The bad guys will use BitLocker, too

re: The bad guys will use BitLocker, too

Terence — Tue, 17 Jul 2007 20:16:32 GMT

i totally agree with you steve. the feature benefits much more people than compared with the baddies. anyway, nothing if perfect in this world. that means technology too! :>

re: The bad guys will use BitLocker, too

Samuel — Thu, 19 Jul 2007 18:34:37 GMT

I work in IT for a sheriff's dept. There's definitely a lot of objection to the right of citizens to protect their properties, at least by the folks I work with. It'd take a para-digg-'em shift to have people and law enforcement realize that when it concerns good/bad, then by definition there will be two sides in opposition to any argument posed...except for guns...we just need more guns...leave them guns alone...unless you're bringing more...

re: The bad guys will use BitLocker, too

kai axford — Sat, 21 Jul 2007 22:55:09 GMT

As Steve mentions, there is absolutely no back door for anyone in BitLocker. However, good investigatory and digital forensic procedures are certainly still very important when working with a Windows Vista computer. I'd suggest that any law enforcement agencies with concerns should have their department contact Microsoft directly.

- Kai

re: The bad guys will use BitLocker, too

Steve Riley — Sun, 22 Jul 2007 08:24:48 GMT

Samuel -- the right of citizens to protect their own property is the foundation of American democracy and indeed is a requirement for any democracy to function, along with transparency in government. It's really quite disheartening when I read that segments of our society are opposed to these very necessary fundamentals.

re: The bad guys will use BitLocker, too

slagmi — Thu, 26 Jul 2007 19:03:02 GMT

Don't think for a moment that Microsoft won't provide the BitLocker Password Recovery Tool to any verifiable Law Enforcement entity that asks for it!

(800) 936-5700

re: The bad guys will use BitLocker, too

Watches — Thu, 26 Jul 2007 19:55:33 GMT

I agree! There are tools such as truecrypt that offer the same services and making it fool proof encryption is what is needed!

re: The bad guys will use BitLocker, too

Steve Riley — Thu, 26 Jul 2007 21:12:17 GMT

slagmi-- What evidence do you have that such a tool exists? Do you work for Microsoft? I can promise you, there is no such tool. There is a Recovery Password Viewer (http://support.microsoft.com/kb/928202), but this is for displaying recovery passwords stored in computer accounts in Active Directory. It will not work if you don't have admin-level access to the domain. It's a pretty safe assumption that bad guys won't be joining their computers to any domains.

Watches-- there is no such thing as "fool-proof encryption." Given sufficient time and resources, all encryption is ultimately defeatable.

re: The bad guys will use BitLocker, too

I agree — Thu, 09 Aug 2007 23:22:19 GMT

I just read your article on Tech ED (link posted at slashdot) and totally agree with you. It is really good to know that IT security in big companies has not completely sold itself to the "Big Brother".

re: The bad guys will use BitLocker, too

Ravi — Mon, 13 Aug 2007 07:39:34 GMT

yeah, its true.....certainly for the organizations in the initial stages thinkin about security can go for bitlocker. But dont you agree with that, there comes some things like TPM, if your motherboard is gone then you have to kiss goodbye to your valueable information.

Reply to ravi.rawal@gatewaynintec.in

re: The bad guys will use BitLocker, too

Slav Pidgorny — Wed, 15 Aug 2007 15:04:02 GMT

Amazingly, many corporations decide implementing HD encryption recovery procedures that degrade level of protection given by BitLocker using TPM to that of a helpdesk guy's password.

Re. governments having access to backdoors and such: the government agencies _know_ that there's no backdoor. Besides having Steve's and Steve's word, they have access to Windows sources.

re: The bad guys will use BitLocker, too

Steve Riley — Thu, 16 Aug 2007 04:24:34 GMT

Ravi-- this is why BitLocker (and any good enterprise-grade encryption product) includes a recovery mechanism. It's all very well documented on Microsoft.com.

Cellphones in movie theatres

Craig Beere — Thu, 23 Aug 2007 02:39:12 GMT

I think cellphones should be banned in movie theatres because they are annoying. If a movie threatre agrees with me then they should be honest about their reason rather than hiding behind a "security" argument. Saying they are doing something for "security purposes" is a strange kind of "reverse security theatre".

Cheers

Craig

re: The bad guys will use BitLocker, too

Orin — Wed, 19 Sep 2007 01:45:13 GMT

Generally speaking, a smart criminal (the sort that would know about Bitlocker and use it in the right way) wouldn't keep records of their criminal activity on their computer anyway.

Alternatively they could use "one time pads" to effectively encrypt stuff that they want to keep secret without worrying about whatever secrecy features their operating system has.

You don't need a computer to keep things secret. Stuff like bitlocker just makes it a little easier.

re: The bad guys will use BitLocker, too

c#guy — Sun, 07 Oct 2007 23:57:25 GMT

<strike>Communications tools</strike> Firearms are far more beneficial to the millions of good guys who use them every day (perhaps to save lives?) than to the few bad guys who also use them. Why destroy beneficial utility for everyone just because someone might misuse <strike>the technology</strike> them?