Windows Vista To Make Dual-Boot A Challenge?

mustafap writes "UK tech site The Register is reporting on security guru Bruce Schneier's observation that the disk encryption system to be shipped with Vista, BitLocker, will make dual booting other OSs difficult - you will no longer be able to share data between the two." From the article: "This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. 'You could look at BitLocker as anti-Linux because it frustrates dual boot,' Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users."

And another EU Commision lawsuit in 3... 2... 1...

Does Microsoft even realise they're being charged with illegal monopoly practises at the moment? Do they know that the EUC isn't going to let them get away with any illegal bundling while they're charging them? Sheesh...

Re:And another EU Commision lawsuit in 3... 2...

One slight detail.

Drive encryption is optional. It's something you may configure while setting up the system for systems carrying sensitive or important data. It's not like a standard Vista install automatically encrypts the entire drive. That would be ludicrous.

Bruce Schneier may be a brilliant security guy, but like every other person (and company) on the planet, he has an agenda. Don't automatically trust the guy telling you stuff because it's embarassing to the person he's telling you about.

Re:And another EU Commision lawsuit in 3... 2...

Ah, I almost forgot. This document is the Microsoft whitepaper on setting up and using drive encryption for Vista. [microsoft.com] Skim through it. Notice that it's freaking huge. The setup procedure is involved and low level. This isn't the sort of thing that will automatically be put on by a ignorant user blindly clicking "Next".

Re:And another EU Commision lawsuit in 3... 2...

One slight detail: Vista isn't out yet.

Actually this feature is pretty much as set in stone as you can get. The guy writing the article knows little to nothing about bitlocker, especially baiting people into believing it has any anti-Linux intentions.

As for it being a real feature and as the person above posted, they are correct and it is.

I am truly looking at the help file for Bitlocker in Vista as I type this. (We have also tested BitLocker on several systems, it does what it is supposed to do, and it has to be enabled by the END USER, as their key/pin is used to encrypt the drive.

And lets say as a goof Dell did enable this feature, and assigned a key and pin to the person buying the computer, all you do is type in your pin for access and then turn BitLocker off. (It can be turned on and off for the entire drive quite easily once it has been enabled.)

It is 100% optional, and not something recommended for the average person, it also is not recommended for volumes that need to be access from another OS in a multi-boot environment, so just don't use it.

You do realize it even locks out WindowsXP if you are dual booting WindowsXP and Vista and you use BitLocker to encrypt your Vista partiion?

This is NOT an evil plan against other OSes.

What the hell are you smoking?

"You could look at BitLocker as anti-Linux. . . "

No, just anti-dual-boot. Microsoft makes their product more secure

Sorry, but since when does dual-boot mean "less secure"?

How many viruses are going to be stopped by preventing dual-booting? How many trojans?

Yeah, that's what I thought.

Re:What the hell are you smoking?

Sorry, but since when does dual-boot mean "less secure"?

How many viruses are going to be stopped by preventing dual-booting? How many trojans?

Yeah, that's what I thought.

On the other hand, if you can convince a locked down Windows XP box to boot a Knoppix CD, you now own that box.

I think that is what they mean by "more secure".

Whatever...try fat32 partition

Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

Re:Whatever...try fat32 partition

Does it really matter? If you're going to format a drive as FAT32, it's already in your best interest to use Linux's version of fdisk rather than Windows XP's. Window's current fdisk limits FAT32 partitions to 32GB; this is entirely a software limitation, FAT32 allows for volumes up to 2TB. So unless Vista does something that prevents mounting a non-Windows formatted FAT32 drive, we should be fine.

Re:Whatever...try fat32 partition

For what values of fine is putting 32GB of data on a FAT32 file system a good idea?

When you've got 32GB of data you want to share between your Windows install and your Linux install. Say, your MP3 collection?

Put this [fs-driver.org] on your Windows install and make your common data-storage area ext2 or ext3 instead. If you start slinging around large (>2GB) files on a regular basis like I do, you won't have to worry about splitting/combining files.

Re:Whatever...try fat32 partition

Windows 2000 hoses the partition table and so does Windows XP. It would be pathetic to complain that vista beta is only doing this because its not complete yet. Honestly there's no reason to release a beta unless you get the partition table handling right.

Re:Whatever...try fat32 partition

Even perhaps having a bug.

You know full well it isn't a bug. It's the same exact "feature" that has been shared by all in their OSes for the past 20 years. It's not in Microsoft's interest to make it any easier for users to stray from their ecosystem, so this intentionally designed limitation is not going to change.

Re:Whatever...try fat32 partition

Any body that is dual booting will also know that making a partition formatted fat32 will allow copying of files between os's.

Bitlocker is a whole-volume, hardware based encryption system (as opposed to file-specific techologies, such as Encrypted File System, which have overhead that requires a specific filesystem like NTFS. There is no filesystem specific overhead because it's transparent to the filesystem, and to the applications for that matter) -- there is no reason I am aware of for it to be tied to any specific filesystem, and it should encrypt FAT32 just as capably as NTFS.

Not only is this functionality optional, and requiring special hardware support, but it is a bonafide feature. The data of the world would be much safer if every laptop swiped, hard drive sold on ebay, and incident of unwanted physical access of machines couldn't give absolute access to every file on the machine.

Re:Whatever...try thinking right

Okay, first off, the article headline is HORRIBLY misleading. BitLocker will NOT ENCRYPT THE ENTIRE DRIVE. It is required that you have a ~100MB partition in order to boot off of, which will then in turn load the needed software into RAM and *then and only then* decrypt the encrypted partition.

Read: This has nothing at all to do with dual booting. Your ability to dual boot will remain completly unchanged, period. This, however, is about your ability to share data between OSs, not your ability to boot two. Learn to write a article headline, please.

FAT32 is dead. Period, get over it, dead. No, I take that back, it still has one use: flash drives, and other forms of removable media. Other than that, IT IS DEAD. Why? Simple: security. From Windows 2000 and on, Microsoft actually put some degree of effort into security. "Some degree?" you ask? End result, due to NTFS, you can actually secure your system. Compared to FAT32 anyways, where a *guest* user can drop a virus as c:\explorer.exe, and then the next time Johnny Admin logs in, it's over. NTFS added actual security measures. ACLs. Execute bit. And, well, quite a bit more. Due to this, I can say the following without doubt that I'm right:

1) BitLocker will ONLY work with NTFS.
2) Vista will do everything they can short of threatening to eat your children to get you to install on NTFS. (Side note: http://www.theinquirer.net/?article=30128 [theinquirer.net] vs. http://www.microsoft.com/technet/windowsvista/libr ary/plan/5025760b-0433-4ba1-a2f4-9338915fdb4b.mspx [microsoft.com] - Beta1 won't install on FAT32, but according to offical MS docs, it will (eventually, most likely))
3) If you're still using FAT32 as your primary OS partition, you're an idiot.
4) Due to #4, if your defense is, "my [windows] OS can't run on NTFS!", my response is still the same. Go upgrade, you're not helping anyone.

FAT32 is nice for removable media. That's about it.

(</troll>)

Re:FAT32

You can get pretty safe write support now via ntfsmount [linux-ntfs.org] (FAQ entry [linux-ntfs.org]).

Anti-competative! Predatory! Monopoly!

Anti-competative! Predatory! Monopoly!

Don't worry, once Leopard comes out with Apple's own implementation of the Win32 API, no one will need Windows ever again.

Mmmuh-hahaha!

Re:Anti-competative! Predatory! Monopoly!

In ten years you'll be saying exactly the same thing about replacing cocoa so you don't need a machine made by Apple ever again.

Way to go there, migrating to a locked in proprietary platform. Oh, and on top of that, one that's crippled to only run on mandated hardware.

But Apple are hip at the moment, so it doesn't matter.

Huh?

Did I miss something? Is this disk encryption going to be compulsory?

What you mean it could still be possible

to mount a non-encrypted disk in Vista in an older format that Linux can read and write too?

Shocking.

Will it be possible to mount non-encrypted disks in Vista? Well, unless MS is finally prepared to kick backwards compatibilty then yes.

Even if unencrypted HD's ain't supported (unlikely) they would still need to support regular filesystems like FAT for all those flash disks from your camera and USB keys and such.

I am as anti-ms as you can get (if I am ever diagnosed with an incurable disease Gates gets a bullet in the head the next day thanks to my Halo training. Eh non-MS FPS training) but this is just to much. Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

Geez.

Re:What you mean it could still be possible

Linux disk encryption makes it just as hard for linux to dualboot windows. In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

the filesystems used in linux are free and open. MS is more than welcome to implement support for them in windows without having to pay a dime. The same is not true of the reverse situation.

MS does not support reading and writing to linux filesystems by choice to stifle interoperability. They keep their filesystems closed to the same end.

Linux partition support under Windows

the filesystems used in linux are free and open.

Indeed. And in fact you see a lot of implementations for windows of which a lot are based on the open-source code.

• explore2fs [swin.edu.au] application that reads files from an ext2/ext3 partition, with LVM2 support
• ext2ifs [swin.edu.au] old project by the maker of explorefs2, native reading support of ext2/ext3 in windows NT and up
• ext2fsd [sourceforge.net] native reading support of ext2/ext3
• ext2ifs [fs-driver.org] NON-opensource (maybe violating GPL ?) native read/write support for ext2 (and ext3, but the driver could fuck-up the journaling if partition wasn't unmounted clean in linux). Has a nice GUI to assign drive letters to partitions.
• rfstools [p-nand-q.com] and GUI Yareg [akucom.de] application that reads files from an reiserfs partition.
• rfsd [sourceforge.net] - native reading support for reiserfs

This shows that :

• It is possible to add access to linux partition in windows
• Even write access is possible and currently the non-open source ext2ifs [fs-driver.org] provides a solution that can be read/written by both OS and which is a little better than FAT32
• although Windows has no propper device mapper but only Dynamic Drives, LVM2 data can still be accessed (although not with a native driver).
• None of this numerous attempt is done by Microsoft. This show how much they want to play nice with the others

Meanwhile, the opensource community is trying [linux-ntfs.org] to play nice with Microsoft's OS.

Re:What you mean it could still be possible

Will it be possible to mount non-encrypted disks in Vista?

You're missing the point.

Even if the user is given a choice in the matter, are they going to understand that they're signing away their data to Microsoft?

That nice boy down the street that helped them recover their data with a reinstall so easily- are these fictional users going to understand that checkbox means their next screwup means their data is gone for good?

Linux disk encryption makes it just as hard for linux to dualboot windows.

No it doesn't. The bootsector and partition tables are most certainly NOT encrypted because then the system wouldn't boot.

In fact every linux distro should just use FAT to make sure windows can be dualbooted and read the linux data.

I've got a better idea. Instead of trying to convince all those distributions that you're right and their wrong, why don't you just try and convince ONE distribution- say Microsoft- that they should support ext3 and cryptoloop out of the box.

Wait...

Which is it, data sharing between two OSs or dual booting? Because I can dual boot just fine with current products and still not be able to share data. Not until NTFS for linux makes some more progress, anyway.

Re:Wait...

The usual solution is to make a FAT32 partition of a couple gigs, or use a remote SMB share or my personal favourite: just don't use windows.

Tom

No Sign Yet

I've used every build of Vista or Longhorn ever released/leaked, and so far I have seen absolutely no extra "anti-Linux" default-disk-encryption thing. The bootloader also still works fine with chainloader +1. Since Vista has supposedly been "feature-complete" since build 5308 (now is on 5365), I'm not convinced this is anything but FUD.

News Just In:

Encrypting a filesystem prevents arbitrary operating system from accessing it!

I mean — what the fuck?! — isn't that the whole idea?

Non issue.

If Schneier, TheRegister and all those other attention w... had looked here before opening their mouths:
http://www.microsoft.com/technet/windowsvista/secu rity/bittech.mspx [microsoft.com]

4.1 Installation

As part of Windows Vista, BitLocker is installed automatically during OS install with Enterprise and Ultimate editions5. (Note that it is not automatically turned on.)

FileVault Anyone?

I don't know exactly how this encrypted FS works in Vista but I imagine it won't be much more different then cryptfs in Linux or FileVault in OSX. When I boot into Linux on my Mac I can't get into the home directories for any of my users but I can certainly still share files....

Anyway, most dual booters that go between Windows and Linux already have dealt with these issues due to the unfriendly nature of NTFS.

It will only be in Enterprise and Ultimate Vista

At least, according to Wiki.

As much as we all love to bash Microsfot, I'm guessing it's an optional feature.

Has everyone gone mad?

I appreciate that it's popular to bash MS (I'm just as guilty) but isn't this getting to be a step too far? They're introducing file system functionality for added security and being ripped apart for it by the same people that scream at them for their lack of security focus? I've had a bit of a read into it, and at least on the surface it seems like a good idea.

Bitlocker isn't going to be compulsory, and as such it isn't going to affect dual booting in any way shape or form. It's certainly not the sort of thing your average home user would be setting up anyway (IMHO). Seems like Mr Schneier is a good old fashioned troll.

Some more info on Bitlocker here : http://www.microsoft.com/technet/windowsvista/libr ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx [microsoft.com]

Re:Has everyone gone mad?

I take it you missed the recent story on how Vista's firewall is going to be "crippled" because the default config won't block outgoing connections - just like XP's, just like Mandrake's and RedHat's the last time I set up firewalls on them, just like my hardware firewall in fact.

Slashdot has long had a strong anti-MS bias. Fine, they've never made a secret of it. Recently however, they've started to allow it to warp the facts, which is not fine.

Sure, this may well make dual-booting more difficult, in that you won't be able to get at your data. Ever tried getting at data on an NTFS partition with Fedora? ZOMG! Fedora is trying to lock out Windows!

I've been here a long time, and it's sad to see how the site has declined from a site you could trust, to one that will print almost anything as long as it bashes MS or praises FOSS.

That's it. I've had enough.

The only reason I was considering Vista is because Microsoft have made sure DirectX10 won't run on XP.

Now if I also can't dual-boot then that's the last straw to drive me to a linux-only system.

And before anyone suggests it, no I don't want to be running Linux under a Microsoft VM.

We're getting good at FUD too!

Ok... I've been a linux fan for 10 years or so now. Haven't run anything but linux in about 7 years. But c'mon guys this is FUD.

First of all, vista won't have this activated by default. Here's how you can turn it on in Vista Beta:

http://www.microsoft.com/technet/windowsvista/libr ary/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx [microsoft.com]

And yes it will make any data encrypted in this manner unavailable to another operating system. It does this by using TPM (Trusted Platform Module) in the BIOS and can base the key on the kernel and optionally: just the bios, a user supplied key, or a USB drive supplied key.

This allows for the option of encrypting/decrypting data from the very start of the boot process. And guess what? It's being implemented in linux too!

http://lwn.net/Articles/144681/ [lwn.net]

BitLocker from windows is just a kernel based drive encryption software that takes advantage of TPMs just like the linux system. If you're concerned about cross platform compatibility then use user space encryption rather than kernel space encryptiong. If you're that concerned about secure keys then don't dual boot! If you love dual booting and don't care about encryption at all, noone is going to beat you up and make you use encryptiong.

You may remove the tinfoil hat.

--David

Shame on you

A company plans to include a very useful encryption tool with it's next OS.

This is good news in terms of security and privacy, and therefore /. readers will welcome it.

Oh wait, no they won't, because the company is Microsoft. Microsoft is baaad, therefore everything they do is sinister and evil. You people always manage to find the dark lining to their every silver cloud.

It's the herd-mentality at work, folks.

Yawn.

Bitlocker does NOT prevent dual booting

This article appears to be completely uninformed. Bitlocker works on a volume basis, not on an entire harddrive (unless the harddrive only has one volume). In fact, in order to get Bitlocker to work for Vista you MUST have two volumes, one being the OS volume that is encrypted with Bitlocker, and the other is the system volume which cannot be encrypted with bitlocker. Nothing prevents you from having multiple volumes and only enabling Bitlocker for some of the Windows Vista volumes. You can have other volumes/partitions with Linux or any other OS you want. The only issue is that you will not be able to read the Bitlocker protected partitions from Linux. Isn't that kind of obvious? You can still have a unencrypted FAT32 partition for sharing data between Linux and Windows, or an unencrypted NTFS partition for one way sharing between Windows and Linux (write support for NTFS on Linux is still not reliable). As far as recovery, you will not be able to do that with Linux, you will have to do that with Windows. I guess I'm not seeing a real issue here.

Duh

Seriously. we need a "Duh" Tag on this story.

That is the entire point of Bitlocker; Encrypt the drive so only the encrypting OS can decrypt it. Bitlocker would be rather pointless if any OS could read the encryped drive now wouldn't it?

Even if you move the bitlocked disk to another Vista machine, that machine wouldn't be able to read the disk without the decryption key, which I severly hoped you backed up.

We're dreading this feature in Vista becuase if its anything like XP encryption and it's easy to turn on, there's going to be a lot of unhappy students when we tell them "Your hard drive crashed and all of your files are unecoverable becuase you encryped the drive"

Not just dual-booting...

Based on the quality of the betas so far, I'd say that single-booting Vista is enough of a challenge...

I just don't get it, Part III

I'm sorry, but this seems to be a bit of a non-story

Mickeysoft can't stop anybody from boting anything. THe boot process is handled by the bios and the boot sectors on the disk, which can't be encrypted unless the bios cooperates.

If the bios cooperates, it still has to be able to read said boot sectors, and if it can read windows boot info, it can read linux boot info, or anything ELSE you want to put in there.

So "difficult to dual-boot" is as far as I can tell, CRAP.

As for sharing data between the two systems ... I give it less than a month after release untill somebody has been able to figure out how to pull the data from there.

Re:Experience with Bitlocker

I think you're confused. Bitlocker isn't a replacement for the file system, it's a hard disk encryption tool. The file system remains intact, so your claim that users couldn't find stuff anymore seems a little odd to say the least.

Also, Bitlocker is only available on Vista, so are you saying you're running your production users on the Vista beta?

The final straw came when one employee lost several hours work when Bitlcoker suddenly had an error reading from our intranet file server and corrupted his project.

Bitlocker doesn't affect files read from network locations, it's merely a hard disk encryption technology. I think you're confused about what Bitlocker is.