Windows - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Windows


Can Microsofts Bitlocker Save Us from Ourselves?



 By: John G. Spooner
2006-05-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
The software giant, in an effort to help stem data losses and thefts that put PC users at risk, will offer a hard drive encryption tool with its Windows Vista operating system.

Microsoft is making it much more difficult to access and steal a businesss vital data from one of its PCs.

The giant software maker will deliver Bitlocker, a hard drive encryption tool, as part of its forthcoming Windows Vista operating system, which is now in its second beta and is due to large businesses in November. Bitlocker, which will come with Windows Vista Enterprise and Ultimate editions, can be used to encrypt an entire hard drive, making it more difficult for someone to access the computers data if it is lost or stolen.

Microsoft believes that Bitlocker will help companies guard against accidental loss—where a PC, as well as a server in many cases, is lost or possibly disposed of without its drive being wiped—inappropriate access by company employees and even theft from individuals interested in a PC for its data. Despite the fact that hard drive encryption tools already exist, the act of including Bitlocker with Windows Vista—and integrating the tool with its Active Directory for things like automatically storing backup encryption keys—could get more businesses thinking about encrypting their PC hard drives, due to security concerns, industry watchers said.

Indeed, "One of my most favorite [new features] now in Windows Vista is Bitlocker Drive Encryption. Why is that? Its going to secure the information on a hard disk, whether its in a laptop or a desktop PC, and if [a PC] is stolen nobody can get the data off of it," said Will Poole, senior vice president of Microsofts Market Expansion Group, during a WinHEC keynote address on May 23 in Seattle. "I personally burned the better part of a perfectly nice Saturday just a few weeks ago, after being informed by a financial services company in New York that a PC had been stolen from their office that had my name, account information and Social Security number on it."

The availability of Bitlocker would have had made it harder for someone to access the data resident on the stolen machine, Poole said.

Resource Library:
Although Bitlocker has not yet been tested widely given that Vista is still in beta, security industry watchers agreed that, at a minimum, the wider availability of hard drive encryption tools is a good step for companies looking to beef up their data security.

But security expert Bruce Schneier, chief technology officer at Mountain View, Calif.-based Counterpane Internet Security, warned that Bitlocker is not a panacea, but just one of several steps needed to keep data secure.

"In security, the devil is in the details," Schneier said. Still, "at the level Ive read, [Bitlocker] seems well-designed."

Is Windows Vista soup yet? Click here to read what beta testers have to say.

Just like with any other software product, flaws are likely to crop up from time to time and require fixing, he said.

Bitlocker, Microsoft officials said, is capable of working either with or without a TPM (Trusted Platform Module) security chip. But they said they consider the encryption tool to be at its best when it can take advantage of the combination of a TPM 1.2-specification chip and a secure BIOS.

With a TPM present, Bitlocker uses the chip to generate cryptographic keys based on scans of core system files—things like the master boot record—in addition to a key for the hard drive itself. The drives entire volume, including the operating system, page file, temporary files, hibernation volume, user data and blank space, are all encrypted by Bitlocker, said Shon Eizenhoefer, a Microsoft program manager, during a May 24 presentation at WinHEC.

Later, if one of the core files is discovered to have been changed or replaced—an indication that a machine may have been tampered with or its hard drive removed in an effort to access its data—Bitlocker will not release any of the keys in preboot and thus the data stays encrypted, Eizenhoefer said.

"After the first time, every time you turn on machine, it makes sure that current measurements match, so that if someone tries to hack with a BIOS or an [external] drive … the TPM can detect it and wont release the keys to the rest of the OS."

Setting up Bitlocker requires a few clicks into Vistas security control panel and then a few more to set up the feature. Bitlocker allows users to log in and access their machines in several ways, including placing a log-in key on a USB (Universal Serial Bus) drive, creating a PIN (personal identification number) or using only a TPM.

Using a TPM with a USB key is the most secure method—assuming a person doesnt carry that key in the same case as his or her laptop—but presents the possibility of lost or stolen USB keys. PINs can also be lost or stolen. Meanwhile, simply using a TPM is most convenient, but more defeatable in that it only takes cracking a systems password to gain access to its data.

"TPM-only provides a clear advantage in that its transparent to the user," Eizenhoefer said. "They dont even need to know its there ... and, at the very least, that TPM protection provides a very significant layer of protection to help protect that data."

Microsoft has a lot more security credibility these days than it had a few years ago. Click here to read more.

To deal with lost or forgotten PINs, Bitlocker offers a recovery key, which can be saved to a file, printed, or stored on the Web or in an Active Directly server for domain-joined business machines.

But, despite the advantages of hard drive encryption, there are still some concerns among security experts about Bitlocker and how it may be used.

"The fear is this is an entry into a very restrictive DRM [digital rights management] system," Schneier said. "Thats down the road. We have to watch and make sure Microsoft cant abuse this technology."

Others are concerned that Bitlocker might not follow industry-standard specifications.

"My hackles are up just slightly when the industry goes in multiple directions at the same time," said Roger Kay, president of EndPoint Technologies Associates in Wayland, Mass. "Microsoft is particularly well-known for doing that. They sort of show up to every standards group, but when it comes to productization, they do it their own way."

The one-time adoption of a single method by the PC industry would be more favorable.

However, there is something to be said for quicker time-to-market, Kay said.

"Theyre not entirely wrong. They put out functionality, they can get it out quickly," he added. "The TCG [Trusted Computing Group] is still sort of fiddling around" with an effort to create a hard drive encryption standard of its own.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.



  Reader Comments: Can Microsofts Bitlocker Save Us from Ourselves?
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By John G. Spooner
 


xr8 VﴫE.B岦mcS톂"!m䐔/;/qؗg2 %jrwA$D"H@ggOD]ݴ1p͙M55|zg`HRsgޅ-34 @oRQP ĠxnwݶN`P'~ > \?g3U;Y|%x_'Щѩ&€dB$lhwtLhT@ƾQ8FMLbh;&qGXA# : rWӺ#AhFA|QCѺYQy$pm<$6E\' ߣWnSpca_ʞ0ȾM"h4"j>vBgxdWF+!X]~D42]hj:W{7vn/E@^cBȡ[Boi=Tݱ[ L=iLVC;%0ýtf?;9zu v}J2GJ73ҧ }KH;R@}ky>5I ib1lpu$D7|6X@?¼T_y yN =:t^䖡_ֽyo@סn܎}wdo&a-vQKwq6j ۄ@ظz00!}%DhOG@uh3 2n eþ=rTݯԕ^T/[,\hF}osj/z ? n0uh;\Ary]JZs|uO}~N6ox9vtx/o;YHM~goDr V*4D-āP}] x[^ %MR;4,fϷ 3+i3*udN"?[ڗu&u}Y6f0ZjCA/].FȏwAsyҽ59i{ ݙOtHM Wh:s0N[lxiuH54Y01\ \V+%᧓qULBusL ,ߔeBqֿ8'} ,-)TtܿG)L,Y`MImdʩ$|ǺzNԜY^KqliBuV!`JC 0sf5 @kFkPYDak6R\ 9jb蚏)6B̄H )7'M XZދ,}Et"Ayu= .+J!bN3̤"ȅQ.%MĆ>Lb8Oಖyp!rY]4'tauAUi3ӟ}ޡ:ix>!e.ڽ^C8Jjh.B2iKB0q77jU~p**uU9=b(7ZdL,5,{Lt차Y8`;}J_wϧԴfPwH<: M/G˥yf1@ Lna V8; u#uә=W45(hu0#5m &>vl 8d $(s>w[L,)0(- JC=ˋF0P6 = 2/?>aCnH }P(Vr`{)qmNl}h`1 >5g%N\JQ =' dSJJd$D!-i]R@Az< -,rrl+_NzvGBjy?mlry swrvn23,BV-KїPf%i2klƲń(VFN1|(0Vn)֘MGsD& f+LoLhQĸGF6}Sˀ)4+pN4S}52{B[`a3sUedGK<&Tլ9&_4Y ̇r>5nVAL  |U=kb$`~ =D2ei[FohCMWj}sf8, J; HS$l%UW)z@4-}<_D<}:_ )e!\o N(>A TzRhjMՖL-F of`׆ K ؈ȁUzaڏSҝe|aQ;m/)eKKYQ>Om V!0\ zT30`,e?"_&])W=ٰRVJ1M16D ȸau-Ce0|j}\v)+ܸ~$QK!ɅB@**ZC/çV "IJkiPzP( `k_/Y@hnEkJc\Cњy]֩;lRjz|pݱM% WKRI1})Xk±&,<"+ڂhȈ0A  ~HLbV4> \Rbr>+j*e$T6)5*iMym"P8+%t갢zԘ}Qː 0gted->흧 IZ+jՄzrhU-WjsUWYP2:Ś&H_ଯ?p,zM85hN?+vo?{]K\μ+ '0E<&{H[eX}t%_OHa+ģCYV MUpnp{E~t=GhCxZ '`i@% p LM{~i?/nZYYf0`%l*?ie(#f~~+ˣ {i#f MaFžnJ^+=4`7,mC[$ zDÈ i{qņZ J'gHy3V9y]%fZ+e1yYUz|uhoCu^ɛ>:lv'< hr͵m7fDv?)KqO ܮ:RrR9HǞ1]]2Yޘzֱ4> ʀkG2c)Ь6V#iA/e.N3)a(&6}j;_&*|)2SG)kEXqkqR.3zXz+)5rhE5&QrME 7uGM4VH'!IQjQA%M_-UղR/YTAte%vdi&d9LLgl'P`R(S&z T]Zx*+iQ/ dw $&i= P3t^iW:[+y*6a2N8[G*knIG:aF*ݔ[Y`'\$T+IjYt>80xnX N zW1$pL\'J͆Re_Ak rR8qG+a#ra&QH+G }O*lU*JTp.g$X9H(P Yx[!6E),8{J`oP=([xr2=qZaǰZTa/ gF ccb~f.A)oSo(0h_hCm$\auv@Ϣ.c燛I쀔4}ڽKh-6z_5ރ6 `i8~{H(&}ׇ7{%g۫It0lg~hy# @4Qn߽p.Z:K5?wH;m)^{%o= rHpAjw>\'d0| s|n]G6bW `xѤĢ8bF<$ ^!mBE\'k,S=VXKs!}=#٠b+hL؆;K*a֭ Bf-3bB!bFO1OKwtEh[(+x,6dsJ;t1?;)}AmN9˝~H!g9o E٦7db&ubNL5W"Jv {t#1QLwS1T$-zbeanKlx0e9)Oz.ϓp|Nj+'i^VӲQ6T$4%44QLNC]B+dC7g һj]nNp6<5ަmƙWJŇJ$ TgKE֊ pkP q<+ b >ϣg֢Ѭ]}+ ɏX#zSa!J fRZ/wuOzUbݩca8F\x vwR;2Q杊y{ho&})s'Auha`Jwfim6`4 ݣovR:}'i?vݷ;޽sܾːu9:T+Pۮi.;R)*xuoƇuСvO'I_I=.gRKcc&toAnv0!J~]qT8|ҧS* K* /ՒNUJ㞓Fܯ&e3(]nva$=W B9-: 6MFR$QȖVJق/ˏliZrdke4F.+Ϙ&"lul+Y7/hd-X2ZnS?XE'I K 1\U]+Uۯ7gԶxpYkѤwxA?~ʞ@mF: }e# cUoBPw_wxVKImdƟhOuV3RJLCTS߅}%@;fl;Mdm&ñ$GVE>b.w*ug>A$bxr/ރ1bvc-(> +M+M*"lOU/,]-|PTRަO尝tK6בz`cf<@/t%XH40ft/Lq(C/3b*TJ`M8^ ` \g Xg5tgIRi՜.Eiባ<ʼn^C<D[U]RUIoV_X.K7@,l̕l$U +@8>!ۊ=LT6eL+zGO:}Sb)$5rz?BI7ìA36sjo9〚ܤ|up +WС&zWly +9?#$cMROHDjr*)OBկi uK$u0GS8" NMln斓bvߵ3.D>]>0qqwOwOwOwOzrR}'1M_á%MZWQT*0jen> U#*93if8F9"7k'+ED_Ab2BGИHV IXĖNXW6b6L&ao٦ԛ {’H+FV*H]+|uJF ndw,BS'oLRy8bMslnކ\~q> `t?Jx[O*? ߱I䂎u$"E01Xrœ,O!IY7dgO~LCt%h(Hgs1W0Ptw AT#߰Ο 2B0fnX}5[.D: xLG)J+rfh\Knk&&`%Yzf[ǽ9ڟ~&R4zmϫC^ST[^W_/*x!'L`EV tmsgfF c(H' zH2 }pMNles׾Wӗy} Ւ3t;P:ޅ߸1zuDڄB> j*!ogv%`^8,SnƏR9 k&5qɘ' k0m{[̮|fH @<]VSXd?E nc^.NͼoTSYpA-ֲgJ+" SﻦFG B")HCB{7AoO5^ޝ(7`#3@j-hE5x}؃ 檒oJx#+Sv)sR2o?qjvde hK4;K~s2ԟIA]ESy8Н;_n+Ǡ~9Kx4`TZwǮp[x)φɼM2kɹaf zm)ʼ&.s$)wB]'3e` lqs̮XB?Π6k?0XLHj~6b+@M36|[`8,‹ :{ {E[][˯}:uBy,{C˭Wjp,iuif{c~BP2o2@44+IY'VZIHgcS8Wh 8eYXZƳ=@*FR ,vHyIv|wouv1RSp\|@QjA>~i__F=^m-ɒ v+`Cl{w2Оp"}-GFbd@/ja]Lz®.-Nuwfwφxݟq{QL#D"?wmU6Zgs^b,X\ VM!AaD0욅 a B6?w}3Dr0vLz@m,x.5ve1h}P2D#%1d(=c$gs8RG%ojomJK ,T"p1ckZzD,?t"R KhWۏAB,pA%fZןQy3, Y趜KW15\R RWK.K\G" *l czRO&tSj9yIoA$zTGXrRM` />]b\ kg>)fFm@kLvb7k_ںq)y,Z<1xfNT`h2} 11[TxSvXf!16{x=)I8I?Btk6fLµ)A*d 8ISD#ާr2U"cMCjj~RV+ڡ!qgTھ*Aj>St``}XC@&D}#i GY,t:s /0ډJ r3RmFΝz_`~msι\`{2DYqc[VjJYb;7s":;KfHtGw,}@8(@"y԰t|G*F¯R^fzx#nϪm*F&#Zi+xw4 :4J| E)<1^+@jBBϳjNT]OpY}XC3 CL^\}ĭRA)oS[ɺext耯J"r[-2iq#:&՗yM C.oJ^j$'p >G_ 6f^FgZQ)MG)R}o cb2zވ5pb XBW7}D['ٍCrhb#^) `vWV\oz~}C{ }qk `Cߑ?E&Ə^t<{yCROwE)d7Jc[-=ٵ>e׻кlŧtS)F|1[GB(TKΑ`ho~)uixԝ8 `8.pgj1U%H9 dU A_{=&>I % #a k(E$xzk;WNϻ7x Zҷh+lԭs=|ܽ|ڹl_]w.橅G0 Ky/m2/*f(H^.NQʩ`Sg̵,9%ywW%LqMS'Q韯xe3ʋ, K/Ni01GS:9nzZ>6N7^L˒7#ǮuԦF(hq`1D*'MMo )n}>eЌLj^+U_:v<)) )-VNyʻ9'@vN1.?CN?|:YguyC:9CL2B^Ng(ٮy3>E">"@\9_^E^ ?唟AYNߠo9P~S{3 ?9s w3~]7]?/WW9qr_\O{99cuG௏9 ?~rC(+h&࿛Ku3Ay+GZWpz~;}sS^.4r\}W WKӜ:賊9+f7_+ʡsTh= Я#dnldֹ:R+ ]yKxMKT앆cn5:Aba/ c|2y&p  )htVydS˼=>w槴Ix崝#&J2W喛O'ikz(#s<2g.g}=* u=*cTHD1KAB0rr)'ŧ,e5;HߪêxĿ+N©'ݞރ轊r mv3}[a^a#^*gB8D#W@jer Er)<螉.+46"Θe>́a[; o6*VZ;_5oc #O1wQ5YUdF*j^ޯL3B /(@#غ̷7xQ#xC7":aRq p+k"<'[m!RիX3 ڼx7lTyثNd`?$Lo 7 i̯ v2W!+C<[ǝ+f4mov1*m =g-X+MD 2Ydkc q$SkB#KфY D˼&n]hbУmwhır(9?gb+S7r{dB΄W٨sR%U w& 5t@2naV1ֆ*V<;V!S ՋErby0963OH N,#}@GF}q!by> T% ]gn么p*ӸM!Ť ޙn'qgŅI-Lb׳26#1 > }= $GD{=4&F擵oErd9~eZQ'8ۈq23j{^\}Uh6,wl3SYȅ=y F/A>{{!fI139L݋#L/}f 4x4kh6V\eRCϮ^(|Y\+<##1Y Mк {kͅ*u.w ɰ\,Nd=:rCShpK aAoN[#,zHVSPsXOmM\-On\{&ܿc C >1u V@>FՋpawBG=Xt(E,Ma-ă v,='IDπleM$f@g^l(VxHBN]ylo()y+6*نW0UZVAoL3Y,> V_$v{-B+*π 8>eHCgrT~{J}*P=eښS;] v",dv/+0bŽϥOvHydo\*_L$+t#R.ڋOFې/)0XP4 <pI>0)n93D:9Am'{;*lٹ ˜2J1Д8ٶ2#OA3r Oe[ |kc'p' !-X03 n=ձ wO`7@#>&rd{Koگ}#+nvTg7>5ك|2p}π!XsCQ%7` },7ܨNA<+1 <&Y`cܢ\nO\j_H.\@vbbq Y9gf;I 2 G8&U];566s֨Na^ۺKAўx籺nalh[d)+^F=Ou`H؂{!mR>ǔ  ]'[ڧ3й?-RWe[͌/H_{QAbVB8u vAѲ v7"ְ0^q۷KT|@ swSaֹٝ˱Jʶ)E=b\Qm`%xa[Aj`Pz/.^3Ơ`{ej x ؚտHQ#zfi!ACWqk @{kĵ6 = 9!j1Bi6eY1}0-XBL+V 52lt* X*!KŬ"D0H'Z:rsh;h3TFX6^?tCf *$W@˽ōm]^g*a7:_h8E8yj3Sq2ī$YQ}v,:yvu~kG1Jbq')iw>wϻ XںqKZǿ~~<mGx{}΂`R{WxOο`(XE hM#01B4[e6TUSA$ᑭ7}M1uc*Jgq[OEQj)lئdUi29?R{) qɅ֋/ųiS}* e'R܄;"6BKslt6 ͝IJ &