BitLocker

Black Swan

BitLocker comes free with Vista Ultimate. It is to provide drive encryption and integrity checking of boot components. Questions:

• Is BitLocker worth installing to add yet another security layer for laptop users? Positives and negatives of this programme?
• If a laptop has been compromised before BitLocker has been installed, would the integrity checking subfunction reveal worms, trojans, or other malware, given that it only checks early boot components?
• If malware is not ID's and removed before BitLocker installation, what happens? Would a worm, trojan, or whatever still function after being encrypted, or otherwise affect the stability of the OS or other files?

Martyr

A very reasonable question which could be answered by some experts like Screaming Mickey and __DruiD__ who perfectly understand standards

For myself studying the complexities of CISSP ... i would say concrete is made of gravel, limestone or granite plus some sand.

BTW: I'm not trying to be unhelpful Blue Lagoon.. you have of course posted very valid questions, but are unlikely to receive any valid response.

Thats being honest.

You may think i'm belittling your question, but i'm really belittlting any bogus answers you get.

JimmyCrackCorn!

• Is BitLocker worth installing to add yet another security layer for laptop users? Positives and negatives of this programme?

Negatives:
It adds a performance hit
Questions around will the master key be given to law enforcment etc
The existence of a mechenism to recover a system with a key
The disk is encrypted making malware removal more difficult

Pros
The negatives for some are positives for enterprise
Malware harder to remove as disk not readble by boot cds
Use of TPM
Signing of boot loaders

• If a laptop has been compromised before BitLocker has been installed, would the integrity checking subfunction reveal worms, trojans, or other malware, given that it only checks early boot components?

Yes and NO.

While boot sector malware is pretty much extinct. The only tools im aware of that would still poke around pre os is vbootkit which was a poc at breaking kernal driver signing.


Normal malware hides in the normal startup routines long after bitlocker has initialied its drivers and provided an abstraction layer to normal applications.

In simple terms malware doesnt care as it wont know if the disk is encrypted or not so will run fine.

• If malware is not ID's and removed before BitLocker installation, what happens? Would a worm, trojan, or whatever still function after being encrypted, or otherwise affect the stability of the OS or other files?

Itll be encrypted and work just fine and malware will know nothing of the encryption.

BaconZombie

I'd say have a look into Truecrypt System Encryption.

http://www.truecrypt.org/docs/?s=system-encryption

Black Swan

Bitlocker can be cracked if you can get physical access to the computer. So much for the Microsoft Vista Ultimate advertising claims that your data is safe if your laptop is stolen.:rolleyes:

Source: http://arstechnica.com/science/news/2008/02/researchers-crack-filevault-bitlocker-with-canned-air-hack.ars

Apparently, if given physical access, other encryption programmes are also vulnerable?

"The researchers successfully performed the attack on several disk encryption systems — Apple’s FileVault, Microsoft’s BitLocker, as well as TrueCrypt and dm-crypt — but said they have no reason to believe it won’t work on other disk encryption systems as well, since they all share similar architectures."

Source: http://www.wired.com/threatlevel/2008/02/researchers-dis/

ntlbell

Blue_Lagoon wrote: »

Bitlocker can be cracked if you can get physical access to the computer. So much for the Microsoft Vista Ultimate advertising claims that your data is safe if your laptop is stolen.:rolleyes:

Source: http://arstechnica.com/science/news/2008/02/researchers-crack-filevault-bitlocker-with-canned-air-hack.ars

If someone can gain physical access to a machine atm it's virtually impossible to keep data safe.

the point is do you have anything that someone will spend the money and time to get at it, for the average joe soap the answer is no.

Black Swan

ntlbell wrote: »

If someone can gain physical access to a machine atm it's virtually impossible to keep data safe.

the point is do you have anything that someone will spend the money and time to get at it, for the average joe soap the answer is no.

You are recommending a multi-layered defense of data. Fair enough.

This raises another question...

Are there any programmes that would trash the data on the drive if someone attempted to crack it? A Pandora's Box?

Maybe with the prerecorded message..."As always, should any member of your team be caught or killed, the Secretary will disavow all knowledge of your actions. This message will self-destruct in five seconds.";)