In: Root » » Windows Vista » BitLocker Drive Encryption in Windows Vista
BitLocker Drive EncryptionIn Windows XP and previous NT-based versions of Windows, Microsoft offered a feature called Encrypting File System (EFS) that enabled users to encrypt important folders or files. This prevents thieves from accessing sensitive data should your computer be physically stolen: If the thief removes your hard drive and attaches it to a different computer, any encrypted files cannot be read. EFS has proven to be a popular feature with businesses that have many roaming executives with laptops, with IT administrators, and the security conscious. EFS is still present in Windows Vista and works as before, but it’s been augmented by a new technology called BitLocker. Like EFS, the new BitLocker feature in Windows Vista lets you encrypt data on your hard drive to protect it in the event of physical theft. But BitLocker offers a few unique twists. First, BitLocker is full-disk encryption, not per-file encryption. If you enable BitLocker, it will encrypt the entire hard disk on which Windows Vista resides, and all future files that are added to that drive are silently encrypted as well. Second, BitLocker protects vital Windows system files during bootup: If BitLocker discovers a security risk, such as a change to the BIOS or any startup files (which might indicate that the hard drive was stolen and placed in a different machine), it will lock the system until you enter your BitLocker recovery key or password (discussed shortly). Third, BitLocker works in conjunction with new Trusted Platform Module (TPM) security hardware in some modern PCs to provide a more secure solution than is possible with a software-only encryption routine. BitLocker may not be theoretically impregnable, but in the real world the chances are that no hacker will ever defeat a BitLocker-protected PC. BitLocker is available only to users of Windows Vista Enterprise and Ultimate editions. There isn’t a heck of a lot of configuration you can do for BitLocker. It’s either on or it’s not, and you either have TPM hardware or you don’t: If your system does have TPM hardware, BitLocker will use it. Otherwise, you must use a USB memory drive as a Startup Key. This key will be required to boot the system. If you don’t have the key, or you lose it, you will need to enter a recovery password to access the drive. Here’s where things get tricky: You can print out the recovery password and store it in a safe place, like a physical safe or safety deposit box. Or you can store it on a different computer in a text file, perhaps in an encrypted folder or encrypting ZIP file. However you store the recovery password, you can’t lose it. If you lose both the startup key (either in the TPM hardware or on a USB memory key) and the recovery password, the data on the BitLocker-protected hard drive is gone for good. There is literally no other recovery option available. Still undaunted? You enable BitLocker by navigating to the BitLocker Drive Encryption tool in Control Panel. This is located in Control Panel -> Security -> BitLocker Drive Encryption. Shown in article 8-11, there’s not much to it. To enable BitLocker, simply click the Turn On BitLocker option. If you have the appropriate TPM hardware, BitLocker will save its encryption and decryption keys in that hardware. Otherwise, you’ll be prompted to insert a USB memory key, which you’ll need to insert in the machine every time it boots up. Optionally, you can also create a startup key or PIN to provide an additional layer of protection. The PIN is any number from four to 20 digits. The startup key and PIN can only be enabled the first time you enable BitLocker. When BitLocker is enabled - which takes quite a bit of time, incidentally, because it must encrypt the contents of the drive - you don’t have to do much configuration-wise. You’ll see a new Manage Keys link in the BitLocker Drive Encryption control panel, and you can create a recovery password from there. If you choose to print the password, be sure to save it in safe place. Seriously. Low-Level Security Features Windows Vista includes a vast array of low-level security features. One of the most dramatic is service hardening. Because of the modular architecture of Windows Vista, the system has been created in such a way that the components that make up the system are as isolated from and independent of each other as is possible. Furthermore, Microsoft has gone over each of these components to ensure that they are running under the lowest possible security privileges. This protection extends to the system services that run silently in the background. While none of these features are particularly configurable, it’s fair to say that Windows Vista is the most secure Windows version ever made, thanks to the sum of these many security enhancements. To get the absolute best security with Windows Vista, run one of the x64 versions of the operating system. ( 1 for information about choosing between x64- and x86/32-bit versions of Windows Vista.) That’s because the x64 versions of Windows Vista include a few unique security features that are not available or as effective in the 32-bit versions of the operating system. These include:
• A new feature called Address Space Layout Randomization (ASLR) that randomly
loads key system files in memory, making them harder to attack remotely.
• A hardware-backed version of Data Execution Protection (DEP) that helps prevent
buffer overflow-based attacks.
• x64 drivers must be digitally signed, which suggests (but doesn’t ensure) that
x64 drivers will be more stable and secure than 32-bit drivers, which are often
the cause of instability issues in Windows.
Of course, x64 versions of Windows Vista have their own compatibility issues, both with software and hardware. The tradeoff is yours to make: Better security and reliability or compatibility. Summary Although much is made of Vista’s new user interface, its new security features are, beyond a doubt, the number one reason to consider upgrading to this new operating system. Here’s why: Although it’s possible to duplicate many of the end user features in Windows Vista, its many security improvements are only available to those who upgrade. Security isn’t something that’s easy to sell, per se, and certainly vulnerabilities will crop up over time. But make no mistake: Vista’s security improvements are as dramatic as they are important. |
legal disclaimer
Our website is not responsible for the information contained by this article. Web-articles is a free articles resource.
Suggestion: If you need fresh, daily updated content for your website, feel free to use our service. Click here for more information.
related articles
For those who want to upgrade a Windows XP machine to Vista, starting with the Vista Upgrade Advisor is a good first step. Getting Ready for the Upgrade Advisor When you start the Upgrade Advisor from Microsoft’s site, a small application is downloaded to your PC. The advisor is designed to test two different kinds of hardware compatibility: Whether your hardware is fast enough and modern enough to run Vista satisfactorily _ Whether your device drivers are compatible with Wi...
The Value of Vista We waited more than five years for Vista. As you may recall, Windows XP was released with much fanfare in October 2001. But instead of the next Windows version shipping in just a couple of years, as originally expected, Microsoft lost its way in the development process. Vista didn’t make it to consumers until early 2007. Was it worth the wait? The short answer is, “Yes.” We believe Vista is a major advance on Microsoft’s previous operating s...
3. Windows Vista Put Some Gadgets in Your Windows Sidebar
Apple users have long been able to take advantage of the Mac OS X Dashboard, and Windows users have been able to download Yahoo Widgets (formerly Konfabulator Widgets). Those things are still available, but now Vista has its own little tools, known as gadgets. Vista gadgets live in the new Windows Sidebar which you can move to the left or right side of the screen by right-clicking it and selecting Properties. Or you can put Gadgets on your Desktop by dragging the little context menu that appears when you hover ...
4. Support for RSS News Feeds in Windows Vista
IE 7.0 includes an easy way to subscribe to news feeds, regularly updated information that sites publish in the format known as Really Simple Syndication (RSS). When a surfer visits a site that publishes one or more news feeds, a square broadcast icon on IE 7’s toolbar changes from grey to orange. Clicking the icon takes you to a page that explains the content of a feed and provides a clickable link that subscribes you. This is a big improvement over previous news feed buttons in other browsers, which formerly ...
5. Thinking of Cheating at Solitaire in Windows Vista
Unfortunately, Vista new Solitaire code seems to have broken one way that neerdowells have cheated at the game for years. This scandalous behavior was first revealed in Windows 3 s all the way back in 1991. As that article explained it, you could click Game - Undo when playing a Draw Three game, and the last three cards you turned over from the deck would go back on the pile. If you then held down the Shift key while clicking the deck, only one card at a time would turn over, allowing you to ...
6. A Quick Overview of All the Versions of Windows Vista
It seems like Windows Vista has a lot more versions than Microsoft has ever offered before. But that isn’t quite true. The Redmond company years ago split Windows XP into almost as many versions as we have today with Vista. You may occasionally hear Vista’s versions referred to as SKUs. This term stands for Stock Keeping Unit. We’ll use the more common terms version and product version throughout this article instead. Here’s a review of the major Windows XP versions (rough...
7. Taking Advantage of Your Ability to Upgrade to Windows Vista
Windows Anytime Upgrade Unlike previous versions of Windows, Vista installs itself with the capability to upgrade from a weaker version to a more-capable version at any time. You simply run the Anytime Upgrade applet, select a source to purchase an upgrade license from, and your PC is quickly enhanced with the more powerful version you’ve selected. _ Vista Home Basic can be upgraded in this way to Home Premium or Ultimate. _ Vista Home Premium and ...
8. Deploying Windows Vista: A Power User`s Toolkit
If you’re an enterprise administrator faced with the prospect of rolling out Windows Vista to hundreds or thousands of desktops around the world, take heart: Microsoft has finally upgraded its deployment tools in dramatic fashion, taking advantage of the componentized architecture of Windows Vista. But these deployment tools aren’t just advantageous to the world’s biggest corporations. If you’re a power user, a tinkerer, or someone who ends up having to reinstall Windows fairly regularly, you mi...
9. What`s New in the Windows Vista User Interface
Gazing upon Windows Vista for the first time, you will immediately be struck by how different everything looks when compared to older Windows versions such as Windows XP and Windows 2000. Now, windows are translucent and glass-like, with subtle animations and visual cues. This new interface leaves no doubt: Windows Vista is a major new Windows version, with much to learn and explore. In this article, we’ll examine the new Windows Vista user interface, called Aero, and explain what you need to ...
10. Windows Vista Aero requirements
As noted earlier, you have to be running an activated version of Vista Home Premium, Business, Enterprise, or Ultimate Edition in order to utilize Windows Vista Aero. Here, activated refers to the Product Activation feature that’s included in Windows Vista, whereby each Windows Vista installation is guaranteed, via a service called Windows Genuine Advantage, to be legitimate and not pirated. Most copies of Windows Vista that are preinstalled on new PCs come pre-activated, so this is a step that many users...