and not something recommended for the average person, it also is not recommended for volumes that need to be access from another OS in a multi-boot environment, so just don't use it.

You do realize it even locks out WindowsXP if you are dual booting WindowsXP and Vista and you use BitLocker to encrypt your Vista partiion?

This is NOT an evil plan against other OSes.

What the hell are you smoking?

[schon]

"You could look at BitLocker as anti-Linux. . . "

No, just anti-dual-boot. Microsoft makes their product more secure

Sorry, but since when does dual-boot mean "less secure"?

How many viruses are going to be stopped by preventing dual-booting? How many trojans?

Yeah, that's what I thought.

Re:What the hell are you smoking?

[toddestan]

Sorry, but since when does dual-boot mean "less secure"?

How many viruses are going to be stopped by preventing dual-booting? How many trojans?

Yeah, that's what I thought.

On the other hand, if you can convince a locked down Windows XP box to boot a Knoppix CD, you now own that box.

I think that is what they mean by "more secure".

Re:Stupid

[Gorshkov]

No, just anti-dual-boot.

Please explain to me how this is going to prevent you from dual-booting

Whatever...try fat32 partition

[gbrandt]

Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

Re:Whatever...try fat32 partition

[cp.tar]

Yes... and what extra limitations on FAT32 can we expect in Vista?

Re:Whatever...try fat32 partition

[MindStalker]

Exactly, hell NTFS presents identical challenges, especially if its encrypted. Does Vista encrypt by default?

Re:Whatever...try fat32 partition

[SlashdotOgre]

Does it really matter? If you're going to format a drive as FAT32, it's already in your best interest to use Linux's version of fdisk rather than Windows XP's. Window's current fdisk limits FAT32 partitions to 32GB; this is entirely a software limitation, FAT32 allows for volumes up to 2TB. So unless Vista does something that prevents mounting a non-Windows formatted FAT32 drive, we should be fine.

Re:Whatever...try fat32 partition

[value_added]

Window's current fdisk limits FAT32 partitions to 32GB ... FAT32 allows for volumes up to 2TB. So unless Vista does something that prevents mounting a non-Windows formatted FAT32 drive, we should be fine.

Sure. For what values of fine is putting 32GB of data on a FAT32 file system a good idea?

Re:Whatever...try fat32 partition

[Carnildo]

For what values of fine is putting 32GB of data on a FAT32 file system a good idea?

When you've got 32GB of data you want to share between your Windows install and your Linux install. Say, your MP3 collection?

Re:Whatever...try fat32 partition

[ncc74656]

For what values of fine is putting 32GB of data on a FAT32 file system a good idea?

When you've got 32GB of data you want to share between your Windows install and your Linux install. Say, your MP3 collection?

Put this [fs-driver.org] on your Windows install and make your common data-storage area ext2 or ext3 instead. If you start slinging around large (>2GB) files on a regular basis like I do, you won't have to worry about splitting/combining files.

Re:Whatever...try fat32 partition

[LostCluster]

and what happens if FAT32 isn't supported by Vista?

Re:Whatever...try fat32 partition

[mrchaotica]

What happens is that none of those USB flash drives that have become so popular will work anymore -- not to mention iPods, which (I think) can't play music if they're formatted with something other than FAT32 or HFS+.

Re:Whatever...try fat32 partition

[cortana]

People will suck it down and buy MTP-capable devices. This has the bonus effect that the device will be able to prevent content from being copied off of it--helping fight those who would use their MP3 players and cameras as portable disks to infringe copyright.

Re:Whatever...try fat32 partition

[NetFu]

Uum, adoption (and sales) of Vista will absolutely CRAWL.

Microsoft isn't that stupid...

Re:Whatever...try fat32 partition

[EvilSporkMan]

You can put whatever filesystem you want on a floppy; ext2 works just fine, for example.

Re:Whatever...try fat32 partition

[SoloFlyer2]

IIRC Floppy disks rarely use fat32 ... too much overhead... fat16 or fat12 are better choices...

Re:Whatever...try fat32 partition

[ZachPruckowski]

you could also use non-journaled HFS, since there are drivers for that out for XP and will be some out for Vista sooner or later I assume.

Re:Whatever...try fat32 partition

[baadger]

I noticed the Vista beta installer hoses your boot sector with absolutely no regard for anything but other Windows partitions...nothing new but annoying none the less.

Re:Whatever...try fat32 partition

[Penguinoflight]

Windows 2000 hoses the partition table and so does Windows XP. It would be pathetic to complain that vista beta is only doing this because its not complete yet. Honestly there's no reason to release a beta unless you get the partition table handling right.

Re:Whatever...try fat32 partition

[Waffle Iron]

Even perhaps having a bug.

You know full well it isn't a bug. It's the same exact "feature" that has been shared by all in their OSes for the past 20 years. It's not in Microsoft's interest to make it any easier for users to stray from their ecosystem, so this intentionally designed limitation is not going to change.

Re:Whatever...try fat32 partition

[ergo98]

Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

Bitlocker is a whole-volume, hardware based encryption system (as opposed to file-specific techologies, such as Encrypted File System, which have overhead that requires a specific filesystem like NTFS. There is no filesystem specific overhead because it's transparent to the filesystem, and to the applications for that matter) -- there is no reason I am aware of for it to be tied to any specific filesystem, and it should encrypt FAT32 just as capably as NTFS.

Not only is this functionality optional, and requiring special hardware support, but it is a bonafide feature. The data of the world would be much safer if every laptop swiped, hard drive sold on ebay, and incident of unwanted physical access of machines couldn't give absolute access to every file on the machine.

Re:Whatever...try fat32 partition

[techno-vampire]

Right now, I'm using Win98SE and Linux. I just upgraded from RedHat 9 to FC 5. Under either version, I can mount my Windows drive, but no matter what arguments I give mount, it's still read only. So far, I haven't been able to find the magic incantation to allow write access to my FAT32 partition from Linux. Yes, I can put the files on my flash drive if they'll fit, but I shouldn't have to.

Re:Whatever...try fat32 partition

[kv9]

Under either version, I can mount my Windows drive, but no matter what arguments I give mount, it's still read only. So far, I haven't been able to find the magic incantation to allow write access to my FAT32 partition from Linux.

i don't know if this is a troll or an actual problem, but how about you try -t vfat -o rw [die.net]?

Re:Whatever...try fat32 partition

[Saint Stephen]

Windows obviously doesn't store the private key on the hard drive, because otherwise there's no point in encrypting it. But you could certainly give another operating system enough information to recreate the primary key and transparently decrypting it.

Re:Whatever...try fat32 partition

[glesga_kiss]

Exactly, this is a non-story. NTFS support in linux is not safe as far as I'm aware. All of the NTFS mounting tools I've tried have recommended mounting read-only unless you really have to.

And the other way? If you know of a Windows ext3 or Raiser driver, then please tell me. Basically, nothing has changed.

FAT32 is the only common ground both OS's have, and that sucks. It handles ungraceful shutdowns badly (chdsk001.dat anyone?) and has no ownership / execute flags whatsoever. As others have suggested,

Re:Whatever...try thinking right

[ScytheBlade1]

Okay, first off, the article headline is HORRIBLY misleading. BitLocker will NOT ENCRYPT THE ENTIRE DRIVE. It is required that you have a ~100MB partition in order to boot off of, which will then in turn load the needed software into RAM and *then and only then* decrypt the encrypted partition.

Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.

FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:

1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 [theinquirer.net] vs. http://www.microsoft.com/technet/windowsvista/libr ary/plan/5025760b-0433-4ba1-a2f4-9338915fdb4b.mspx [microsoft.com] - Beta1 won't install on FAT32, but according to offical MS docs, it will (eventually, most likely))
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.

FAT32 is nice for removable media. That's about it.

(</troll>)

Re:Whatever...try thinking right

[Lehk228]

and an ext3 drive mounted by a hostile system will ignore security settings as well. the point of filesystem permissions is not to defeat a hostile system, but rather to allow admins to keep contorl of the machine and users to protect their files from other users.

Re:FAT32

[Dave2 Wickham]

You can get pretty safe write support now via ntfsmount [linux-ntfs.org] (FAQ entry [linux-ntfs.org]).

Re:Whatever...try fat32 partition

[TheNetAvenger]

Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

Or, maybe we could actually put on a thinking cap and just not turn on BitLocker? Wow, what a concept...

Does anyone get this? It is NOT TURNED ON UNLESS YOU TURN IT ON?

So if you are Dual Booting, simply don't turn on BitLocker, because you would have NO reason to. Makes perfect sense to me, and I don't see any motive in this technology, and yes I have used it on test systems.

Suggesti

Anti-competative! Predatory! Monopoly!

[boxlight]

Anti-competative! Predatory! Monopoly!

Don't worry, once Leopard comes out with Apple's own implementation of the Win32 API, no one will need Windows ever again.

Mmmuh-hahaha!

I dream of the day

[Weaselmancer]

I really do. If it was me in charge, first thing I'd do - day one - would be to either hire people currently working on the Wine project, or hire a bunch of other qualified people and have them contribute to it. Get Wine working, then get it working well. Get a contract with Transgaming too - have them help. Imagine a Mac that played all the Win32/DirectX games! You wouldn't have an excuse then, right? Then, I'd dump all that work back into the FOSS community so others could benefit, and have a brilli

Re:Anti-competative! Predatory! Monopoly!

[labratuk]

In ten years you'll be saying exactly the same thing about replacing cocoa so you don't need a machine made by Apple ever again.

Way to go there, migrating to a locked in proprietary platform. Oh, and on top of that, one that's crippled to only run on mandated hardware.

But Apple are hip at the moment, so it doesn't matter.

It's not a big deal

[Parham]

It's not a big deal that they're doing this, afterall I won't be using Vista when it's released. Me and a lot of people I know will be migrating to Linux entirely and not looking back. Nobody I know wants to pay an arm and a leg to use an operating system that isn't going to contribute to bettering their current desktop experience. Those not migrating to Linux won't be upgrading from XP.

Re:It's not a big deal

[slashbob22]

I completely agree. The ONLY reason I have XP on my system is for playing the odd game. Truthfully it will not be a huge loss if I have to switch entirely to Linux. In fact it will be a net gain: of time.

Re:It's not a big deal

[biendamon]

I got off Microsoft entirely myself a few years ago. Believe me, you don't look back. There certainly are headaches with Linux, mind you; anyone who has struggled with dependancy hell knows that. But the pain of clearing up the latest spyware/adware/scumware/crapware or virus/trojan/worm/malware every damn day makes figuring out which dependancy you're missing seem like a breeze in comparison.

I still use Windows XP at work because I have to, but recently several of our tools have migrated to platform-indepe

Re:It's not a big deal

[techno-vampire]

Nobody I know wants to pay an arm and a leg to use an operating system that isn't going to contribute to bettering their current desktop experience.

This is exactly why my desktop still uses Win98 SE.

Huh?

[metamatic]

Did I miss something? Is this disk encryption going to be compulsory?

What you mean it could still be possible

[SmallFurryCreature]

to mount a non-encrypted disk in Vista in an older format that Linux can read and write too?

Shocking.

Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.

Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.

I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

Geez.

Re:What you mean it could still be possible

[Lesrahpem]

I see another problem here that'll be a pain in my neck even though I don't at all intend to use Vista myself. I fix other people's computers, and when somebody has an issue that keeps Windows from even booting a good way to fix it is to boot into another OS, like Knoppix. At very least using Knoppix is a good way to backup their data before a reinstall or something. This will prevent that from working.

Also, on the note of using FAT32 so both OS'es can deal with each other's file systems; there is a nati

Re:What you mean it could still be possible

[yourlord]

Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

the filesystems used in linux are free and open. MS is more than welcome to implement support for them in windows without having to pay a dime. The same is not true of the reverse situation.

MS does not support reading and writing to linux filesystems by choice to stifle interoperability. They keep their filesystems closed to the same end.

Re:What you mean it could still be possible

[drsmithy]

MS does not support reading and writing to linux filesystems by choice to stifle interoperability.

Or maybe they just don't see any value in spending money developing a feature only 0.0001% of customers are interested in, something better handled by a third party.

Linux partition support under Windows

[DrYak]

the filesystems used in linux are free and open.

Indeed. And in fact you see a lot of implementations for windows of which a lot are based on the open-source code.

• explore2fs [swin.edu.au] application that reads files from an ext2/ext3 partition, with LVM2 support
• ext2ifs [swin.edu.au] old project by the maker of explorefs2, native reading support of ext2/ext3 in windows NT and up
• ext2fsd [sourceforge.net] native reading support of ext2/ext3
• ext2ifs [fs-driver.org] NON-opensource (maybe violating GPL ?) native read/write support for ext2 (and ext3, but the driver could fuck-up the journaling if partition wasn't unmounted clean in linux). Has a nice GUI to assign drive letters to partitions.
• rfstools [p-nand-q.com] and GUI Yareg [akucom.de] application that reads files from an reiserfs partition.
• rfsd [sourceforge.net] - native reading support for reiserfs

This shows that :

• It is possible to add access to linux partition in windows
• Even write access is possible and currently the non-open source ext2ifs [fs-driver.org] provides a solution that can be read/written by both OS and which is a little better than FAT32
• although Windows has no propper device mapper but only Dynamic Drives, LVM2 data can still be accessed (although not with a native driver).
• None of this numerous attempt is done by Microsoft. This show how much they want to play nice with the others

Meanwhile, the opensource community is trying [linux-ntfs.org] to play nice with Microsoft's OS.

Re:What you mean it could still be possible

[mrsbrisby]

Will it be possible to mount non-encrypted disks in Vista?

You're missing the point.

Even if the user is given a choice in the matter, are they going to understand that they're signing away their data to Microsoft?

That nice boy down the street that helped them recover their data with a reinstall so easily- are these fictional users going to understand that checkbox means their next screwup means their data is gone for good?

Linux disk encryption makes it just as hard for linux to dualboot windows.

No it doesn't. The bootsector and partition tables are most certainly NOT encrypted because then the system wouldn't boot.

In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

I've got a better idea. Instead of trying to convince all those distributions that you're right and their wrong, why don't you just try and convince ONE distribution- say Microsoft- that they should support ext3 and cryptoloop out of the box.

Re:Huh?

[jaseuk]

Of course it won't be default.

Dell images hard drives. If they image everyone's hard drive with this encryption enabled, then every dell machine shipped will use the same encryption keys.

The default is surely going to be OFF and recommended only for laptop users.

Jason.

Wait...

[Scutter]

Which is it, data sharing between two OSs or dual booting? Because I can dual boot just fine with current products and still not be able to share data. Not until NTFS for linux makes some more progress, anyway.

Re:Wait...

[tomstdenis]

The usual solution is to make a FAT32 partition of a couple gigs, or use a remote SMB share or my personal favourite: just don't use windows.

Tom

Re:Wait...

[Anonymous Cowpat]

correction:

Not until Reiserfs for windows makes some more progress, anyway.

On that subject, are there any third party drivers allowing you to access reiser (and other) file systems from within windows?

Re:Wait...

[Isaac-Lew]

Captive [jankratochvil.net] does a suitable job of reading/writing NTFS partitions. you do need 2 NTFS driver files from Windows tho, so if you're a license purist then it's not the solution for you.

Re:Wait...

[sugar and acid]

As other people have said fat32 is the obvious standard. Also there is no way that microsoft is going to restrict fat32 reading ability in vista. Why, because every portable harddisk and flask drive tends to be fat32 formatted. Basically if Vista didn't support this, 90% of flash thumb drives would become obsolte overnight, and that will go down like a lead balloon. Also if they do, fat32 is open enough to allow someone to write a suitable driver in vista for it.

No Sign Yet

[the linux geek]

I've used every build of Vista or Longhorn ever released/leaked, and so far I have seen absolutely no extra "anti-Linux" default-disk-encryption thing. The bootloader also still works fine with chainloader +1. Since Vista has supposedly been "feature-complete" since build 5308 (now is on 5365), I'm not convinced this is anything but FUD.

News Just In:

[ettlz]

Encrypting a filesystem prevents arbitrary operating system from accessing it!

I mean — what the fuck?! — isn't that the whole idea?

Re:News Just In:

[tehshen]

I'm worried if BitLocker will be turned on by default, without the user knowing. "Hey, this Linux thing won't let me read my Windows files!"

Re:News Just In:

[tehshen]

That's great, the post directly below this one [slashdot.org] says that it won't be turned on by default. In that case, I'll go back to saying that I don't see what the problem is.

Re:News Just In:

[MoneyT]

To have the right key, you need the right program. I can't open PGP encrypted files without PGP, is it so supprising you can't open windows encrypted files without windows?

Non issue.

[klingens]

If Schneier, TheRegister and all those other attention w... had looked here before opening their mouths:
http://www.microsoft.com/technet/windowsvista/secu rity/bittech.mspx [microsoft.com]

4.1 Installation

As part of Windows Vista, BitLocker is installed automatically during OS install with Enterprise and Ultimate editions5. (Note that it is not automatically turned on.)

Who knew?

[RonnyJ]

Wow, who knew that choosing to encrypt a drive could make it hard to access??!

Once again, the headline is hideously misleading.

FileVault Anyone?

[jtshaw]

I don't know exactly how this encrypted FS works in Vista but I imagine it won't be much more different then cryptfs in Linux or FileVault in OSX. When I boot into Linux on my Mac I can't get into the home directories for any of my users but I can certainly still share files....

Anyway, most dual booters that go between Windows and Linux already have dealt with these issues due to the unfriendly nature of NTFS.

It will only be in Enterprise and Ultimate Vista

[jfern]

At least, according to Wiki.

As much as we all love to bash Microsfot, I'm guessing it's an optional feature.

Not only dual booting

[CastrTroy]

Not only will dual booting and sharing files between OSs be harder, but recovery of lost data could also be harder. If they used something standard, or at least disclosed how they were storing the data, we might have a way to recover lost data. However, if we don't know how to decrypt the data, then how are we supposed to recover the data. Will the data be lost if you have to reinstall the OS? I know windows XP deletes sensitive information if your Admin has to reset your password.

Re:Not only dual booting

[JulesLt]

Isn't that pretty much the same situation you're in with any disk encryption system?

I can certainly lock my disk up beyond recoverability now (at least using current public software/hardware) with publicly known encryption. I can lock up my machine so that the only think a thief could do is reinstall the OS (and even then they'd need to flash the firmware to get it to boot off CD without entering a password). If I was in the 'secrets' business that is what I'd want.

A more serious concern is whether it will

Re:Not only dual booting

[Foolhardy]

To be clear: a user's private keys are only lost when the user's password is forcibly changed by an admin. The normal procedure of having the user change their own password simply transfers the keys.

Ideally you'd be able to export the Encryption key for your data onto a USB stick of floppy disk.

Your wish is granted. Open certmgr.msc or add the Certificates snap-in to a mmc window. Your personal keys are located in the Personal\Certificates folder, including the one for EFS (note that there won't be an EFS c

Re:Story Title FUD...

[woobieman29]

Some clarification:

2. There is not a problem here. Bitkeeper (EFS with a name created by the marketing department) will not be enabled by default unless your company enables the policy. If your company does enable the policy, you should also create a Data Recovery Agent. This can also be done on a standalone workstation.

Bitkeeper is not "EFS with a name created by the Marketing Dept" but rather a very different sort of encryption scheme. EFS uses an encryption key stored within the CAPI store in the OS

Has everyone gone mad?

[Psychotext]

I appreciate that it's popular to bash MS (I'm just as guilty) but isn't this getting to be a step too far? They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.

Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.

Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/libr ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx [microsoft.com]

Re:Has everyone gone mad?

[tomstdenis]

No, wrong. Bruce is a "press whore". There is a difference.

He's the type who always has an opinion on something regardless as to his actual contribution to the discovery. ... irony setting in ...

He differs from me [for those who are going to reply to this] in that I don't seek media attention everytime SOMEONE does the hard work to figure something out (Sony rootkit anyone?).

Besides, why can't the MBR be on ... A DIFFERENT drive and just have two disks? As I get the fear it's that if you put two OSes on

Re:Has everyone gone mad?

[mrchaotica]

Besides, why can't the MBR be on ... A DIFFERENT drive and just have two disks?

Because none of the current Intel Macs support multiple hard disks (except externally, but that's a pain esp. for the laptops), and chances are more Mac users than Linux users are going to be concerned about this kind of thing (due to Boot Camp).

Re:Has everyone gone mad?

[susano_otter]

Because none of the current Intel Macs support multiple hard disks (except externally, but that's a pain esp. for the laptops),

Sounds like the real problem is that a botique platform has significant hardware limitations that adversely impact convenience and utility across the board.

Re:Has everyone gone mad?

[Tim C]

I take it you missed the recent story on how Vista's firewall is going to be "crippled" because the default config won't block outgoing connections - just like XP's, just like Mandrake's and RedHat's the last time I set up firewalls on them, just like my hardware firewall in fact.

Slashdot has long had a strong anti-MS bias. Fine, they've never made a secret of it. Recently however, they've started to allow it to warp the facts, which is not fine.

Sure, this may well make dual-booting more difficult, in that you won't be able to get at your data. Ever tried getting at data on an NTFS partition with Fedora? ZOMG! Fedora is trying to lock out Windows!

I've been here a long time, and it's sad to see how the site has declined from a site you could trust, to one that will print almost anything as long as it bashes MS or praises FOSS.

That's it. I've had enough.

[JustNiz]

The only reason I was considering Vista is because Microsoft have made sure DirectX10 won't run on XP.

Now if I also can't dual-boot then that's the last straw to drive me to a linux-only system.

And before anyone suggests it, no I don't want to be running Linux under a Microsoft VM.

Virtualization?

[joib]

Couldn't this be worked around with virtualization? I.e. run both Vista and a free OS on the same box, communicate over TCP/IP. Kludgy, yes, but better than nothing I guess.

So dual boot for games...

[Britz]

...and (put in your favourite emulator, I use Vmware) for everything else on Windows.

What has changed?

We're getting good at FUD too!

[dhj]

Ok... I've been a linux fan for 10 years or so now. Haven't run anything but linux in about 7 years. But c'mon guys this is FUD.

First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:

http://www.microsoft.com/technet/windowsvista/libr ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx [microsoft.com]

And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.

This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!

http://lwn.net/Articles/144681/ [lwn.net]

BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.

You may remove the tinfoil hat.

--David

Re:We're getting good at FUD too!

[Senjutsu]

Yeah, this is just stupid. OS X has the capability to encrypt the user's home folder, but that doesn't make it any more "anti-linux" than this makes Vista.

Re:We're getting good at FUD too!

[R3d M3rcury]

I might take off the tinfoil hat, but I'd consider keeping it handy depending on how open Microsoft is about it's encryption methods.

Will it be possible to write a driver for these encrypted file systems without having to reverse engineer the encryption? Or will Microsoft tell people their encryption algorithms so that competitors can write drivers? Or is Microsoft using some standard algorithm (DES, RSA, or whatever)?

If Microsoft does the, "Oh, sorry, we won't tell you how to decrypt the data because you

Oh jeebus. Save us from ignorance.

[PixieDust]

And darn those pesky motherboard manufacturers for using a BIOS that includes the ability to put a boot up password. Thereby preventing us innocent and proud computer users from installing an OS onto our machine! This means war! Seriously. Since when is this: A. A new issue (NTFS, translating differences in file structure between OSes, etc) B. A "REAL" issue. It's not like there is a software bomb that will melt your hard drive if you type in an open source url in your web browser. C. Anything but another

Where's the hardware?

[tktk]

From TFA: Vista is due to feature hardware-based encryption, called BitLocker Drive Encryption...

The hardware part worries me. Is it just that the hardware is used to speed up the encrypt/decrypt stage? Or is it that disc encryption is actually tied to a specific unique chip on the system?

What happens if my motherboard dies one day and I need to copy files from the dead computer onto a new computer? Will there be a failsafe software-based decoder that will let me copy my files?

And how are backups goin

Shame on you

[Neon Aardvark]

A company plans to include a very useful encryption tool with it's next OS.

This is good news in terms of security and privacy, and therefore /. readers will welcome it.

Oh wait, no they won't, because the company is Microsoft. Microsoft is baaad, therefore everything they do is sinister and evil. You people always manage to find the dark lining to their every silver cloud.

It's the herd-mentality at work, folks.

Yawn.

doesn't matter to me

[penguin-collective]

The only thing I still dual-boot for is games, and that doesn't require accessing the Windows partitions from Linux.

Not to discount this story...

[jchawk]

But honestly in the day and age of cheap computing why even bother dual booting? I think I'm probably your average slashdotter, I have a laptop running windows XP, a desktop running windows XP, a linux desktop and a linux server.

Systems are cheap, watch for specials from the big guys and pick up a box for $399 or less.

I haven't had to dual boot a system in over 5 years and I'm certainly not independantly wealthy.

big deal??

[moochfish]

If you want your stuff encrypted away and hidden from your other OS, keep it on the Windows partition. If you want to be able to share your data, make a third partition with a compatible file system and dump your files there. Problem solved.

Bitlocker does NOT prevent dual booting

[jsm300]

This article appears to be completely uninformed. Bitlocker works on a volume basis, not on an entire harddrive (unless the harddrive only has one volume). In fact, in order to get Bitlocker to work for Vista you MUST have two volumes, one being the OS volume that is encrypted with Bitlocker, and the other is the system volume which cannot be encrypted with bitlocker. Nothing prevents you from having multiple volumes and only enabling Bitlocker for some of the Windows Vista volumes. You can have other volumes/partitions with Linux or any other OS you want. The only issue is that you will not be able to read the Bitlocker protected partitions from Linux. Isn't that kind of obvious? You can still have a unencrypted FAT32 partition for sharing data between Linux and Windows, or an unencrypted NTFS partition for one way sharing between Windows and Linux (write support for NTFS on Linux is still not reliable). As far as recovery, you will not be able to do that with Linux, you will have to do that with Windows. I guess I'm not seeing a real issue here.

DRM.

[miffo.swe]

Rest assured that much of the media (video, music etc) will be in a bitlock making it impossible to transfer it to Linux or even listening to it. Its the transfering of your own data that will suffer because with Vista its no longer yours to play with if you "buy" it from any of the bigger media corps. You cant even access it with your applications of choice thanks to Vista if the corp se it fit.

Booting wont be a problem, sharing/copying data will. At the bright side, the ability to make a very potent copy

Duh

[Deathlizard]

Seriously. we need a "Duh" Tag on this story.

That is the entire point of Bitlocker; Encrypt the drive so only the encrypting OS can decrypt it. Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?

Even if you move the bitlocked disk to another Vista machine, that machine wouldn't be able to read the disk without the decryption key, which I severly hoped you backed up.

We're dreading this feature in Vista becuase if its anything like XP encryption and it's easy to turn on, there's going to be a lot of unhappy students when we tell them "Your hard drive crashed and all of your files are unecoverable becuase you encryped the drive"

Problem is secret algorithm

[tepples]

Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?

If any OS could read the encrypted drive given the key, then there would be no problem. The problem comes when Microsoft does not specify how to turn the ciphertext plus the key into the cleartext.

Re:Problem is secret algorithm

[Deathlizard]

Yes. I agree that this should be documented and standarized. It would make recovery a lot easier, but you and I know MS is not going to do that.

Frankly, I don't see this being a big problem for Linux because MS encryption never goes to far in any company. NTFS encryption has been around since 2000 and I've yet to see a company swear by this system. This is going to be used by people who are paranoid about what's on their drives over recovering that said data and thats basicially it, and frankly this group w

Re:Duh

[Deathlizard]

No, becase IT dept's across the country would basicially riot if they did such a thing.

Most IT dept's do NOT want to deal with this thing. Encryption is nothing new for MS. They've had it since Windows 2000 but almost no one uses it. Why? because there is absoletly no easy way to do any kind of disaster recovery on an encrypted NTFS drive unless you have a Domain policy which supplies an encryption key from the server, and even then it's a pain to recover unless you added execption policies (think backdoor)

So?

[nwbvt]

If you have to buy a brand new computer to even start up Vista, can't you just install Linux on your old one?

Not just dual-booting...

[mad.frog]

Based on the quality of the betas so far, I'd say that single-booting Vista is enough of a challenge...

I just don't get it, Part III

[Gorshkov]

I'm sorry, but this seems to be a bit of a non-story

Mickeysoft can't stop anybody from boting anything. THe boot process is handled by the bios and the boot sectors on the disk, which can't be encrypted unless the bios cooperates.

If the bios cooperates, it still has to be able to read said boot sectors, and if it can read windows boot info, it can read linux boot info, or anything ELSE you want to put in there.

So "difficult to dual-boot" is as far as I can tell, CRAP.

As for sharing data between the two systems ... I give it less than a month after release untill somebody has been able to figure out how to pull the data from there.

Re:Experience with Bitlocker

[TheRealSlimShady]

I think you're confused. Bitlocker isn't a replacement for the file system, it's a hard disk encryption tool. The file system remains intact, so your claim that users couldn't find stuff anymore seems a little odd to say the least.

Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?

The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.

Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.

Re:Experience with Bitlocker

[RonnyJ]

Even if I hadn't seen variations on this troll post before, the idea of a company consider going from FAT32 to Bitlocker technology is more than enough to show that it's pure trolling (they'd be using NTFS).

Mod Parent DOWN

[wile_e_wonka]

Parent post is NOT informative; it's a lie. Is the employee that suggested you use BitLocker the same one that suggested you use Vista while it's pre-release?

I find it so odd the lengths people go sometimes to trash a company/person. Outright lies? It's one thing to hate M$ for things they've actually done, but to drive others to hate them for things you've claimed, but never actually happeneed to you? You are what's wrong with society.

Re:Mod Parent DOWN

[wile_e_wonka]

You still weren't able to resurrect the fabrication. If what you are saying is true, then that means Microsoft supposedly favors this company, and yet (1) Microsoft offered no support for the product they so graciously gave to this favored company, (2) the company was running Vista, but BitLocker was not installed on the machines, even though they supposedly come together, (3) BitLocker was somehow a filesystem, and (3) they were doing what with Vista and FAT32?

Basically, it still doesn't add up. (I'll le

Re:Dirty socks

[susano_otter]

It's data, not footwear.

It would smell like dirty sockets.

Re:Not in Vista 64

[Sigma 7]

If the author can't afford $500 per year to get a driver signed, then it won't work in Vista 64.

Which is moot to everyone who does not require fancy-userfriendlyness.

WinZip and WinRAR can display the contents of an archive. It's not much of a jump to manually read the partition and display the contents in the same fashion - the only difference is that you write the code to work at the user level rather than a Kernel Level.

BTW, drivers need to be debugged somehow. From the site you linked to:

.
Q

DRM is going to backfire big time.

[twitter]

You could look at BitLocker as anti-Windows because it frustrates dual boot

True.

DRM is going to cost them their majority market share. The more they make things suck, the less people will want to use them. WMP 10 is an indicator of where things are going. Check out this satisfied customer's opinion of it [advogato.org]:

Then Digital Restrictions Management (DRM) started harassing me and asking to connect to the internet to check for licenses where none had been needed before. The worst part of this "upgrade" is how